CyberSecure My Business™ is a comprehensive national program led by the National Cyber Security Alliance (NCSA) to help businesses of all sizes learn to be safer and more secure online.

As the cornerstone of the program, NCSA has translated the (NIST) Cybersecurity Framework into simpler language and incorporated it into an introductory-level, in-person, highly interactive workshop. The workshop series – hosted in partnership with the U.S. Small Business Administration (SBA) and the Federal Trade Commission (FTC), with support from the Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security – provides guidance on integrating cybersecurity practices, using a simplified version of the NIST Cybersecurity Framework and incorporating content from federal and industry partners, including recent threat data.

Along with live workshops, NCSA has started a webinar series for small and medium-sized businesses in partnership with our public and private partners. These events will be held on the second Tuesday of every month starting Oct. 10, 2017, from 2 to 3 p.m. EDT.

The NIST Cybersecurity Framework provides a common language for understanding, managing and expressing cybersecurity and can help businesses identify and prioritize their cybersecurity actions and manage cyber risk. The framework has the following steps:

• Identify
• Protect
• Detect
• Respond
• Recover

Through these workshops, NCSA teaches organizations how to think about cybersecurity, leading them through various scenarios and steps they can take to better secure their data.

Why You Should Pay Attention to Cybersecurity

Smaller businesses have become targets for cybercriminals because criminals know they have fewer defense resources than large enterprises.

If cybercriminals can breach a small business and steal credentials (e.g., for banking accounts or email access), they can use that information to steal money directly, create attacks on its customers and work their way around the business ecosystem in other nefarious ways.

The 2016 State of Small & Medium-Sized Business (SMB) Cybersecurity report, independently conducted by Ponemon Institute, LLC and sponsored by Keeper Security, surveyed 598 individuals in companies with 1,000 or fewer employees. The survey revealed the following::

• 50 percent of SMBs have been breached in the past 12 months.
• The most prevalent attacks against SMBs are 1) web-based attacks and 2) phishing/social engineering.
• Negligent employees or contractors and third parties caused most data breaches; however, almost a third of companies in this research could not determine the root cause.
• Companies are most concerned about the loss or theft of their customers’ information and their intellectual property.
• Strong passwords and biometrics are believed an essential part of the security defense; however, 59 percent of SMBs have no visibility into employee password practices, such as the use of unique or strong passwords and sharing passwords with others.
• Password policies are not strictly enforced. 65 percent of SMBs that have password policies say they do not strictly enforce them; moreover, the policies do not require employees to use passwords or biometrics to securely access mobile devices.
• Current technologies cannot detect and block many cyber attacks. Most exploits have evaded intrusion detection systems and antivirus solutions.
• Personnel, budget and technologies are insufficient to have a strong security posture. As a result, some companies engage managed security service providers to support an average of 34 percent of their IT security operations.
• Determination of IT security priorities is not centralized. The two functions most responsible are chief executive officer and chief information officer; however, 35 percent of respondents say no one function in their companies determines IT security priorities.
• Web and intranet servers are considered the most vulnerable endpoints or entry points to networks and enterprise systems. The challenge of not having adequate resources may prevent many companies from investigating in the technologies needed to mitigate these risks. Web application firewalls, security information and event management (SIEM), endpoint management and network traffic intelligence are not considered very important in current security strategy. At a minimum, anti-malware and client firewalls are considered the most important security technologies.
• Cloud usage and the prevalence of mobile devices that access business-critical applications and IT infrastructure will grow and threaten the security postures of companies in this study; however, only 18 percent of respondents say their companies use cloud-based IT security services.

Interested in contributing to CyberSecure My Business?

We are working to build a community of interest and are always looking for partners to contribute to and sponsor this initiative. For more information please contact us at [email protected].

Learn more about CyberSecure My Business and how to protect your organization against cyber threats here.

Join the CyberSecure My Business community today! Sign up to receive our monthly newsletter here.

Thank You To Our CyberSecure My Business™ Sponsor: