There are tons of information security resources. But whether it's blogs, podcasts or video tutorials, a lot of them are tailored to information security professionals or people with tech knowledge. I always felt there's not enough material available that's simple enough to understand for your non tech/security savvy friends or family.
I did a poll, and while it is still running, it's pretty clear that most people share my opinion.
I got some good feedback, both about resources and possible ways to reach more people. In this post I will list resources that explain security related topics in an easy way. I hope this content helps people to understand particular security risks and shows them how to defend and improve their online security posture.
The way to reach more people is a whole different story. It's not easy at all.
But we need to start somewhere. That's why I decide to create this list of resources. I hope if you read this that you share the useful bits with your family and friends. Help them understand why online security matters and even more important, help them improve their online security. If you have additional resources I would appreciate that you reach out to me via twitter. I'm happy to add any good content.
General security awareness websites and blogs
I regularly blog about security awareness. I did a 31-part blog series for CyberSecurity Awareness Month 2019.
Other blogs and websites:
Public awareness and prevention guides by Europol.
Top tips for staying secure online by the UK National Cyber Security Centre (NCSC).
Watch Your Hack by Daniel Verlaan.
Security awareness and tips by The AntiSocial Engineer.
Security for everyone by Andy Gill.
A guide to protect your digital self by Francesco Cipollone.
End user security cheatsheet by Sean Wright.
Safeonweb a security awareness site from the Belgian government.
Cybersec 101, a security awareness site for beginners.
Decent Security by SwiftOnSecurity.
Cyber aware online by Martijn Kamminga.
Information security for (investigative) journalists (Dutch and English pdf available) by Silkie Carlo and Arjen Kamphuis.
Stop Think Connect. General security awareness in different languages by STOPTHINKCONNECT.
Cybersecurity for small business by FTC
Security Planner by Citizen Lab
The Biggest "Small" Personal Digital Security Mistakes by Lesley Carhart
How to create strong passwords by me.
There's no excuse for password reuse, or is there? by me.
Some tips for choosing a password manager by me.
Browser password managers - a good idea? by me.
Why password managers are not the best solution for everyone by me.
Some common misconceptions about password managers and their alternatives by me.
Multi factor authentication
Multi factor authentication (MFA) for beginners by Tanya Janca.
Two-Factor Authentication with Yubikey – What is it? by Alex Harmon
Better account security with multi-factor authentication by me.
Enable two-factor authentication but don't lose access to your accounts by me.
Phishing 101: A guide by me on how to protect yourself against phishing attacks.
The No More Ransom website can help to get your files back when they are encrypted after a ransomware attack. This website also contains a lot of practical advice to protect against ransomware.
Ransomware 101: A blog by me on how to protect against ransomware and what to do after a ransomware attack.
Easy, Cheap And Secure Backup With Google Cloud by Scott Helme
Securely backup your data: What does a good backup strategy look like? In this blog I also show a possible practical implementation.
Why you should keep your software up to date by me.
Online security for children
Help your children stay safe online by me.
Data breach detection
How to monitor your data breach exposure: in this blog I describe several tools that can help to detect if your personal data is stolen.
Scams and fraud
I've written various blogs about scams and fraud:
How to prevent online shopping fraud
Tech support scams - what you need to know
Sextortion scams - what you need to know
How to stay safe on social media
A visual guide to cyber monday scams and how to avoid them by Allie Mellen
Before you click a link you want to check it with a scanning tool. A few easy to use tools are urlscan.io and virustotal. Here's a blog (in Dutch) on how to check if links are secure.
If you want to know how you can easily check some aspects of a website's security read this blog.
Internet of Things (IoT) security
A blog by me: The security risks of internet connected devices
Our smart TVs are watching us by Chad Calease
Step by step guides
How to protect your Twitter Account by me.
This is a series by Troy Hunt where he explains basic internet security in a very understandable way. The topics covered are
- How to choose a good password
- How to know when to trust a website
- Why we need to update our software
- How to protect your phone from hackers
- How to protect your home from the Internet of Things (IoT)
The next one is a video by Tanya Janca on how to use 2FANotifier (a browser plugin available for Chrome and Firefox) to enable two-factor authentication (which is actually an extra step necessary to login on top of your password) on websites.
Javvad Malik has some good awareness videos on his YouTube channel.
Also worth watching are the videos in Cyber Warrior's Youtube channel. They contain a lot of security awareness content for the average user.
Security In Five is a 5 minute podcast which explains security concepts in an understandable way
SecurityGuill created a lot of infographics that explain information security concepts in an easy to consume way. You can find them here.