NCSAM 2018 Week 3
It’s Everyone’s Job to Ensure Online Safety at Work
Today all workplaces face the growing risk of cyberattacks. No matter where you are employed – whether it’s at corporate headquarters, a downtown restaurant, hospital, government agency or school ‒ online safety and security are a responsibility we all share. According to the U.S. Small Business Administration, there are more than 30 million small businesses nationwide. These organizations have a big impact on America’s economy through job creation and employment.
Regardless of a business’s size, it is critical to take measures to help prevent attacks and have a set plan ready to go if one does occur. Across the board, NCSA recommends a top-down approach to creating a culture of cybersecurity in the workplace. The following steps ‒ developed by NIST ‒ will help tremendously as you formulate a plan to keep your business cybersecure:
- Identify your digital “crown jewels:”: Crown jewels are the data without which your business would have difficulty operating and/or the information that could be a high-value target for cybercriminals.
- Protect your assets: Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions.
- Be able to detect incidents: We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the more quickly you know about an incident, the more quickly you can mitigate the impact and get back to normal operations..
- Have a plan for responding: Having a recovery plan created before an attack occurs is critical. Make and practice an incident response plan to contain an attack or incident and maintain business operations in the short term.
- Quickly recover normal operations: The goal of recovery is to move from the immediate aftermath of a cyber incident to full restoration of normal systems and operations. Like the response step, recovery requires planning. Recovery is not just about fixing the causes and preventing the recurrence of a single incident. It’s about building out your cybersecurity posture across the whole organization (not just the IT person or group), including increasing the focus on planning for potential future events.
Learn more in the Week 3 infographic, It’s Everyone’s Job to Ensure Online Safety at Work.