Information security resources for laypeople

There are tons of information security resources. But whether it's blogs, podcasts or video tutorials, a lot of them are tailored to information security professionals or people with tech knowledge. I always felt there's not enough material available that's simple enough to understand for your non tech/security savvy friends or family.

I did a poll, and while it is still running, it's pretty clear that most people share my opinion.

I got some good feedback, both about resources and possible ways to reach more people. In this post I will list resources that explain security related topics in an easy way. I hope this content helps people to understand particular security risks and shows them how to defend and improve their online security posture.

The way to reach more people is a whole different story. It's not easy at all.

But we need to start somewhere. That's why I decide to create this list of resources. I hope if you read this that you share the useful bits with your family and friends. Help them understand why online security matters and even more important, help them improve their online security. If you have additional resources I would appreciate that you reach out to me via twitter. I'm happy to add any good content.

General security awareness websites and blogs

I regularly blog about security awareness. I did a 31-part blog series for CyberSecurity Awareness Month 2019.

Other blogs and websites:

Public awareness and prevention guides by Europol.

Top tips for staying secure online by the UK National Cyber Security Centre (NCSC).

Watch Your Hack by Daniel Verlaan.

Security awareness and tips by The AntiSocial Engineer.

Security for everyone by Andy Gill.

A guide to protect your digital self by Francesco Cipollone.

End user security cheatsheet by Sean Wright.

Safeonweb a security awareness site from the Belgian government.

Photo by Priscilla Du Preez / Unsplash

Cybersec 101, a security awareness site for beginners.

Decent Security by SwiftOnSecurity.

Cyber aware online by Martijn Kamminga.

Information security for (investigative) journalists (Dutch and English pdf available) by Silkie Carlo and Arjen Kamphuis.

Stop Think Connect. General security awareness in different languages by STOPTHINKCONNECT.

Cybersecurity for small business by FTC

Security tips by US-CERT

Security Planner by Citizen Lab

The Biggest "Small" Personal Digital Security Mistakes by Lesley Carhart

Passwords

How to create strong passwords by me.

There's no excuse for password reuse, or is there? by me.

Password managers

Some tips for choosing a password manager by me.

Browser password managers - a good idea? by me.

Why password managers are not the best solution for everyone by me.

Some common misconceptions about password managers and their alternatives by me.

Multi factor authentication

Multi factor authentication (MFA) for beginners by Tanya Janca.

Two-Factor Authentication with Yubikey – What is it? by Alex Harmon

Better account security with multi-factor authentication by me.

Enable two-factor authentication but don't lose access to your accounts by me.

Phishing

Phishing 101: A guide by me on how to protect yourself against phishing attacks.

Photo by Anton Darius | @theSollers / Unsplash

Ransomware

The No More Ransom website can help to get your files back when they are encrypted after a ransomware attack. This website also contains a lot of practical advice to protect against ransomware.

Ransomware 101: A blog by me on how to protect against ransomware and what to do after a ransomware attack.

Backups

Easy, Cheap And Secure Backup With Google Cloud by Scott Helme

Securely backup your data: What does a good backup strategy look like? In this blog I also show a possible practical implementation.

Software updates

Why you should keep your software up to date by me.

Online security for children

Help your children stay safe online by me.

Data breach detection

How to monitor your data breach exposure: in this blog I describe several tools that can help to detect if your personal data is stolen.

Scams and fraud

I've written various blogs about scams and fraud:

How to prevent online shopping fraud

Tech support scams - what you need to know

Sextortion scams - what you need to know

How to stay safe on social media

Other blogs:

A visual guide to cyber monday scams and how to avoid them by Allie Mellen

Security tools

Before you click a link you want to check it with a scanning tool. A few easy to use tools are urlscan.io and virustotal. Here's a blog (in Dutch) on how to check if links are secure.

If you want to know how you can easily check some aspects of a website's security read this blog.

Internet of Things (IoT) security

A blog by me: The security risks of internet connected devices

Other blogs:

Our smart TVs are watching us by Chad Calease

Step by step guides

How to protect your Twitter Account by me.

Videos

This is a series by Troy Hunt where he explains basic internet security in a very understandable way. The topics covered are

  1. How to choose a good password
  2. How to know when to trust a website
  3. Why we need to update our software
  4. How to protect your phone from hackers
  5. How to protect your home from the Internet of Things (IoT)

The next one is a video by Tanya Janca on how to use 2FANotifier (a browser plugin available for Chrome and Firefox) to enable two-factor authentication (which is actually an extra step necessary to login on top of your password) on websites.

Javvad Malik has some good awareness videos on his YouTube channel.

Also worth watching are the videos in Cyber Warrior's Youtube channel. They contain a lot of security awareness content for the average user.

Podcasts

Security In Five is a 5 minute podcast which explains security concepts in an understandable way

Infographics

SecurityGuill created a lot of infographics that explain information security concepts in an easy to consume way. You can find them here.