Happy New Year NTEN'ers!
We're doing a free cybersecurity awareness webinar on June 15th and we want to include 5-10 actionable recommendations for individuals. Our working list is below. We will be presenting this in the form of "If you do ONE thing, do this. If you do TWO things, do this and then this. If you do THREE things do, this, this and this." So the priority order is also important.
We would love input/feedback on any additions or changes people would make.
"I've been asked for examples of security agreements that other organizations have their staff sign and I can't find *anything*. I've found one or two, but they're pretty bad, and then I've found templates. Does anyone else have some sort of security guideline they give to their staff? Is anyone willing to share theirs?"
I'm not 100% sure what you mean by "security agreements." My guess is that you mean something along the lines of an Acceptable Use Policy (AUP) and/or best practices guidelines for security that staff are expected to adhere to (and maybe sign off on).
I really like these persona templates (below) we adapted from an Access now publication.
Here's two different versions you can take a look at, Shubha. We like these because they are visual, focus on the important things, and may actually be read, understood and practiced by staff.
IT Policy Persona Templates
Cybersecurity Persona Templates
If you want to go the traditional route of multiple page policy documents, the SANS Institute has a free library of templates available: https://www.sans.org/security-resources/policies/.Hope that's helpful.
Hello Joshua,This is a great list. Another useful piece of information is the Australian Government's "Strategies to Mitigate Cyber Security Incidents". The action items in this strategy complement the information you have provided and give a few other suggestions such as application whitelisting, restrict administrative privileges, and macro settings. It provides 37 action items ranks in order of "relative security effectiveness rating" from essential to limited.
For what it's worth, for password managers I've heard good things about Enpass (enpass.io) and KeePassXC (keepassxc.org).
The EFF is a great resource for various recommendations around security:
Martin Hansen Senior Consultant / R&D Lead 519.725.7875 x2120 | 888.817.3048
PeaceWorks™ Technology Solutions 101 - 554 Parkside Drive, Waterloo ON N2L 5Z4 www.peaceworks.ca
Mission driven technology solutions
This communication is intended for only the party to whom it is addressed and may contain information that is privileged or confidential. Any other distribution, copying or disclosure is strictly prohibited and is not a waiver of privilege or confidentiality. If you have received this telecommunication in error, please notify the sender immediately by return email and delete this message from your computer.
Please note: If you do not wish to receive promotional emails from us, please reply to this message indicating your preference and we will refrain from sending further promotional emails.
I'm a big fan of password wallets. And, as Peter said, most can sync between multiple devices. However, many of them handle the sync by storing your login info on their own servers (AKA cloud-based sync). I don't want my login credentials stored elsewhere, so I prefer Sticky Password. It offers the option of a local wi-fi sync (that's not the default -- you need to select this option before your first sync). SpalshID offers the same feature. I believe that both work with Windows, Mac, Android, and iOS. (Neither firm pays me to say nice things about them.)(My favorite password wallet is RoboForm -- for whatever reason, I prefer its UI -- but it doesn't offer local wi-fi sync.)