Each year, since 2008, January 28 marks Data Privacy Day in the United States. Coordinated by the National Cyber Security Alliance, the event is sponsored by vendors including Facebook, Microsoft, Google and MasterCard. Though it focuses largely on educating the public about how best to secure their online privacy and promoting safe practices, businesses, especially smaller ones, are also provided with a collection of useful resources.
The National Cyber Security Alliance has been performing studies with partners including Symantec and McAfee for a few years now, looking at security practices and risk among small businesses and users, primarily. If you’d like to see how your organization compares, you can download the PDFs of the study results. The findings have been used to inform the NCSA’s recommendations for protecting your business, which include guidance in the following steps:
According to NCSA’s studies, 77 percent of small businesses do not have a formal written Internet security policy for employees, and 59 percent say they do not require any multi-factor authentication for access to any of their networks, and only half say that all of their machines are completely wiped of data before disposal.
NCSA has collected information on threats from spam to phishing to viruses in a set of tips titled STOP. THINK. CONNECT., which could serve as the first iteration of a user security policy in some organizations. Example tip: “When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete or if appropriate, mark as junk email.”
Similarly, tips here start with the basics and include addresses to which specific threats can be officially reported for investigation.
Implement a Cybersecurity Plan is a collection of resources to aid businesses in creating or fine-tuning their strategic plans for cybersecurity prevention, resolution and restitution; sources include the FCC, NIST, the FBI and the U.S. Chamber of Commerce.
Protect Your Customers addresses creating an online relationship that establishes trust and prevents risking customers’ data. Participating in events such as Data Privacy Day is one example of demonstrating your organization’s trustworthiness and knowledge of best privacy practices.
Train Your Employees circles back to threat monitoring practices and includes a good list of training guides and materials from US-CERT, among others.