Did you say free security awareness videos?
Yes, that’s right. Adobe, National Cyber Security Alliance, and Speechless have partnered to bring you a series of security awareness videos. The plan is to release one video every other month starting November 2019. A total of eight videos will be released.
Why free?
Adobe believes in empowering our customers and our employees. National Cyber Security Alliance strives to empower people to stay safe online. With these motivators it only made sense to partner and provide a valuable security resource to the public – entertaining, witty, engaging, and informative security awareness videos.
Adobe originally created these videos to better educate their internal workforce. As the initiative to create these videos grew, and in speaking with other businesses and customers, Adobe realized this kind of resource was not only valuable to them but could benefit all. National Cyber Security Alliance has connections with innumerable businesses and individuals who need this kind of content and our collaboration began to unfold.
There are many small businesses and individuals who work to protect against the same potential security threats but do not have adequate resources to educate their workforce. Each video focuses on potential security threats and best practices the broader community should be aware of in their work and personal lives:
- Passwords
- Phishing & Ransomware
- Internet Downloads
- Vishing (Social Engineering via Phone)
- Computer Theft
- Data Handling
- Use of Removable Media
- Wireless Internet Use
These videos take a witty and fun approach to security awareness, insomuch that the viewer isn’t watching to be trained on security awareness, but to be entertained. The result is security education in a light-hearted way: that is key to engagement. In addition, the videos are bite size in length, so they easily fit into busy schedules. Finally, the characters made to be relatable.
The characters in the videos portray three points of view:
- (Sid) Hyper vigilant and paranoid – Although not (always) true, this is the person non-security people think of when they hear the words “Mandatory Security Awareness Training”. What the non-security people think about these people is, “yeah, security is important, but don’t you think we’re being a little too paranoid? “
- (Dave) Oblivious and carefree – Also not (always) true, this is the person that security people think of when they hear people say “Mandatory training again? Oh boy.” The security people think, “yeah, security is important, don’t you think you should take it more seriously?”
- (Laura) The final point of view is the most relatable – it’s you. You want to do the right thing and take security safely. You want to protect the business and yourself, but you don’t need it shoved in your face and you certainly don’t want to ignore it altogether.
The first video of the video series is on passwords. The key points mentioned, if implemented throughout the organization can dramatically reduce risk of compromise. There are key takeaways stated at the end of the video, but there are some more subtle points as well:
Use a password manager.
They are many to choose from and some are free. A password manager can assist in automating the fixes to the below mentioned threats.
Don’t write or print passwords on paper or in unsecured digital files.
For example, a sticky note with the password on the backside of a laptop or a list of passwords in an unprotected excel sheet.
Use long, random, but memorable passwords – also known as passphrases.
For example, “Cherry Wire Sparking!”
Don’t use the same password everywhere.
Try to use unique passwords everywhere you login. If one website or company gets hacked, and the passwords are leaked, then all accounts using that same password are at risk.
Where possible, use multi-factor authentication (MFA).
If a password is known, then the second (or third) “factor” of authentication is an additional layer of protection. A good resource for checking if MFA is available on different services is https://twofactorauth.org/
Finally, properly destroy your sensitive data properly.
Now, please watch and share the videos with your friends and colleagues! Meet Laura, Sid, and Dave as they engage in good – and not so good – password security practices.
Guest Contributor: Isaac Painter, Security Business Operations & Content Lead | Adobe
While working on a bachelor’s degree in accounting from Utah Valley University, Isaac was introduced to the world of security through a college job. This led to an interest in the ever-changing world of security. He eventually went on to earn a Master’s in Accounting with an emphasis in information systems and security from the University of Arizona. He has been in the security industry since 2008 working for a PCI DSS services company (SecurityMetrics), a consulting company (Protiviti), a non-profit healthcare company (Intermountain Healthcare), and currently works at a leading software company (Adobe). Isaac enjoys the security industry because every day there are new and interesting things to learn.