Today I want to highlight Steps 2 & 3 of National Cyber Security Awareness Month‘s focus on Cybersecurity in the Workplace.
Step 2 is Protect.
Protection focuses on many of the concepts I have been discussing this month. The focus is on protecting digital assets, training employees on the basics of cybersecurity and the basics of cyber security hygiene.
Protecting digital assets consists of identifying your digital “crown jewels”. Once you have, you need to implement appropriate protections for those assets and enforce appropriate cyber hygiene across the organization.
In pushing cyber hygiene, focus on the concepts from last week of locking down logins, backing up data, maintaining device security and limiting access to those “crown jewels.”
From there, put your focus on employee training. There are several excellent resources for cyber security training in the workplace, and I strongly recommend implementing phishing tests within the company, so you can gauge your exposure and target the training to those who need it most. It’s something we do extensively with our clients at Onepath.
Step 3 is Detect.
Detection is all about knowing the threats that your business may be exposed to. It’s also about having the right tools and services in place to help your detect these threats. As we have seen from many data breaches over the last few years, hackers often have access to a network for months or longer, before their presence or worse, the damage they have done, is detected. Having the right people, processes and technology in place is critical in order to detect a hacker.
Follow this link to learn more and explore a wealth of resources available to help you understand detection and what your business needs to be doing to protect itself.
Today at 2 PM is an online event as part of National Cybersecurity Awareness Month.
This free webinar is focused on combating ransomware and phishing in the workplace.
You may learn more about the webinar and RSVP to attend at this link.
A key message in this weeks theme is identifying the “crown jewels” of digital assets. You have to know what’s important to your business in order to properly protect it. This link provides some guidance around identifying and maintaining an up to date inventory of your digital “crown jewels.”
Throughout this week, I’ll post on the remaining steps associated with protecting your business. Today is Step 1: Identify. Remaining steps are:
Step 2: Protect
Step 3: Detect
Step 4: Respond
Step 5: Recover
Welcome to Week 2 of National Cyber Security Awareness Month. This weeks theme is “Cybersecurity in the Workplace is Everyone’s Business.” What is your company culture around cybersecurity?
More than ever, every single employee has a responsibility to ensure the cyber safety of their company network and data. To do so, first, your company must identify what is important to the business, the “crown jewels” of digital assets. This is often the intellectual property of the company. That’s certainly a good place to start.
Most companies have taken steps to secure the network perimeter, but if a hacker were to breach that perimeter and gain access to your network, would you know they are there? As you identify cybersecurity risks, how do you classify them? Do you remediate them or just note their existence? Consider the recent Equifax breach. It was revealed that Equifax was aware of the flaw that allowed the breach for at least two months. How long can you allow a known vulnerability to remain unaddressed? There are rumblings that we may start to see heavy penalties for such cases.
Also, keep in mind that your HR data is just as important as your trade data. In additional to having a responsibility to protect your digital assets that relate to your products and services, you must also protect your employee data. Every business has Personally Identifiable Information (PII) on every person it employs.
Some of the other things I’ll blog about this week includes cybersecurity issues like identity and access management, detecting and responding to threats, recovering from a breach and Bring Your Own Device (BYOD) considerations.
All business and individuals can support #CyberAware Month by being an official NCSAM Champion! Sign up today! https://staysafeonline.org/ncsam/champions.
I hope you will follow the conversation and join in. Stay Safe Online!
Today wraps up week 1 of National Cyber Security Awareness Month. I thought a quick review of this weeks themes made the most sense for a post today.
Week 1’s theme is STOP. THINK. CONNECT.™: Simple Steps to Online Safety.
The Stop. Think. Connect. website has a lot of resources and I’ve provided direct links to several here in this post. Some are tip sheets, others are graphics or videos.
The primary sub-themes this week are:
Back Up Regularly
Keep a Clean Machine
Lock Down Your Login, which I posted about earlier this week in the post Lock Down Your Login.
Own Your Online Presence
Personal Information is Like Money. Value it. Protect it.
Share With Care.
STOP. THINK. CONNECT.
When in Doubt, Throw it Out.
#ChatSTC Twitter Chat: STOP. THINK. CONNECT.™ – Simple Steps to Online Safety
Staying safe and secure online is our shared responsibility, and it’s critical for any internet user to continually learn about and consistently practice good cybersecurity habits. This Twitter chat – coinciding with Week 1 of National Cyber Security Awareness Month (NCSAM) 2017 – will address the top consumer cybersecurity concerns, provide simple steps to protect against these threats and teach you what to do if you fall victim to cybercrime.
- When: Thursday, Oct. 5, 2017, 3:00-4:00 p.m. EDT/12:00-1:00 p.m. PDT
- Moderator: STOP. THINK. CONNECT.™ (@STOPTHNKCONNECT)
- Guests: Better Business Bureau (@bbb_us); CyberWise (@BeCyberWise); EDUCAUSE Higher Education Information Security Council (@HEISCouncil); ESET (@ESET); Federal Trade Commission (@FTC); Get Cyber Safe (@GetCyberSafe); Herjavec Group (@herjavecgroup); Hueya (@hueyainc); Identity Theft Resource Center (@ITRCSD); iKeepSafe (@iKeepSafe); LastPass (@LastPass); Lee Kim, Director of Privacy & Security, HIMSS (@lkimcissp); Meredith Leitch, Human Resources and Communications, Intel (@mlleitch); Michelle Dennedy, Vice President & Chief Privacy Officer, Cisco (@mdennedy); PCI Security Standards Council (@PCISSC); PRIVO (@PRIVOtrust); PSafe Technology Inc. (@DFNDR); RoboForm (@roboform); Security Awareness Company (@SecAwareCo); Stacy Martin, Policy Education and Community, Intel (@StacyMoz); Sticky Password (@stickypassword); TeleSign (@TeleSign); Trusted IDs at NIST (@TrustedIDsNIST); National Cyber Security Alliance (@StaySafeOnline); additional guests TBD
Use #ChatSTC to join!
One of the themes for National Cyber Security Awareness Month (NCSAM) is Lock Down Your Login. By now, you should know that using a simple password is just asking for trouble. Complex passwords, or better yet, passphrases are preferred.
However, beyond just a strong password, it’s best to use another authentication factor. It would be a randomly generated code from a token device, a biometric or a one time code sent to your smartphone.
I encourage you to review this excellent resource at www.lockdownyourlogin.org for step by step instructions for securing several popular online sites like Facebook, Google, Salesforce and more. Check out the tips and explore the rest of the site by clicking on the menu icon in the upper right of the site.
The first major online event of Week 1 of National Cyber Security Awareness Month takes place today at Noon Eastern on Twitter. See details below for how to participate.
#ChatSTC Twitter Chat: A Global Kickoff to Cyber Security Awareness Month
For the first time, in honor of Cyber Security Awareness Month (CSAM), internationally renowned government and industry experts will gather to explore major cybersecurity issues during a daylong event hosted by the National Cyber Security Alliance (NCSA) and the Organization of American States (OAS). Join NCSA and partners for a pre-event Twitter chat live from the OAS headquarters in Washington, D.C., to kick off the day’s festivities and discuss the global launch of CSAM and key topics and issues that will be highlighted. Participants will then be invited to tune in to the daylong activities online through the event livestream.
Use #ChatSTC to join! #CyberAware