50+ Cybersecurity Resources
Cybersecurity isn’t easy. Celerium's cybersecurity resources page provides links to dozens of 100% free resources you can use for your own business or for your customers. These include training resources, policy resources, guides, videos, and free tools.
Cybersecurity Training Resources
DHS Training - Free End User and Administrator Training for employees offered by the U.S. Department of Homeland Security.
FedVTE Training - Free Cybersecurtity training for U.S. Government Employees and Veterans.
SANS Cyberaces Training - Free Cybersecurity courses developed by SANS. Designed for those interested in pursuing a career in cybersecurity.
CompTIA is offering free e-learning for CompTIA IT Fundamentals (ITF+) and other resources for displaced workers, students, career changers or anyone else who has ever thought about working in information technology. Celerium is proud to announce our Chief Strategy Officer Vince Crisler is also a member of CompTIA's IT Security Community Executive Council! This council is the leading voice for the IT Industry.
CompTIA has also provided these free resources on computer networking, cloud computing and cybersecurity.
Cybrary IT - Multiple options for cybersecurity training available at no cost. Some paid options also included.
Cybersecurity Basics - Cyber criminals target companies of all sizes. Knowing some cybersecurity basics and putting them in practice will help you protect your business and reduce the risk of a cyber attack.
Cyber Readiness Institute - The Cyber Readiness Program is a practical, step-by-step guide to help small and medium-sized businesses become cyber ready. It's completely free and requires as little as an hour a week to complete.
NICCS Education and Training Catalog - The NICCS Education and Training Catalog is a central location where cybersecurity professionals across the nation can find over 5,000 cybersecurity-related courses. Anyone can use the interactive map and filters to search for courses offered in their local area so they can add to their skill set, increase their level of expertise, earn a certification, or even transition into a new career.
STOP. THINK. CONNECT. ™ - A national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online.
Fortinet - Fortinet's site offers a number of useful resources including a wide range of free cybersecurity training, blog content on emerging industry trends, a CyberGlossary defining commonly-used security terms, and product information.
Cybersecurity Webinars and Videos
Ted Talks Regarding Cybersecurity - Ted talks are a great resource that can help you understand cybersecurity basics from engaging speakers.
Stanford University Cybersecurity Courses and Videos - Stanford University offers a series of free lectures on cybersecurity available to the public.
SECURITY NOW - One of the most popular IT podcasts, Security Now! offers a well-rounded look into the world of IT security (phishing included). Hosted by Steve Gibson and Leo Laporte, the podcast records live every Tuesday at 4:30pm EST.
CyberSecure My Business™ Webinar - Learn about small business cybersecurity basics. Where do you start? What are some “quick wins” to send you down the path of increased security? What are small business-specific resources you can access for free?
NinjaRMM - NinjaRMM offers a full library of useful webinars to provide useful information from industry experts on the most pressing MSP questions.
Opensource Tools
Snort, one of the most widely deployed IDS/IPS technologies in the world, is a free network intrusion detection system that has three primary uses. It can be used as a packet sniffer or a packet logger to analyze real-time internet traffic or as a network intrusion prevention system.
OpenVAS is a vulnerability management tool designed for IT and security administrators with a good working knowledge of Linux. The software can be installed from source code that is available on Github.
Gophish is a leading free open-source phishing tool for testing an organization's vulnerability to phishing attacks. This phishing toolkit is intended to help penetration testers and businesses easily simulate phishing attacks within their organizations.
pfSense is an open source security gateway appliance based on FreeBSD that can be deployed in the cloud, as a virtual machine or installed on bare metal hardware. The software can be used as a firewall, VPN or router with secure networking capabilities.
Scumblr is an open source Ruby on Rails web application, developed and maintained by Netflix that automates OSINT collection on websites, api’s, social media, forums and web searches for mentions of search keywords.
Scumblr integrates with a tool called Sketchy, an API framework that generates automatic screenshots from potentially malicious sites for a “snapshot-in-time” of identified web page and results. The tool allows security analysts to preview Scumblr results without having to risk visiting the potentially dangerous site.
Cybersecurity Template Resources
NIST Cybersecurity Framework - NIST is considered the gold standard for cybersecurity frameworks, use this guide to inform your businesses cyber framework.
SANS Cybersecurity Policies - Free to use policies and procedures covering most topics in information security.
Frequently Asked Questions (NIST) - Learn more about how the NIST framework works and how you can apply these principals to your business.
The Complete Guide to Understanding Cybersecurity Frameworks - What is a cybersecurity framework and which ones do organizations rely on to build their cybersecurity programs? We dive deep into the 3 most popular cybersecurity frameworks: NIST, ISO/IEC 27001 and CIS.
NICE Framework Mapping Tool - Simply answer questions about each cybersecurity related position and the tool will show you how each position aligns to the NICE Framework and what can be done to strengthen your cybersecurity team.
FCC Cyber-Planner - Tool created by the Federal Communications Commission to help SMB’s come up with custom cybersecurity policies and procedures.
FCC Cybersecurity Planning Guide - In conjunction with the cyber-planner - How you handle and protect your data is central to the security of your business and the privacy expectations of customers, employees and partners. The tool is designed for businesses that lack the resources to hire dedicated staff to protect their business, information and customers from cyber threats.
Public Health Emergency Cyber Templates - This resource includes templated documents covering healthcare companies, as well as detailed cyber-plans that small-midsized healthcare organizations can use to guide their approach.
CISA CYBER ESSENTIALS - CISA’s Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Cybersecurity Resource Roadmap - The Cybersecurity Resources Road Map is designed to help critical infrastructure small and midsize businesses identify useful cybersecurity resources to meet their needs.
Improving Cybersecurity of Managed Service Providers - The NCCoE published a short guide with recommendations to help MSPs conduct, maintain, and test backup files to reduce the impact of data loss incidents, such as ransomware. A more detailed guide is available here.
Disaster Recovery Plan Template - A disaster recovery plan template from the firm Microfocus.
Healthcare Policies and Procedures - Free healthcare oriented information security policies and procedures from Healthcare IT.Gov
Understanding the NIST Cybersecurity Framework - NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data.
Cybersecurity Resources for Working from Home
Telework Security Basics - Use these tips from NIST to improve your telework security, whether you’re using your organizations’ laptop or smartphone, or your own personal desktop or tablet.
Protecting Portable Devices: Data Security - In addition to taking precautions to protect your portable devices, it is important to add another layer of security by protecting the data itself.
Securing a New Computer - It’s important to properly configure your home computer before connecting it to the internet to keep it, and your information, secure.
FCC Smartphone Security Checker - This quiz is designed to help the many smartphone owners who aren't protected against mobile security threats secure their device.
Secure remote access - Put your network’s security first. Make employees and vendors follow strong security standards before they connect to your network. Give them the tools to make security part of their work routine.
Securing Telework Environments - This guide provides cybersecurity best practices for hardening routers, modems, and other network devices.
Understanding Firewalls for Home and Small Office Use - When your computer is accessible through an internet connection or Wi-Fi network, it is susceptible to attack. However, you can restrict outside access to your computer—and the information on it—with a firewall.
Security for Enterprise Telework, Remote Access, and (BYOD) Solutions - The National Institute of Standards and Technology (NIST) has guidelines on telework and remote access to help organizations mitigate security risks.
Understanding Patches and Software Updates - When vendors become aware of vulnerabilities in their products, they often issue patches to fix those vulnerabilities. Make sure to apply relevant patches to your computer as soon as possible so that your system is protected.
Defending Cell Phones Against Attack - As cell phones become more technologically advanced, attackers are finding new ways to target victims. By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.
Anti-Phishing Resources
Phishing 101 - Phishing Attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information.
Avoiding Social Engineering and Phishing Attacks - Do not give sensitive information to others unless you are sure that they are indeed who they claim to be and that they should have access to the information.
FTC Phishing - How to spot common Phishing attacks, including an interactive quiz here and pdf poster below.
Phishing Activity Trends Reports - The APWG Phishing Activity Trends Report analyzes phishing attacks reported to the APWG by its member companies.
Security Awareness: Episode 4 – Phishing and Ransomware - What is phishing, how to spot it and how to protect you and your employees from it.
Understanding Common Attacks
What is Ransomware - It looks legitimate but with one click on a link, or one download of an attachment, everyone is locked out of your network. That link downloaded software that holds your data hostage. That's a ransomware attack.
Business Email Imposters - A scammer sets up an email address that looks like it’s form your company. Then the scammer sends out messages using that email address. This practice is called spoofing, and the scammer is what we call a business email imposter.
Reporting A Cybercrime - As we spend more time online, crimes that previously occurred face to face – like credit card fraud, identity theft, and harassment – now occur online as well. By reporting cybercrime to the appropriate authorities, you can play a role in making the Internet safer and more secure for all.
Understanding Denial-of-Service Attacks - Denial-of-service attacks don’t just affect websites—individual home users can be victims too. Denial-of-service attacks can be difficult to distinguish from common network activity, but there are some indications that an attack is in progress.
Recognizing Fake Antiviruses - Fake antivirus is malicious software (malware) designed to steal information from unsuspecting users by mimicking legitimate security software. It's important to protect your computer from fake antivirus infection and to be able to recognize when an infection has occurred.
Tech Support Scams - Often, scammers are behind these calls, pop-up messages, and emails. They want to get your money, personal information, or access to your files. This can harm your network, put your data at risk, and damage your business.
REPORTING A CYBERCRIME - As we spend more time online, crimes that previously occurred face to face – like credit card fraud, identity theft, and harassment – now occur online as well. By reporting cybercrime to the appropriate authorities, you can play a role in making the Internet safer and more secure for all.
PROTECTING YOUR DATA FROM RANSOMWARE - Recommendations on How to Conduct, Maintain, and Test Backup Files from NIST and NCCoE. This document provides recommendations to help MSPs conduct, maintain, and test backup files to reduce the impact of these data loss incidents.
Debunking Some Common Cybersecurity Myths - There are some common myths that may influence your online security practices. Knowing the truth will allow you to make better decisions about how to protect yourself.
Cybersecurity for Manufacturing
Self Assessment Tool for Manufacturers - The NIST MEP Cybersecurity Assessment Tool allows U.S. small manufacturers to self-evaluate the level of cyber risk to their business. The assessment is based on the National Institute of Standards and Technology’s (NIST) Cyber Security Framework.
Cybersecurity Strengthens U.S. Manufacturers - This infographic demonstrates why it’s vital that small business owners build a robust cybersecurity program that will help protect their employees, customers, and businesses.
NIST For Small Manufacturers - For most small manufacturers, the security of information, systems, and networks is not the highest priority, but a cybersecurity incident can be detrimental to the business, customers, or suppliers. It’s important that manufacturers understand and manage the risk and establish a cybersecurity protocol to protect critical assets.
Cybersecurity Resources for Manufacturers - This page provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment and helpful information on how to avoid scammers and secure your factory floor.
Cybersecurity for the Web
Evaluating Your Web Browser's Security Settings - Check the security settings in your web browser to make sure they are at an appropriate level. While increasing your security may affect the functionality of some web sites, it could prevent you from being attacked.
Browsing Safely: Understanding Active Content and Cookies - Many people browse the Internet without much thought to what is happening behind the scenes. Active content and cookies are common elements that may pose hidden risks when viewed in a browser or email client.
It’s Everyone’s Job to Ensure Online Safety at Work - When you are on the job – whether it’s at a corporate office, local restaurant, healthcare provider, academic institution or government agency your organization’s online security is a shared responsibility.
Creating a Strong Password - Creating a strong password is an essential step to protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime.
Internet Security Essentials for Business - From the U.S. Chamber of Commerce, common threats facing small businesses and the best way to combat them with information from public and private sector experts.
National Cyber Security Alliance: StaySafeOnline.org - Easy-to-understand information dedicated to online safety for individuals and businesses. Get involved and promote a safer, more secure internet.
COVID-19 Security Resource Library - A compilation of tips and recommendations from NCSA and its partners on ways to stay safe online, as well as how to avoid cyber threats and scams during this pandemic.
Securing Network Infrastructure Devices - Network infrastructure devices are often easy targets for attackers. Many of these devices are not maintained at the same security level as general-purpose desktops and servers, but there are steps users and network administrators can take to better secure their network infrastructure.
Website Security - Website security refers to the protection of personal and organizational public-facing websites from cyberattacks.
Securing Wireless Networks - Wireless networks introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information.
Cybersecurity for Small Business
Small Business Cyber Security Guide - This guide has been specifically designed for small businesses to understand, take action, and increase their cyber security resilience against ever-evolving cyber security threats. The language is clear, the actions are simple, and the guidance is tailored for small businesses.
Good Security Habits - There are some simple habits you can adopt that, if performed consistently, may dramatically reduce the chances that the information on your computer will be lost or corrupted.
Small Business Cybersecurity “Quick Wins” - This “Quick Wins” tips sheet will help you outline your own security awareness training program.
NYDFS Cybersecurity Regulation Primer- An easy to understand explanation of the NYDFS Cybersecurity Regulation requirements.
GLOBAL CYBER ALLIANCE Cybersecurity tool kit for SMBs - Free and effective tools you can use today to take immediate action to reduce risk for your business.
Common Cybersecurity Misconceptions for Small and Medium-Sized Organizations Employees empowered with the resources and knowledge to protect your organization from cyberthreats is one of the best lines of defense you can have.
5 Ways to be Cyber Secure at Work - From the top leadership to the newest employee, cybersecurity requires the vigilance of everyone to keep data, customers, and capital safe and secure.
Cyber Insurance for SMBs - Cyber insurance is one option that can help protect your business against losses resulting from a cyber attack. If you’re thinking about cyber insurance, discuss with your insurance agent what policy would best fit your company’s needs, including whether you should go with first-party coverage, third-party coverage, or both.
Ten Cybersecurity Tips for Small Businesses (FCC) - Here are ten key cybersecurity tips to protect your small business.
Small Business Cybersecurity - Cyber attacks are a growing concern for small businesses. Learn about the threats and how to protect yourself. Common threats, assessing your business risk, best practices, training and more from the SBA.
Federal Trade Commission: Privacy and Security - Ensure that your business complies with these U.S. security regulations.
Vendor Security - Your business Vendors may have access to sensitive information. Make sure vendors are securing their own computers and networks before allowing them access to yours.
Prevalent Guide to Third-Party Monitoring - A guide to understanding how to conduct third-party and vendor monitoring using opensource tools or software.
Start with Security - A guide for small business with lessons learned from FTC cases. Ten lessons to learn that touch on vulnerabilities that could affect your company, along with practical guidance on how to reduce the risks they pose.
Ransomware Explainer: Understand what ransomware is, how it works, and what you can do to prevent it.
Cybersecurity is Everyone’s Job - This guidebook outlines what each member of an organization should do to protect it from cyber threats, based on the types of work performed by the individual. It is aligned with the strategic goals of the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST).
Communicating with the Board about Cybersecurity - An organization’s ability to successfully mitigate and respond to cyber risk requires conscientious oversight by the board of directors. Directors, in turn, need senior-level executives to understand and frame this dynamic issue appropriately in order to inform boardroom discussions about cybersecurity.
Questions Every CEO Should Ask About Cyber Risks - To help companies understand their risks and prepare for cyber threats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices.
Cybersecurity Risk Management - An easy to understand guide explaining cybersecurity risk management that can help you implement an effective risk mitigation approach for your small or mid-sized business.
Public Cloud Security - A Complete primer on running private workloads in the public cloud. Covers AWS Security services as well as private cloud security solutions.
Third Party Risk Management (TPRM) Guide - A complete guide on what Third Party Risk Management is, and how to create an effective TPRM program.
Digital Risk Protection Guide: Understand the new world of Digital Risk Protection (DRP) and how external threats can be just as dangerous as internal ones.
IoT Security
The State of IoT Security - In this report Celerium's Dark Cubed explores the threat of IoT Devices to explore the level of risk they pose during their everyday operations, as designed and delivered out of the box. Read more about our testing methodology and results by downloading our report.
IoT Security - With more connected “things” entering our homes and our workplaces each day, it is important that everyone knows how to secure their digital lives.
Recommendations for IoT Device Manufacturers - An incredible variety and volume of Internet of Things (IoT) devices are being produced. Manufacturers can help their customers by improving how securable the IoT devices they make are, meaning the devices provide functionality that their customers need to secure them within their systems and environments.
Managing IoT Cybersecurity and Privacy Risks - The Internet of Things (IoT) is a rapidly evolving and expanding collection of diverse technologies that interact with the physical world. Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do.
Simple list of resources for IoT security practitioners - From the IoT Security Foundation, a list of recommendations for IT and IoT professionals from industry professionals.
IOT Cybersecurity Alliance Resources - Understand why and how to protect services and end-point devices with hardware security.
The Ultimate Iot Security Checklist - By the end of 2020, there will be 21B IoT devices worldwide, creating a massive network of self-driving cars, connected energy grids, and smart appliances. As innovative companies build towards this connected future, they must constantly evaluate the risks that come with these large IoT security networks.
Internet of Things: What Is IoT? IoT Security - Not everyone understands what IoT really means or why it's so important for businesses and consumers. We'll break down the tech lingo and explain what you need to know.
Our team is constantly updating this cybersecurity resources page so please check back for more valuable information to help secure your business. You can also check out our page on cybersecurity compliance requirements.
Looking for help with improving your organization's cybersecurity? Learn more about our network defense solution here.