Washington, D.C. – With nearly half of U.S. companies experiencing a data breach in 2013 and 2014, lax security is putting many companies at greater risk for cyber attacks. To help small and midsized businesses (SMBs) build a strong line of defense, National Cyber Security Awareness Month (NCSAM), which is co-led by the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA), is dedicating its second week to teaching businesses and their employees how to better protect their digital assets, money, and valuable customer and employee data.
Nearly half of all small businesses have been victims of cyberattacks and 71 percent of security breaches target small businesses, yet many SMBs believe they are not vulnerable to cyber attacks because of their small size and limited assets. This precarious gap between perception and reality represents a big opportunity for cybercriminals to take advantage of businesses that may lack the knowledge and the resources to keep their digital assets secure. Check out NCSA’s informative “Creating a Culture of Cybersecurity in Your Business” infographic: http://ncsam.info/1MNuPQg.
“Many SMBs seem to have a false sense of security, forgetting that hackers are more interested in the sensitivity of stolen data than just the size of the business,” said Michael Kaiser, executive director of NCSA. “Building a culture of cybersecurity is the best line of defense for all businesses. SMBs should first identify their most valuable assets, put measures in place to protect them, be able to recognize if an incident has occurred and know how they would respond and recover from an attack. Employees play a critical role in protecting business, and educating them about how to use the networks more securely is essential.”
Getting employees on board is crucial to keeping your business safe, particularly when they are outside the office. With a new CompTIA study showing that more than six in 10 employees use company-issued mobile devices to work from home, on the road, or for personal activities, it is increasingly important to secure the digital bridge between work and home. Moreover, 94 percent of employees say they connect their laptop or mobile devices to unsecured Wifi networks, putting data at greater risk. SMBs can ensure that employees use safe online practices by teaching them to protect all devices connected to the Internet. For tips on keeping mobile devices safe visit http://ncsam.info/1N9jCwq
Simplifying Cybersecurity for SMBs – A Five-Step Approach
In collaboration with the Better Business Bureau (BBB), NCSA is developing a five-step approach to improve small and midsized business security and protect sensitive customer and employee data. Translating the DHS-recommended National Institute of Standards and Technology (NIST) cybersecurity framework and the Federal Trade Commission’s “Start with Security” guidelines, this accessible approach provides business owners with a concrete, customizable cybersecurity roadmap. BBB and the NCSA have developed informational programs and materials that businesses can use during NCSAM and throughout the year. For SMB resources visit www.bbb.org.
“Larger enterprises are beefing up their security, leaving often underprepared, under-resourced SMBs squarely in the sights of cybercriminals” said Bill Fanelli, chief security officer of the Council of Better Business Bureaus. “With the NIST-based, five-step approach, we are able to empower SMBs with actionable resources and the know-how that will arm them with the tools to proactively protect their business’ crown jewels – from intellectual property and customer info to financial data. We are pleased to drive this effort in collaboration with NCSA. Business and consumer groups can request a speaker by contacting their local BBB office.”
The World’s Largest Social Network Kicks Off Fifth Annual ‘Hacktober’
Facebook takes a proactive approach to security, including how it creates and retains a security-conscious culture. Its annual month-long initiative, Hacktober, reinforces formal training with contests, events, and simulated hacks to remind all employees that good security requires vigilance. Facebook is also sharing what it’s learned with other organizations that want to build similar programs on its Facebook Security Page. For starters, awareness programs should help employees feel comfortable discussing security and raising potential concerns, build relationships with appropriate security teams, and have fun instead of feel alarmed.
Upcoming Events and SMB Resources
- #2Factor Tuesday, October 6 in Washington, D.C.: NCSA and the FIDO Alliance will host the first-ever #2FactorTuesday at Google to raise international awareness for two-factor authentication as a means of enhancing the security of online accounts. Speakers will include Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator at the White House; Michael Kaiser (NCSA); Charles McColgan, (TeleSign); Brett McDowell (FIDO Alliance); Sean Brooks (NIST); Marc Boroditsky (Authy) and Stephan Somogyi (Google). You can participate by joining the Twitter Chat@STOPTHNKCONNECT for a #ChatSTC/#2FactorTuesday Twitter Chat at 11:00 a.m. EDT or by watching the event LIVE on NCSA’s YouTube Channel at 1:30 p.m. EDT. Additional information and registration here
- Attend the 4th Annual U.S. Chamber of Commerce Cybersecurity Summit on October 6 in Washington, D.C. Additional information and registration here
- EDUCAUSE Live! Creating a Culture of Cybersecurity and Safety on Your Campus and in Your Community (webinar), October 7 (1-2 p.m. EST/10-11 a.m. PST): Additional information and registration here
- Multi-State Information Sharing & Analysis Center: National Cyber Security Awareness Month: Tips to Stay Safe Online (webcast), October 7. Additional information and registration here
- Logical Operations: 3 Actions You Can Take NOW to Combat Cyber Threats (webinar), October 8, 1:00pm ET/10:00am PT. Learn more here: http://bit.ly/1jvkfDV
- Creating a Culture of Cybersecurity at Work: An FTC webinar, October 8, 2:00pmET/11:00amPT: To register, visit https://cybersecuritywebinar.eventbrite.com
Additional resources to help Internet users stay safe online:
- DHS launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework released in February 2014. Visit C³ Voluntary Program Outreach and Messaging Kit to learn more.
- Logical Operations created Cyber Security PSAs to help employees recognize and avoid security threats before it’s too late. The goal is for people to print and post to get their own employees involved during National Cyber Security Awareness Month and beyond! http://logicaloperations.com/media/uploads/downloads/cyber_security_psas.pdf
- ZeroFOX and The National Cyber Security Alliance have created the following infographic to demonstrate how cyber criminals use social networks as mediums for launching targeted malware and phishing schemes. https://www.zerofox.com/campaign/ncsam-infographic/
- The CA Security Council’s SSL checker tool enables website administrators to identify configuration weaknesses and vulnerabilities and improve the security of their site. https://casecurity.ssllabs.com/
- This infographic, created by HIMSS and the National Cyber Security Alliance, provides healthcare organizations and their workforce members with practical tips on how to safeguard information. http://www.himss.org/ncsam/keeping-information-safe-and-secure-when-mobile
- The FTC’s Start with Security resource provides 10 practical lessons adaptable to companies of any size and in any sector. Check it out online, order free copies at ftc.gov/bulkorder or watch the video at http://go.usa.gov/3tFeC
- Lookout Lesson Plan: Lookout is highlighting a number of risky mobile scenarios, teaching you about the risks and what you can do keep your information and accounts safe. http://blog.lookout.com/blog/2015/10/01/cybersecurity-awareness-month/
- A great starting point for managing risk is to use the “AVG Small Business Security Health Check” tool that helps small and medium businesses assess their risk profile. The results of a security health check can be used by an internal IT team or as a discussion and strategy starting point with a company’s IT and security software provider or consultant.
More than 500 NCSAM Champions will play an active role in sharing important cybersecurity messages with their local communities, corporations, governments and individuals internationally. You can also follow the conversation and get the breaking news on the month’s activities using NCSAM’s new official hashtag, #CyberAware, on social media, and join weekly #ChatSTC Twitter chats every Thursday at 3 p.m. EDT/noon PDT. Additionally, NCSA has created sample social media posts that you can download and sharethroughout the month. You can learn more about upcoming NCSAM events (and submit your own events to the calendar) at https://www.staysafeonline.org/ncsam/events. Additional resources (infographics, tip sheets and more) and information on getting involved and becoming a NCSAM Champion are available at https://www.staysafeonline.org/ncsam/
About National Cyber Security Awareness Month
National Cyber Security Awareness Month was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Now in its 12th year, NCSAM is co-sponsored by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance, the nation’s leading nonprofit public-private partnership promoting the safe and secure use of the Internet and digital privacy. Celebrated annually in October, NCSAM involves the participation of a multitude of industry leaders, mobilizing everyone – from individuals, small and medium-sized businesses, and non-profits to academia, multinational corporations and governments. Encouraging digital citizen around the globe to STOP. THINK. CONNECT., NCSAM is harnessing the collective impact of its programs and resources to increase awareness about today’s ever-evolving cybersecurity landscape. Please visit: https://www.staysafeonline.org/about-us/news/media-room/
About The National Cyber Security Alliance
The National Cyber Security Alliance (NCSA) is the nation’s leading nonprofit public-private partnership promoting the safe and secure use of the Internet and digital privacy. Working with the Department of Homeland Security (DHS), private sector sponsors and nonprofit collaborators to promote cybersecurity awareness, NCSA board members include representatives from ADP, AT&T, Bank of America, BlackBerry, Comcast Corporation, ESET, Facebook, Google, Intel, Logical Operations, Microsoft, PayPal, PKWARE, RSA – the Security Division of EMC, Raytheon, Symantec, Verizon and Visa. Through collaboration with the government, corporate, nonprofit and academic sectors, NCSA’s mission is to educate and empower digital citizens to use the Internet securely and safely, protect themselves and the technology they use, and safeguard the digital assets we all share. NCSA leads initiatives for STOP.THINK.CONNECT., a global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online; Data Privacy Day, celebrated annually on January 28 and National Cyber Security Awareness Month, launched every October. For more information on NCSA, please visit staysafeonline.org/about-us/overview/.
About STOP. THINK. CONNECT.
STOP. THINK. CONNECT. is the national cybersecurity education and awareness campaign. The campaign was created by an unprecedented coalition of private companies, non-profits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The Department of Homeland Security leads the federal engagement in the campaign. Learn how to get involved at STOPTHINKCONNECT.org.