I’d like a basic guide I can give to team members.<p>Covering what are the most common attacks (eg gift card scams, invoicing fraud, phishing emails), and top prevention methods<p>Does this exist?
PagerDuty provide their security training materials for free online[1], and you can view and build them from source[2] if you like. They also accept contributions as GitHub pull requests.<p>[1] - <a href="https://sudo.pagerduty.com/" rel="nofollow">https://sudo.pagerduty.com/</a><p>[2] - <a href="https://github.com/PagerDuty/security-training/" rel="nofollow">https://github.com/PagerDuty/security-training/</a>
Amazon has a pretty good boilerplate here: <a href="https://www.aboutamazon.com/news/community/amazon-releases-free-cybersecurity-awareness-training" rel="nofollow">https://www.aboutamazon.com/news/community/amazon-releases-f...</a>
We had a week long of daily security related challenges ranging from easy to hard for everyone to participate. From simple sql injection and password encoding to buffer overflows. Some were coding exercises, others were open ended questions, googling encouraged. Every challenge gave a number of points and at the end of the week there would be some prices for the winners.<p>A lot of people participated and personally I learned a lot and had fun doing it.<p>May require some effort to set up, but then again these may already exist online.
For technical, it's the OWASP Top 10: <a href="https://owasp.org/www-project-top-ten/" rel="nofollow">https://owasp.org/www-project-top-ten/</a><p>The site itself is clear enough to read on its own, but there are many other sites dedicated to explaining and training around it. It's frequently updated and up to date.