Protect Your Organization Against Cyber Attacks

In today’s cybersecurity landscape, it is more important than ever before for businesses to prepare for and know how to respond to cyber incidents. In the Ponemon Institute’s 2016 State of Cybersecurity in Small and Medium-Sized Businesses survey, 55 percent of companies reported experiencing cyber attacks in the last 12 months. Falling victim to a data breach, ransomware attack or other cyber incident can be costly to a business, both in terms of financial and/or data loss and in damage to the company’s reputation with customers and other stakeholders. It’s critical to have a strong cybersecurity plan in place and know how to guard your business against attacks and quickly recover from incidents that may occur.

In 2013, the National Institute of Standards and Technology (NIST) established a cybersecurity framework to reduce risks to our nation’s critical infrastructure. This framework outlines five steps any business should take to address cyber threats:

• Identify: Take inventory of your most valuable assets – the “crown jewels” that are of greatest importance to your business and would be most valuable to criminals, such as employee, customer and payment data.
• Protect: Assess what protective measures you need to have in place to be as defended as possible against a cyber incident.
• Detect: Have systems in place that would alert you if an incident occurs, including the ability for employees to report problems.
• Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.
• Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.

Building on the NIST framework, the National Cyber Security Alliance (NCSA) recently established CyberSecure My Business, a comprehensive national program to help businesses of all sizes learn to be safer and more secure online. As the cornerstone of the program, NCSA has translated the NIST Cybersecurity Framework into simpler language and incorporated it into an introductory-level, in-person, highly interactive workshop. The workshop series – hosted in partnership with the U.S. Small Business Administration and the Federal Trade Commission, with support from the Federal Bureau of Investigation and the U.S. Department of Homeland Security – provides guidance on integrating cybersecurity practices, using a simplified version of the NIST Cybersecurity Framework and incorporating content from federal and industry partners, including recent threat data.

Along with live workshops, NCSA has started a webinar series for small and medium-sized businesses in partnership with our public and private partners. These events will be held on the second Tuesday of every month starting October 10.

I’m looking forward to participating in Nasdaq’s upcoming Cyber Security Attack Preparedness Summit on Tuesday, Sept. 12, from 1:00 to 3:10 p.m. EDT at the Nasdaq MarketSite in New York City. The summit will feature experts’ insights on what you can do to evaluate your cybersecurity capabilities to inform your enterprise risk management strategy and address coverage gaps and industry-specific exposures. There will be introductory remarks by Lou Modano, Nasdaq’s chief information security officer, and panel discussions on preventing an attack and post-attack response and recovery. The event will be streamed live; make sure to RSVP to tune in to the conversation online!

Here are a few tips your business can follow to improve its online safety and cybersecurity every day:

• Keep a Clean Machine: Having the latest security software, web browser and operating system in your business is the best defense against viruses, malware and other online threats.
• Protect Information: Secure accounts by incorporating strong authentication whenever possible and making each password long, strong and unique to that account.
• Protect the Company’s Online Reputation: Set security and privacy settings to your comfort level of sharing.
• Educate Employees: Human error is often the cause of company cyber breaches. Teach your employees basic best practices. For example, if an email, social media post or text message looks suspicious – even if you know the source – delete it.

Additionally, don’t forget that this October marks the 14th annual National Cyber Security Awareness Month (NCSAM) , a collaborative effort between government, industry and the nonprofit sector to educate consumers and businesses about the importance of cybersecurity and protecting personal information. During NCSAM, we will be releasing a variety of resources, news, blogs and other materials that will help you promote a safer internet and protect your business against cyber threats. Learn more about what’s coming up this NCSAM and how you can get involved here.

For more online safety and security resources for your business, visit staysafeonline.org – and follow us on Facebook and Twitter for the latest on cybersecurity, privacy and online safety year-round.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.