Your organization’s online safety and security are a responsibility every employee shares.
Today all workplaces face the growing risk of cyberattacks. No matter where you are employed – whether it’s at corporate headquarters, a downtown restaurant, hospital, government agency or school ‒ online safety and security are a responsibility we all share. According to the U.S. Small Business Administration, there are more than 30 million small businesses nationwide. These organizations have a big impact on America’s economy through job creation and employment.
In October 2017, the National Cyber Security Alliance (NCSA) launched CyberSecure My Business™. The program was created to help protect the cybersecurity in the small and medium-sized business (SMB) community. NCSA has reached more than 6,840 highly engaged individuals via CyberSecure My Business in-person events, monthly webinars and YouTube webinar views.
Regardless of a business’s size, it is critical to take measures to help prevent attacks and have a set plan ready to go if one does occur. Across the board, NCSA recommends a top-down approach to creating a culture of cybersecurity in the workplace. The following steps ‒ developed by NIST ‒ will help tremendously as you formulate a plan to keep your business cybersecure:
- Identify: Conduct an inventory of your most valuable assets – the “crown jewels” of greatest importance to your business and of most value to criminals – such as employee, customer and payment data.
- Protect: Assess what protective measures you need in place – such as keeping your software up to date or by following these tips – to defend the organization as much as possible against a cyber incident.
- Detect:Have systems set up that would alert you if an incident occurs, including the ability for employees to report problems.
- Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.
- Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.
As a technology leader, Intel has implemented some of the industry’s best practices for making sure its employees and contingent workers know how to play an active role in helping keep the workplace and company data secure. Recognizing that employees are the first line of defense in corporate security, Intel cultivates a culture where security is top of mind and sets expectations for good security hygiene by helping employees know what actions to take in order to help keep Intel information secure. Some examples include:
- Delivering more than 150 role-based information security training courses to the enterprise and providing annual Information Security Awareness training for all 100,000+ employees plus contingent workers across 45+ countries.
- Executing regular companywide information security awareness campaigns to engage employees and keep them connected to Intel information security and privacy policies, as well as the evolving security landscape.
- Enforcing compliance and managing change via targeted internal communications.
“As we have witnessed over the last several years, any organization can fall victim to cybercrime, which could result in stolen personal information (PII) or intellectual property and serious disruptions to businesses and their customers,” said Russ Schrader, NCSA’s executive director. “And as the lines between our work and daily lives become increasingly blurred, it is more important than ever to be certain that smart cybersecurity carries over between the two.”
Recent Research Addressing Cybersecurity and Privacy Practices in the Workplace
Last Pass Report
Most businesses still have work to do in overcoming weak, reused, old and potentially compromised credentials. A new password security benchmark report from LastPass found that the average security score of over 43,000 businesses using LastPass is 52 out of 100, meaning even as more businesses invest in password management, most are performing middle of the road for password security. The report has several other notable findings, including:
- The bigger the company, the lower the security score on average. Organizations with 25 or fewer employees have the highest average Security Score of 50, and the average drops as the company size increases. More employees bring more passwords and unsanctioned apps, as well as extra opportunities for dangerous password behaviors. In larger organizations, it’s simply more challenging for IT to hold all employees to strict password security standards.
- On average, any given employee now shares about six passwords with coworkers. As teams become more distributed and technology-dependent, the ability to protect, track and audit shared passwords is more important than ever. Employees don’t need to stop sharing – they just need a secure way to do so.
- In the first year of investing in a password manager, a business gains nearly 15 security points. This represents a significant improvement in the security posture and is a tangible metric to validate the investment in LastPass and security training.
Overall, 75 percent of respondents in MediaPRO’s 2018 State of Privacy and Security Awareness report struggled with identifying best practices in cybersecurity and data privacy, an increase of five percent from the previous year. The study had several other notable findings:
- Fourteen percent of employees lacked the ability to correctly identify phishing emails. This is a notable increase in respondents who showed risky behaviors when it came to phishing attempts from MediaPRO’s 2017 survey, in which eight percent of employees struggled in this area.
- Only 58 percent of respondents overall could define business email compromise (BEC), suggesting a concerning lack of awareness surrounding this specific social engineering tactic.
- Employees in management roles or above showed riskier behaviors than entry- or mid-level employees. Seventy-seven percent of respondents in management showed a general lack of awareness, while 74 percent of those in subordinate positions scored the same.
“We’re living in an era where the increasing intensity and creativity of cyberattacks from both foreign and domestic actors underscores the importance of prioritizing cybersecurity,” said Brett Hansen, Vice President, Client Software and General Manager, Data Security at Dell. “From insider threats to nation-state level operations, preparedness comes down to what plan your organization has in place to stop an attack before it begins.”
Cyber Security Safety Tools:
Small and mid-sized businesses may be targeted by cybercriminals because they assume these businesses don’t have the security safeguards that larger companies do. ADP’s Small and Mid-Sized Business Security infographic includes security tips to help protect businesses.
ESET’s Cybersecurity Awareness Training is a free on-demand, interactive video training that business can send to their employees to help them become more cyber aware. The interactive gamified videos are a fun and effective way to teach and educate employees about cyber threats in the workplace and help keep your business safe. https://www.eset.com/us/cybertraining/
Better Business Bureau: The BBB Institute for Marketplace Trust launched its #BBB Secure article series, which educates small businesses on the importance of HTTPS encryption and the basics of how to ensure business websites are secure for customers, and provides tips for consumers on how to identify websites that are not secure. The article series was created with support from Facebook and Comcast.
CompTIA: Corporate leadership cannot afford to leave comprehensive cybersecurity programs to others within the organization. Today, executives and board members need to be hyperaware of the vulnerabilities to cyberattacks, the growing risks associated with cybercrimes, and what a company is doing to protect itself and its customers. Find out how leaders can create a corporate culture that takes a proactive and holistic approach to cybersecurity, by reading “Building a Culture of Cybersecurity: A Guide for Corporate Executives and Board Members.” Download the white paper here.
EDUCAUSE: The National Student Clearinghouse, EDUCAUSE and the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) released a white paper, “Cybersecurity: Why It Matters to Registrars, Enrollment Managers and Higher Education,” to kick off October as National Cybersecurity Awareness Month. Registrars and enrollment managers play central roles in an institution’s cybersecurity posture. The choices they make each day directly affect student data security.
In-person and Virtual Events
Identity Theft: The Aftermath hosted by Identity Theft Resource Center, Thursday, Oct, 18, Washington, D.C., 9:00 a.m. – 1:00 p.m. at Google HQ with industry experts, media, government and advocates. Identity crimes create more than just a financial impact. Victims experience emotional, behavioral and lost opportunity-costs. Join the ITRC for the release of our Aftermath trend analysis. This half-day morning session will also include insights from victims and expert-led workshops. Full survey results of the Identity Theft: The Aftermath 2018 report will be published in Q2 2019. Registration website: https://www.idtheftcenter.org/aftermath2018/
Symantec Webinar: It’s Everyone’s Job to Ensure Online Safety at Work, Thursday, Oct. 18, 1 p.m. EDT/10 a.m. PDT
Week 3 will focus on cyber security workforce education, training and awareness with specific focus on understanding adversary objectives for and the best practices for thwarting some of the most common threat tactics. Speaker: AJ Nash, Symantec
Register Here: https://www.symantec.com/about/webcasts?commid=330287
Federal Trade Commission (FTC): Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, will discuss an exciting, new cybersecurity initiative for small business during an interview with the National Cyber Security Alliance. The interview will be livestreamed via Facebook Live at 2:00 p.m. EDT on Oct.18. Please join us at facebook.com/staysafeonline.
FTC Cybersecurity for Small Business Webinar: New Federal Trade Commission’s Resources, Thursday, Oct. 18, 3:00 ‒ 4:00 p.m. EDT Learn about the FTC’s new cybersecurity for small business campaign. Hear how to use the FTC’s new tools to help improve cybersecurity for small businesses.
GRF Summit on Third-Party Risk, Oct. 24 – 26: at Lansdowne Resort & Spa, Leesburg, VAhttp://grfederation.org/2018-Summit-Overview The GRF Summit on Third-Party Risk aims to increase awareness of security best practices, offer an opportunity for collaboration among third-party vendors and organizations’ risk management teams, and provide a platform for security leaders to share expertise and learn from each other to improve holistic security. The Summit will provide training, education and networking on the critical cyber and physical security issues facing organizations, their vendors, and the areas where the two groups intersect. The event is being hosted by Global Resilience Federation in partnership National Health ISAC, Financial Services ISAC, Legal Services ISAO, Oil and National Gas ISAC, National Retail Federation’s Retail ISAO, Retail Cyber Intelligence Sharing Center, Energy Analytic Security Exchange and Multi-State ISAC.
About National Cybersecurity Awareness Month
National Cybersecurity Awareness Month (NCSAM) was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Now in its 15th year, NCSAM is co-led by the Department of Homeland Security and the National Cyber Security Alliance, the nation’s leading nonprofit public-private partnership promoting the safe and secure use of the internet and digital privacy. Recognized annually in October, NCSAM involves the participation of a multitude of industry leaders ‒ mobilizing individuals, small and medium-sized businesses, nonprofits, academia, multinational corporations and governments. Encouraging digital citizens around the globe to STOP. THINK. CONNECT.™ NCSAM is harnessing the collective impact of its programs and resources to increase awareness about today’s ever-evolving cybersecurity landscape. Visit the NCSAM media room: staysafeonline.org/about-us/news/media-room/. http://nexxytech.com/stc
About Nexxy Technologies Inc.
We all know the terms Cyber-Crimes, Hackism, Ransom-Wares, ERP Solutions and Web Development…
You will explore the best of them here.
Here’s what we do for you…
- We provide you with Tech Updates, ERP Solutions, Cyber Security Awareness Tips, and render in service, the best of Web/Mobile Development.
- We share the information collected from around the world, that creates awareness against cybercrime, you should share them too!
- want to learn Hacking? keep exploring, we provide various “TECH UPDATES & TRENDS” for doing amazing stuffs all by yourself.
- Get Cyber Security and IT Trends at your finger tips when you subscribe to our Newsletter Mailing Service.
- Download awesome PDF files to guild your net surfing.