Posted by: Kristen Caretta
Midmarket CIO, SMB security, Strategy for CIOs
October is national Cyber Security Awareness month! The campaign, sponsored by the National Cyber Security Alliance, a partnership that works with the government as well as corporate sponsors, encourages online safety and best practices to protect high-value information online.
And what better time to raise awareness than on the heels of the Gmail/Hotmail/email phishing scam that compromised thousands of accounts. On Oct. 6, news broke that at least 10,000 Hotmail addresses and passwords had been leaked online. The next day, it was revealed that 20,000 addresses and passwords for email accounts from Hotmail, Gmail, Yahoo, AOL, Gmail, EarthLink and Comcast had also shown up on the Web.
Just barely into October, the news reinforces the theme of this year’s security awareness month, “Our Shared Responsibility,” in showing that we have to promote cybersecurity education and best practices to all users – down to the weakest links. Everyone on your network needs to understand the risks (and be aware of any warning signs) when online.
The need for that education was made clear by a statistical analysis of the 10,000 leaked Hotmail accounts, which showed that the top two most commonly used passwords were 123456 and 123456789.
With that in mind, here are some resources to guide you in continued online safety and security in your organization:
Small to medium-sized businesses are prime targets for cybercriminals because they often don’t have the resources to update their security programs. The National Cyber Security Alliance has some information on risk assessment and security plan implementation for SMBs to protect their brands, their customers and their employees.
Our recently published “10 must-have steps for an effective SMB information security program” highlights security information for small businesses from a soon-to-be-finalized guide from the National Institute of Standards and Technology. The guide includes information on steps to an effective information security program and common trouble spots to be cautious of, such as:
- Opening email attachments from unknown senders and responding to emails asking for sensitive information.
- Clicking on Web links in emails and instant messages.
- Clicking OK on pop-up windows and other hacker tricks.
The California Office of Information Security and Privacy Protection provides information and recommendations on data security – from online privacy tips (resources on bugs, hackers and more) to information protection practices for businesses.
Does the Red Flags Rule apply to your business? The Federal Trade Commission has provided some information on the fraud protection rule for businesses, including a how-to guide and a DIY template to help you identify red flags in advance and avoid data breaches.
Capital One and the National Cyber Security Alliance have come up with a top five list of cybersecurity tips for SMBs. Risk assessments and employee education were among the suggestions.
The National Association of State Chief Information Officers (NASCIO) has partnered with the Department of Homeland Security’s National Cybersecurity Division, the Multi-State Information Sharing and Analysis Center, and the National Cyber Security Alliance to promote cybersecurity awareness. Each organization has provided extensive awareness tools and resources, a list of which can be found on the NASCIO cyber security awareness page.
Good online security should be practiced 365 days a year – but take advantage of the added awareness this month to get your employees up to speed.