Digital Security Awareness Training for Business & Home User

Explore the ten security domains, from access control and network security to governance, risk management, cryptography, software development security, and physical security, to protect data in motion and at rest.

Recognize the growing risk of identity theft and the marketing of protection services. Guard your personal and corporate files, online identity, social media identity, and credit against digital blackmail.

Identify threats and risks across digital and physical interactions to strengthen your security, learn common attack types, and easily lower risk to avoid being the weakest link.

Learn how social engineering tricks exploit you and your staff, recognize vulnerabilities, and avoid giving passwords or sensitive data over the phone or email to prevent being the weakest link.

Explore the security awareness overview, learn what real security means, and identify threats and security domains; discover practical steps to stay safer and reduce risk.

Lock your computer when you step away and encrypt data at rest on portable devices. Encrypt data in transit with IPsec or SSL VPN, and scan for malware.

Assess personal financial and identity security by examining in-store risks such as card skimming and PIN patterns, and weigh online shopping safety against fake sites and data breaches.

Protect your home network by encrypting wireless signals, preventing open wifi access, and implementing backups and a decryption scheme to keep data in motion and at rest secure.

Back up your files with diverse storage options, ensure long-term access, and protect data with encryption such as encrypted file systems and RSA, plus offsite backups.

Understand why social engineering works by exploiting trust, urgency, and job-security fears at work and home, how attackers obtain information or freebies, and the role of policies.

Identify phishing and social engineering attempts that impersonate legitimate websites to steal information or money. Learn how misspelled domains and redirects reveal fake sites and how to verify authenticity.

Increase awareness to defend against social engineering, verify who is requesting data, and use strong, complex passwords and callbacks, with building security and a clear escalation plan.

Learn to recognize social engineering, understand common techniques, and mitigate risk through education, policies, and verification processes to protect your identity and financial records.

Identify how identity theft uses your personal information, such as your name or social security number, without permission, to commit fraud. Go beyond finances to impersonation, cyberbullying, and defamation.

Explore how identity theft unfolds, from credit card and bank account fraud to fraudulent tax returns, employment in your name, and warrants, and how banks limit liability.

Learn practical online defense strategies: enable bank alerts and login verification to spot phishing, securely dispose of confidential mail, and guard against caller ID spoofing with call-back verification.

Criminals may misuse your personal information to obtain government benefits, fraudulently file taxes, get jobs, or secure medical services, a driver's license, or housing, risking court warrants.

Place a fraud alert on your credit reports and review them for free, close tampered accounts, and file reports with the FTC or local police to create a paper trail.

Discover how least privilege limits access by inspecting permissions, audits, policies, and safeguards like uac, vpn use, and administrator versus user roles.

Identify data types, locations, and access levels through a data classification system within the information lifecycle, applying least privilege and compliance rules for medical records and salaries.

Classify data by value and set security levels through risk management to protect crucial information, balancing protection with operability while considering HIPAA, legal discovery, and regulatory requirements.

Learn how to classify data by using views and stored procedures to control read and write access through APIs, ensuring least privilege and data integrity.

Learn how data classification informs disaster recovery and business continuity, defining mission-critical data, availability targets (five nines to four nines), and recovery options like clustering and virtualization.

Explore how data classification varies by organization and jurisdiction, and how hiper, Sarbanes-Oxley, and other regulations shape retention and protection of sensitive information for business and home users.

Know your involvement in information access by following your organization's security policy, and submit formal access requests while never sharing your level of access to prevent leaks and permissions creep.

Discover how improper data classification leads to unsecured data, lost or stolen devices, and potential impacts on stock prices. Learn to secure with encryption and proper backups.

Learn how to securely destroy data across storage types—from volatile ram to persistent flash—and apply shredding and overwriting with zero and one fills to prevent remnants.

Review data classification and the policies governing data sharing and permissions, including least privilege. Explore how to identify crucial information, disseminate it securely, and destroy data according to policy.

Backups protect digital data, from sentimental photos to tax returns, against loss from power outages, hardware failure, theft, or malware, emphasizing the need to safeguard and recover information.

Master full backups that copy all files, and partial backups (differential or incremental) to reduce downtime and speed restores with the full backup and volume shadow copy service.

Explore where to store backups, including local drives, SAN RAID configurations, offsite storage, and cloud options, focusing on full, incremental, and differential backups, fast recovery, and retention.

Discover how raid levels store backups, boost speed, and provide redundancy. Compare raid 0 striping, raid 1 mirroring, raid 5 parity, and raid 10 or 15 setups.

Discover how Windows backup uses the volume shadow copy service (VSS) to back up without downtime and restore virtual machines from libraries in minutes.

Determine backup frequency by data criticality and loss tolerance, with incremental backups every 15 minutes. Rotate storage, include offsite backups, test restores, and consider migrating to virtual machines from backups.

Develop and enforce written password policies on strength, length, history, rotation every 30 days, and lockout rules, while preventing sharing and defending against brute-force and rainbow-table attacks.

Develop strong passwords by avoiding biographical and dictionary words, using long passphrases with deliberate substitutions, and regularly changing passwords to thwart brute-force and dictionary attacks.

Prioritize longer passwords over complexity, and use both length and character variety to thwart brute force and rainbow table attacks. Avoid random strings; rotate passwords regularly; guard against social engineering.

Learn practical password techniques to create complex, memorable passwords using capitalization, numbers, and symbols. Explore misspellings, letter substitutions, and short passphrases formed from initial letters plus special characters.

Explore the triple-a framework—authentication, authorization, and accounting—and how two-factor and multi-factor security, using something you know, have, or are, defend business and home systems; including real-world risks like piggybacking.

Identify warning signs of malware and adware, such as slower performance, new icons or programs, unfamiliar home page changes, new search bars, and popups.

Understand hardware detection in appliances that scan traffic for malware. Explore how intrusion prevention systems, next generation firewalls, and proxy servers block or warn on dangerous data.

Explore how file extensions and known file type associations can mislead you, showing how changing extensions and hiding extensions affects opening programs and potential malware risk.

Install antivirus software to detect malware and prevent infections, acknowledging zero-day limits and potential slowdowns. Use personal and hardware firewalls and stay aware of known malicious sites and browser alerts.

Explore physical security fundamentals by securing entry points, preventing tailgating and piggybacking, and using controlled access, badges, guards, CCTV, and site design to protect home and work environments.

Protect paper documents by shredding confidential memos and never leaving them unattended in conference rooms; secure badges and devices, deactivate lost access cards, and store sensitive materials in a drawer.

Safeguard data on laptops and portable drives with encryption to deter theft. Secure devices with cable locks and avoid leaving them unattended in the workspace.

Protect data at rest by encrypting Windows files with NTFS, using a password-based key tied to your user account, and prevent unauthorized access if devices are stolen.

Enable workstation software with a personal firewall, like Windows advanced firewall, to block end-to-end communications and approve or create rules for apps, with malware detection.

Update operating systems and software regularly to remove vulnerabilities and protect against attacks, weighing automated updates for rapid protection against potential compatibility issues and approval processes.

Encrypt email messages using RSA and PDP to secure communications and exchange keys. Use h-back hashing to authenticate the sender and verify the message against the from address.

Asymmetric encryption uses public and private keys to authenticate senders and encrypt email, hashing and signing with a private key, encrypting content for the recipient, without a central certificate authority.

Identify email hazards such as unknown senders, phishing, links, attachments, and spam, and verify sender domains by inspecting headers and source IPs.

Spot phishing emails by inspecting links and the URL bar, hover to reveal the real address, verify the destination before clicking, watch for spoofed from addresses.

Learn practical ways to avoid spam by understanding privacy policies, using domain-based or disposable emails, and applying filters or anti-spam tools while weighing their pros and cons.

Learn how certificates go beyond encryption to sign files and authenticate servers, and how certificate authorities, certificate revocation lists, and the OCLC protocol help verify legitimacy and prevent man-in-the-middle attacks.

Practice secure web browsing by avoiding unwanted toolbars from default installations, choosing custom installs, and enabling popup blockers to prevent social engineering and malware.

Learn secure web browsing on public computers with private browsing, cookies and history management, local files, password storage risks, ActiveX controls, and drive encryption considerations.

Practice secure instant messaging and social sites to prevent clear-text transmission, noting that services like Skype encrypt by default, and beware malware in file transfers.

Intellectual property is an intangible item owned by its creator. Open licenses and Linux open source software can be used freely, while not open source software requires a license.

Learn how software piracy—copying, distributing, or downloading copyrighted software without approval—hurts organizations, highlights the need for licensed purchases and backup rights, and showcases real-world piracy examples.

Explore how piracy spreads online via bit torrent and peer-to-peer apps, the role of cloud storage and open source sharing, and the civil or criminal risks of copyright violations.

Recognize the legal and financial risks of peer-to-peer use and copyright infringement, including potential fines and criminal prosecution, and confront freedom of information arguments with licensed music requirements like Muzak.

Examine how piracy affects individuals and businesses, define intellectual property and copyrights, explore software piracy methods, and identify risks and preventive steps to stay compliant.