[BreachExchange] Cybersecurity must be everyone’s job

[Audrey McNeil]

http://magicvalley.com/business/cybersecurity-must-
be-everyone-s-job/article_d62ae4dc-5068-59c2-b0f6-d64bdef4b69b.html

We hear of data breaches regularly, and it’s easy to think that it’s
someone else’s problem. What can I really do to stop a data breach?

Cybersecurity must be everyone’s job. Owner, manager and staff are a
crucial part of protecting information. Train employees and keep on top of
new risks. Large firm or small business, the cost of a data breach can be
devastating both in information lost and the funds needed to recover. Small
businesses are not immune from these threats, because criminals might hope
these firms have less invested in security than large companies.

As we wrap up our look at National Cyber Security Awareness month, it’s a
good time to look at safeguarding information at your place of work. The
National Cyber Security Alliance and staysafeonline.org are great places to
start the conversation and keep it going year around.

Your company’s website should have a privacy policy that tells customers
what information you collect and how you use it. It is important to educate
staff to adhere to the policy. You should be aware of all the personal
information you have about your customers, where you’re storing it, how you
are using it, who has access to it and how you protect it.

Cybersecurity can be a complex topic, but there are basic steps you can
take to protect you and your customers’ data. BBB and the National Cyber
Security Alliance recommends this five-step approach following guidance
from the National Institute of Standards and Technology:

Identify. Take inventory of key technologies you use and know what
information you need to rebuild your infrastructure from scratch. Inventory
the key data you use and store and keep track of likely threats.

Protect. Assess what protective measures you need to have in place to be as
prepared as possible for a cyber incident. Put protective policies in place
for technologies, data and users, and ensure that your contracts with cloud
and other technology service providers include the same protections.

Detect. Put measures in place to alert you of current or imminent threats
to system integrity, or loss or compromise of data. Train your users to
identify and speedily report incidents.

Respond. Make and practice an Incidence Response Plan to contain an attack
or incident and maintain business operations in the short term.

Recover. Know what to do to return to normal business operations after an
incident. Protect sensitive data and your business reputation over the long
term.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171102/a871b465/attachment.html>