This updated introduction explains how cyber attackers are focusing on human risk to gain access to data and information by bypassing technology's defenses. However, each person has the ability to identify and report the signs of a potential attack. Learners are encouraged to build a strong cyber shield and use training to strengthen their cyber detection skills at work and at home. 

Browsers are the primary tool used for accessing information and online accounts. As a result, browsers, as well as their add-ons, plugins, and extensions, are common targets for cyber attacks. In this updated module, staying safe online involves key security behaviors, including safe browsing, recognizing signs of a security compromise, managing updates, looking for signs of encryption, and logging off websites to remove sensitive information.

Safe data handling practices are critical at each step of accessing, sharing, transmitting, retaining, and destroying data. This updated module is the foundation of most of the compliance videos. The module also describes ways to securely store or process sensitive information, restrictions on transferring or sharing information, ways to manage data retention, and why it is important to follow data policies and processes, as well as how to destroy data securely.

Phishing is an email-based cyber attack, often targeting many people at once. This updated module explains key methods cyber attackers use to get people to click on the bait in an email message, such as links, attachments, or redirects. It also identifies the primary clues that each person can use to detect phishing, and how to safely check links in emails. Finally, the module reviews additional safe email behaviors, such as careful use of auto-complete and reply-all features, which can accidentally be used to share information with those who are not authorized to see it.

Safe data handling practices are critical at each step of accessing, sharing, transmitting, retaining, and destroying data. This updated module is the foundation of most of the compliance videos. The module also describes ways to securely store or process sensitive information, restrictions on transferring or sharing information, ways to manage data retention, and why it is important to follow data policies and processes, as well as how to destroy data securely.

Malware is software that is used to perform malicious actions. This updated module explains what malware is and provides examples of commonly used malware, such as ransomware, spyware, and keyloggers. This module also focuses on key methods attackers use to deploy malware and how each of us can defend against them, such as keeping devices updated with current versions of software and security patches for protection. Finally, the module reviews misconceptions about malware and stresses reporting any signs of infection as soon as possible.

Mobile devices today have the same functionality, complexity, and risks as a computer, but with the additional risk of being highly mobile and easy to lose. In this updated module, key security behaviors include enabling a screen lock, enabling remote wiping, disabling Wifi and Bluetooth features when they are not in use, keeping the devices updated, and not jailbreaking security features designed to protect these devices. In addition, focus is placed on choosing apps, including reading ratings and reviews, avoiding excessive permissions, and keeping them updated to avoid security issues. 

This updated module follows NIST recommendations for strong passwords, such as keeping passwords long, strong, and unique for each online account. This module also covers the use of passphrases, the importance of layered security with two-step verification, and key password security behaviors that each person should employ to protect information. These behaviors include: password secrecy, not using public computers for online accounts, use of a password manager, managing security questions, and immediately reporting any signs of a compromised account. 

This updated module recaps key security awareness behaviors discussed throughout Security Core.

Social engineering is a common tactic used for cyber security attacks. This updated module explains and illustrates different types of social engineering attacks, including spoofing from trusted sources, and how people can detect and defend against them. As social engineering can take on any form, this module lays the foundation for secure behaviors learners can use in the event of an attack.

Social networks are used to share photos, events, and other types of content with others. This updated module focuses on enabling two-step verification for online accounts when possible, avoiding oversharing information, only sharing safe content, recognizing that privacy controls protecting information can change, and knowing that once online, information is outside of your control. In addition, this module identifies steps that each person can take to remove inappropriate content, and how to recognize when social network profiles or posts may be the focus of an attack. Interactive description: Join a social network and decide which posts are Safe or Risky.

Targeted attacks, such as spear phishing and CEO Fraud, involve research on the target before the attack is launched. While these funded cyber attackers may launch an attack for a variety of reasons, this updated module provides a real-world example of how a targeted attack works and how everyone in an organization can protect and defend against them. Key security behaviors include not oversharing information, following policies or procedures used to protect information, recognizing signs of spoofing and social engineering, and managing links and attachments in emails. 

Effective cyber security practices are important both at work and at home. This module describes the steps that can be used at home to protect personal devices, Wi-Fi networks, and online accounts. It also covers the importance of information backups, such as Cloud services or external hard drives, in the event of an attack, theft, or loss of a device. Secure behaviors at work often start at home.

Insider threats are trusted employees, contractors, or third-party members who exploit their insider status and maliciously cause harm to an organization. This module explores new examples of insider threats, warning signs of an insider threat, and how to reduce the likelihood of an attack by using strong organizational security practices.

Physical security is an important component of information security. This module explains how attackers can attempt to trick and fool their way into restricted areas, such as by tailgating. We also discuss how employees can protect the physical security of your facilities by managing visitors, protecting entrances and exits, proper information disposal, and related physical security behaviors. 

For many organizations, employees no longer work at the office. As a result, securely working remotely is more important than ever, whether you're traveling, working from a local cafe, or at home. In this module, we review how employees can protect themselves by using secure network connections, managing laptop and device security, and following workplace policies to keep themselves and your organization safe.