October is National Cybersecurity Awareness Month. It’s an effort to raise awareness about cybersecurity among those who aren’t typically aware or concerned. For those of us in the infosec industry, it’s a good reminder that we’re in a position to mentor those around us in having safer online lives.
Community is one of our values here at OffSec. Cybersecurity Awareness Month provides an opportunity for all of us in information security to support our broader communities.
As penetration testing professionals, we can help both our organizations and those close to us better protect themselves – even if they’re not technically inclined. What seem obvious to an OSCP are things our colleagues, friends, and family may not know or think about.
How can we take the lead in changing that? Simple: by going back to basics. This post covers some information sources and tools that you can share.
To start, arm people with information. Most people have heard of a major breach in the last few years, but they may not be aware of how big the problem is.
How better to show them than with this data visualization by Information is Beautiful? It covers 2009 to the present and is regularly updated. Many of the names included are recognizable…and have slipped under the radar in terms of media reporting.
Then there’s this visualization, showing the top 500 passwords. Passwords might be more or less useless against advanced attacks, but they’re the starting line of defense for most people and organizations.
Individuals and small businesses can benefit from the information presented in infographics provided by the Canadian Center for Cyber Security.
When your friends and colleagues better understand the scope of the threat, show them how they can protect themselves. The US Department of Homeland Security provides a toolkit with resources covering this year’s three themes: Own it. Secure it. Protect it.
The toolkit also includes a trivia game and an option to request a speaker for your organization.
Some people write their passwords down, maybe in one of those notebooks you can find that say “My Passwords” across the front cover. All it takes is having that notebook fall out of a pocket or purse for them to be exposed. Encourage them to use password saving tools like LastPass or 1Password, which also offer more secure sharing options for shared accounts.
Check if your friends and family have an antivirus or antimalware software installed. Malwarebytes detects threats that many antivirus software doesn’t, including ransomware.
What if it’s too late? You can help others find out if they’ve been a victim of a hack with Have I Been Pwned. If they have, the breached organization may already offer free credit monitoring. Alternatively, services like Credit Karma also offer identity monitoring.
Even if it’s unlikely for your dad or cousin to become a penetration tester, there may be greater scope for cybersecurity training at your organization. Too often, this training is limited to the IT or infosec department (or person – we know the staffing struggle is real).
For example, could your company’s web app developers benefit from security training? Our Advanced Web Attacks and Exploitation course teaches web application security. Developers with knowledge of Python, familiarity with Linux, and previous experience with web proxies and web app attack vectors can improve their knowledge of how to defend their code.
Spread the word
Editor’s note: Offensive Security is not affiliated with any of the third parties mentioned in this article and is not receiving any compensation for mentioning them.