By National Cyber Security Alliance, Special for USDR
With nearly half of U.S. companies experiencing a data breach in 2013 and 2014, lax security is putting many companies at greater risk for cyber attacks. To help small and midsized businesses (SMBs) build a strong line of defense, National Cyber Security Awareness Month (NCSAM), which is co-led by the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA), is dedicating its second week to teaching businesses and their employees how to better protect their digital assets, money, and valuable customer and employee data.
Nearly half of all small businesses have been victims of cyberattacks and 71 percent of security breaches target small businesses, yet many SMBs believe they are not vulnerable to cyber attacks because of their small size and limited assets. This precarious gap between perception and reality represents a big opportunity for cybercriminals to take advantage of businesses that may lack the knowledge and the resources to keep their digital assets secure. Check out NCSA’s informative “Creating a Culture of Cybersecurity in Your Business” infographic: http://ncsam.info/1MNuPQg.
“Many SMBs seem to have a false sense of security, forgetting that hackers are more interested in the sensitivity of stolen data than just the size of the business,” said Michael Kaiser, executive director of NCSA. “Building a culture of cybersecurity is the best line of defense for all businesses. SMBs should first identify their most valuable assets, put measures in place to protect them, be able to recognize if an incident has occurred and know how they would respond and recover from an attack. Employees play a critical role in protecting business, and educating them about how to use the networks more securely is essential.”
Getting employees on board is crucial to keeping your business safe, particularly when they are outside the office. With a new CompTIA study showing that more than six in 10 employees use company-issued mobile devices to work from home, on the road, or for personal activities, it is increasingly important to secure the digital bridge between work and home. Moreover, 94 percent of employees say they connect their laptop or mobile devices to unsecured Wifi networks, putting data at greater risk. SMBs can ensure that employees use safe online practices by teaching them to protect all devices connected to the Internet. For tips on keeping mobile devices safe visit http://ncsam.info/1N9jCwq
Simplifying Cybersecurity for SMBs – A Five-Step Approach
In collaboration with the Better Business Bureau (BBB), NCSA is developing a five-step approach to improve small and midsized business security and protect sensitive customer and employee data. Translating the DHS-recommended National Institute of Standards and Technology (NIST) cybersecurity framework and the Federal Trade Commission’s “Start with Security” guidelines, this accessible approach provides business owners with a concrete, customizable cybersecurity roadmap. BBB and the NCSA have developed informational programs and materials that businesses can use during NCSAM and throughout the year. For SMB resources visit www.bbb.org.
“Larger enterprises are beefing up their security, leaving often underprepared, under-resourced SMBs squarely in the sights of cybercriminals,” said Bill Fanelli, chief security officer of the Council of Better Business Bureaus. “With the NIST-based, five-step approach, we are able to empower SMBs with actionable resources and the know-how that will arm them with the tools to proactively protect their business’ crown jewels – from intellectual property and customer info to financial data. We are pleased to drive this effort in collaboration with NCSA. Business and consumer groups can request a speaker by contacting their local BBB office.”
The World’s Largest Social Network Kicks Off Fifth Annual ‘Hacktober’
Facebook takes a proactive approach to security, including how it creates and retains a security-conscious culture. Its annual month-long initiative, Hacktober, reinforces formal training with contests, events, and simulated hacks to remind all employees that good security requires vigilance. Facebook is also sharing what it’s learned with other organizations that want to build similar programs on its Facebook Security Page. For starters, awareness programs should help employees feel comfortable discussing security and raising potential concerns, build relationships with appropriate security teams, and have fun instead of feel alarmed.
Upcoming Events and SMB Resources
- #2Factor Tuesday, October 6 in Washington, D.C.: NCSA and the FIDO Alliance will host the first-ever #2FactorTuesday at Google to raise international awareness for two-factor authentication as a means of enhancing the security of online accounts. Speakers will include Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator at the White House;Michael Kaiser (NCSA); Charles McColgan, (TeleSign); Brett McDowell (FIDO Alliance); Sean Brooks (NIST); Marc Boroditsky(Authy) and Stephan Somogyi (Google). You can participate by joining the Twitter Chat @STOPTHNKCONNECT for a #ChatSTC/#2FactorTuesday Twitter Chat at 11:00 a.m. EDT or by watching the event LIVE on NCSA’s YouTube Channelat 1:30 p.m. EDT. Additional information and registration here
- Attend the 4th Annual U.S. Chamber of Commerce Cybersecurity Summit on October 6 in Washington, D.C. Additional information and registration here
- EDUCAUSE Live! Creating a Culture of Cybersecurity and Safety on Your Campus and in Your Community (webinar),October 7 (1-2 p.m. EST/10-11 a.m. PST): Additional information and registration here
- Multi-State Information Sharing & Analysis Center: National Cyber Security Awareness Month: Tips to Stay Safe Online (webcast), October 7. Additional information and registration here
- Logical Operations: 3 Actions You Can Take NOW to Combat Cyber Threats (webinar), October 8, 1:00pm ET/10:00am PT. Learn more here: http://bit.ly/1jvkfDV
- Creating a Culture of Cybersecurity at Work: An FTC webinar, October 8, 2:00pmET/11:00amPT: To register, visithttps://cybersecuritywebinar.eventbrite.com
Additional resources to help Internet users stay safe online:
- DHS launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework released in February 2014. Visit C³ Voluntary Program Outreach and Messaging Kit to learn more.
- Logical Operations created Cyber Security PSAs to help employees recognize and avoid security threats before it’s too late. The goal is for people to print and post to get their own employees involved during National Cyber Security Awareness Month and beyond! http://logicaloperations.com/media/uploads/downloads/cyber_security_psas.pdf
- ZeroFOX and The National Cyber Security Alliance have created the following infographic to demonstrate how cyber criminals use social networks as mediums for launching targeted malware and phishing schemes. https://www.zerofox.com/campaign/ncsam-infographic/
- The CA Security Council’s SSL checker tool enables website administrators to identify configuration weaknesses and vulnerabilities and improve the security of their site. https://casecurity.ssllabs.com/
- This infographic, created by HIMSS and the National Cyber Security Alliance, provides healthcare organizations and their workforce members with practical tips on how to safeguard information. http://www.himss.org/ncsam/keeping-information-safe-and-secure-when-mobile
- The FTC’s Start with Security resource provides 10 practical lessons adaptable to companies of any size and in any sector. Check it outonline, order free copies at ftc.gov/bulkorder or watch the video at http://go.usa.gov/3tFeC
- Lookout Lesson Plan: Lookout is highlighting a number of risky mobile scenarios, teaching you about the risks and what you can do keep your information and accounts safe. http://blog.lookout.com/blog/2015/10/01/cybersecurity-awareness-month/
- A great starting point for managing risk is to use the “AVG Small Business Security Health Check” tool that helps small and medium businesses assess their risk profile. The results of a security health check can be used by an internal IT team or as a discussion and strategy starting point with a company’s IT and security software provider or consultant.
More than 500 NCSAM Champions will play an active role in sharing important cybersecurity messages with their local communities, corporations, governments and individuals internationally. You can also follow the conversation and get the breaking news on the month’s activities using NCSAM’s new official hashtag, #CyberAware, on social media, and join weekly #ChatSTC Twitter chats every Thursday at 3 p.m. EDT/noon PDT. Additionally, NCSA has created sample social media posts that you can download and sharethroughout the month. You can learn more about upcoming NCSAM events (and submit your own events to the calendar) athttps://www.staysafeonline.org/ncsam/events. Additional resources (infographics, tip sheets and more) and information on getting involved and becoming a NCSAM Champion are available at https://www.staysafeonline.org/ncsam/.