Organization Leaders and Employees Reminded That "Cybersecurity in the Workplace Is Everyone's Business" This National Cyber Security Awareness Month

WASHINGTON, Oct. 10, 2017 /PRNewswire/ -- In today's rapidly evolving technological landscape, it's critical for businesses and other organizations to be prepared for - and know how to respond to - cybersecurity incidents. Many organizations, however, have a lot of work to do when it comes to guarding against cyber threats. In MediaPro's second annual State of Privacy and Security Awareness survey of employees and the general public, for the second consecutive year, the average respondent was rated a security "novice" after being quizzed about security and privacy best practices. In the Week 2 of National Cyber Security Awareness Month (NCSAM) - a far-reaching online safety awareness and education initiative co-founded and led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) - NCSA is encouraging every workplace to create a culture of cybersecurity from the break room to the boardroom.

To further the cyber readiness of the nation's small and medium-sized businesses (SMBs), NCSA is announcing the launch of a new initiative, CyberSecure My Business. The project is a comprehensive, national program comprised of interactive training based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, webinars and web resources to help businesses be resistant to and resilient from cyberattacks. The first webinar takes place on Oct. 10 from 2 p.m. - 3 p. m. EDT and will address ransomware and phishing. Learn more and register for upcoming webinars.

"SMBs are critical to our economic and national security," said Michael Kaiser, NCSA's executive director. "NCSA is thrilled to introduce CyberSecure My Business to help organizations proactively protect their customers, employees and intellectual property - and by extension their reputations and success."

As the program's cornerstone, NCSA has translated the NIST Cybersecurity Framework into an introductory-level, in-person, highly interactive workshop. The workshop series - hosted in partnership with the Federal Trade Commission (FTC) with support from the Federal Bureau of Investigation and DHS in addition to occasional support from the Small Business Administration ? includes both in-person workshops and monthly webinars providing guidance on integrating cybersecurity practices. The sessions interpret the NIST Cybersecurity Framework into easy-to-understand language and incorporate content from federal and industry partners, including recent threat data.

"The NIST Cybersecurity Framework helps make cybersecurity immediately relevant to businesses by starting with a simple question for business owners and operators: What do you have to protect?" said Kaiser.

Take these steps outlined in the framework to better safeguard your organization against cyber threats:

    --  Identify: Conduct an inventory of your most valuable assets - the "crown
        jewels" of greatest importance to your business and of most value to
        criminals - such as employee, customer and payment data.
    --  Protect: Assess what protective measures you need in place to defend the
        organization as much as possible against a cyber incident.
    --  Detect: Have systems set up that would alert you if an incident occurs,
        including the ability for employees to report problems.
    --  Respond: Make and practice an incidence response plan to contain an
        attack and maintain business operations in the short term.
    --  Recover: Know what to do to return to normal business operations after
        an incident or breach, including assessing any legal obligations.

Check out the latest NCSAM infographic for simple cybersecurity tips your business can follow (download and share it on social media using the hashtag #CyberAware!).

Seventy percent of MediaPro's survey respondents showed at least some lack of security and privacy awareness. The study had several other notable findings:

    --  24 percent of employees surveyed took potentially risky actions when
        presented with scenarios related to organizational physical security,
        such as letting strangers in without identification.
    --  20 percent of employees showed a lack of awareness related to safe
        social media posting, choosing risky actions such as posting on their
        personal social media accounts about a yet-to-be-released product of
        their employer.
    --  19 percent of respondents chose to take risky actions related to working
        remotely, such as connecting their work computers to an unsecured public
        WiFi hotspot.
    --  12 percent of respondents failed to recognize commons signs of malware
        when presented with real-life examples, such as a sluggish computer or
        anti-virus software unexpectedly switching off.

"In the past, organizations may have implemented security awareness activities merely for compliance or behavior change, but now people are looking at ways to go beyond just behavior and make security part of the culture," said Lance Spitzner, director of SANS Security Awareness and a NCSA Board of Directors member. "Awareness programs are important because organizations are repeatedly seeing people as the primary targets for bad guys; cybersecurity is both a technical and human problem - and it requires a technical and human solution."

As technology advances, our critical infrastructure is increasingly run on digital networks to maximize efficiency and effectiveness. NCSAM Week 2 is kicking off with "Insights on Cybersecurity for Electric Utilities," an event hosted by the National Rural Electric Cooperative Association (NRECA) and supported by NCSA, DHS and the FTC. The event - taking place on Tuesday, Oct. 10 - will give members and others from the energy industry an opportunity to discuss their cybersecurity needs and issues and take part in an interactive cybersecurity workshop based on the NIST framework. The event will feature a keynote address by FTC Acting Chairman Maureen K. Ohlhausen and remarks from experts representing the NRECA, NCSA, DHS, the U.S. Department of Energy and more.

Top Business Concerns Include Ransomware, the Internet of Things and Bring Your Own Device (BYOD) Policies
As large-scale breaches continue to make headlines and businesses of all sizes fall victim to cyberattacks, organizations are more regularly thinking about the importance of cybersecurity. Ransomware - malware that accesses files, locks and encrypts them and then demands the victim to pay a ransom to get the files back - has been growing in prevalence and is a top concern for businesses, with threats such as WannaCry and the Petya attacks making the news in recent months. It's important for organizations to know how to protect their critical customer, employee and intellectual property data so that they can be prepared in the event of a ransomware attack. Learn more about this threat and how to protect your organization against it here.

Another area of concern for businesses is the growing Internet of Things (IoT) - in which increasing numbers of devices, including wearables, TVs, cameras, speakers and vehicles - are connecting to the internet and collecting, managing and/or using personal data. Cybercriminals have used unsecured IoT devices to take down massive numbers of websites at once, and other threats like IoT "as-a-service" breaches and attacks on connected city systems make it important for organizations to know how to secure their connected devices and networks. Businesses must work to keep their devices safer and more secure over time and build cybersecurity into their processes just as they value physical safety regulations in the workplace.

A third cybersecurity concern more and more businesses are facing is maintaining security in a BYOD workplace. Now more than ever, employees are using their personal smart devices - such as PCs and smartphones - for work purposes, which grows the potential number of vulnerabilities and makes cybersecurity in the workplace more complicated. It's important for organizations to consider where sensitive company, customer and/or employee data is being accessed, and implement awareness and education activities, plans and policies to encourage security best practices regardless of the device being used.

Be a Part of Something Big: Become a NCSAM Champion
One way you and/or your organization can participate in NCSAM is by becoming a NCSAM Champion. Champions represent those dedicated to promoting a safer, more secure and more trusted internet. Becoming a Champion is easy and does not require any financial support. There are already more than 870 organizations and nearly 320 individuals signed up to support the month. Champions receive a toolkit of online safety awareness and education materials they can use to support the month and updates leading up to and throughout October on resources, upcoming events and ways to get involved.

Upcoming NCSAM Events
NCSA and partners will host a number of events across the country up to and throughout NCSAM. Noteworthy upcoming events and initiatives include:

    --  Insights on Cybersecurity for Electric Utilities, Tuesday, Oct. 10,
        8:30-9:45 a.m. (EDT), National Rural Electric Cooperative Association
        (NRECA), 4301 Wilson Boulevard, Arlington, VA: This event - hosted by
        the NRECA in collaboration with NCSA and DHS - will highlight expert
        remarks on what is being done in cybersecurity by the electric sector to
        help ensure affordable, reliable and resilient electricity for the
        nation. The event will be livestreamed to the public here.
    --  CyberSecure My Business Webinar - Let's Talk About Ransomware and
        Phishing, Tuesday, Oct. 10, 2:00-3:00 p.m. EDT/11:00 a.m. - 12:00 p.m.
        PDT, Virtual/Online: Ransomware and phishing are on the minds of
        businesses owners from small to large companies. NCSA has brought
        together public and private-sector experts to help small and
        medium-sized businesses and nonprofits better understand how to combat
        these common attacks. Thank you to our Contributing Sponsor, MediaPro,
        and government partners the Federal Trade Commission and the National
        Institute of Standards and Technology!
    --  #SBAchat - Cybersecurity Tips for Small Businesses, Tuesday, Oct. 10,
        3:00-4:00 p.m. EDT/12:00-1:00 p.m. PDT, Virtual/Online: Join the U.S.
        Small Business Administration (@SBAgov) for a Twitter chat in honor of
        National Cyber Security Awareness Month. This chat will discuss how your
        organization can strengthen its cybersecurity. Use #SBAchat to join!
    --  #ChatSTC Twitter Chat: Cybersecurity in the Workplace Is Everyone's
        Business, Thursday, Oct. 12, 3:00-4:00 p.m. EDT/12:00-1:00 p.m. PDT,
        Virtual/Online: Whatever your place of business, creating a culture of
        cybersecurity is an essential shared responsibility among leadership and
        all employees. Every organization needs a plan for employee education,
        training and awareness that emphasizes risk management, resistance and
        resilience. This Twitter chat will showcase how all businesses can
        protect themselves, their employees and their customers against the most
        common cyber threats and strengthen their cyber resilience. Use #ChatSTC
        to join!
    --  Future of Authentication Policy Forum, Friday, Oct. 13, 10:00 a.m. -
        2:30 p.m. (EDT), Civiletti Conference Center - Venable LLP, 600
        Massachusetts Avenue NW, Washington, D.C.: The FIDO Alliance, NCSA and
        the Electronic Transactions Association are pleased to host this Future
        of Authentication Policy Forum to discuss the critical importance of
        strong, multi-factor authentication.
    --  Free Computer Workshop - How to Protect Yourself From Ransomware,
        Saturday, Oct. 14, 11:00 a.m. - 12:30 p.m. (EDT), 184 Phelps Street,
        Painesville, OH: TERKK's Computer Services LLC has partnered with Morley
        Library to offer a free community workshop to enhance your technical
    --  DC CyberWeek, Monday, Oct. 16 - Friday, Oct. 20, Washington, D.C.
        (multiple locations): DC CyberWeek is a weeklong SXSW-style festival in
        our nation's capital bringing together leaders, experts and decision
        makers from the government and tech communities. The festival features
        dozens of community events complemented by core conferences and parties
        created by the festival organizer, CyberScoop. DC CyberWeek is about big
        ideas and coming together to make an impact on the greater good of our
        connected world.
    --  Cyber Security & Technology Conference, Wednesday, Oct. 18, 9:00 a.m. -
        5:00 p.m. (EDT), 903 Manchester Street, Suite 190, Lexington, KY:
        Business leaders, professionals and thought leaders will convene in
        Lexington for a one-day interactive conference hosted by Integrity IT.
        The event will explore the latest in the field of information technology
        and the newest cyber crime prevention methods. Through presentations,
        discussions and technology spotlights, you will develop and build
        long-term actionable strategies designed to help improve your security
        posture. You will leave with solutions to implement the very next day.
    --  Cyber Security Chicago, Wednesday, Oct. 18 - Thursday, Oct. 19, 2301 S.
        King Drive, Chicago, IL: Cyber Security Chicago offers invaluable
        security insight for both IT managers and security decision makers. Hear
        from industry experts about how you can build stronger defenses against
        cyber attacks and how to recover if your systems are breached.
    --  SecureWorld Dallas, Wednesday, Oct. 18 - Thursday, Oct. 19, 2000 East
        Spring Creek Parkway, Plano, TX: Join your fellow security professionals
        for affordable, high-quality cybersecurity training and education.
        Attend featured keynote presentations, panel discussions and breakout
        sessions - all while networking with local peers. Earn 6-12 CPE credits
        through educational elements, learning from nationally recognized
        industry leaders. Visit the expo hall and discover the latest
        technologies from security solutions providers. Use a NCSA promo code at
        registration to get a discount on your pass.
    --  #ChatSTC Twitter Chat: Today's Predictions for Tomorrow's Internet,
        Thursday, Oct. 19, 3:00 - 4:00 p.m. EDT/12:00-1:00 p.m. PDT,
        Virtual/Online: Smart cities, connected healthcare devices, digitized
        records and smart cars and homes have become our new reality. Always-on
        technology, while it makes our lives more convenient and unlocks
        potential for the future, is fueled by our personal information, which
        presents security and privacy concerns for both consumers and
        businesses. This Twitter chat - coinciding with Week 3 of National Cyber
        Security Awareness Month - will highlight the growing Internet of Things
        and discuss how to use cutting-edge technology in safer and more secure
        ways. Use #ChatSTC to join!
    --  Higher Ed Cyber Security Challenge Presented by Symantec, Thursday, Oct.
        19 - Friday, Oct. 20, Virtual: Does your school have the best
        cybersecurity team in higher education? Register your cyber team to
        compete in Symantec's first-ever nationwide Higher Ed Cyber Security
        Competition. The competition will help higher education cybersecurity
        leaders understand the vulnerabilities of today's global threat
        landscape, gain critical security intelligence and put their skills to
        the test in a high-pressure environment.
    --  Can the Internet of Insecure Things Be Saved? Thursday, Oct. 19, 1:00-
        2:00 p.m. (EDT) Adoption of enterprise IoT is accelerating quickly from
        manufacturing to transportation and utilities to healthcare as it
        provides a plethora of insight to strengthen machine learning and help
        humans do their jobs better and more efficiently. However, the
        innovation and proliferation of connected devices provides expanded
        vulnerabilities and a lucrative market for cybercriminals. What are
        these vulnerabilities and what big idea solutions are in the works to
        address these IoT threats? Hosted by RSAC and NCSA, experts will debate
        these issues and more during a webcast in honor of National Cyber
        Security Awareness Month.
    --  Free Computer Workshop - Six Steps to Better Security, Saturday, Oct.
        21, 11:00 a.m. - 12:30 p.m. (EDT), 184 Phelps Street, Painesville, OH:
        TERKK's Computer Services LLC, has partnered with Morley Library to
        offer a free community workshop to enhance your technical skills.
    --  SecureWorld Cincinnati, Tuesday, Oct. 24, 8:00 a.m. - 3:45 p.m. (EDT),
        11355 Chester Road, Cincinnati, OH: Join your fellow security
        professionals for affordable, high-quality cybersecurity training and
        education. Attend featured keynote presentations, panel discussions and
        breakout sessions - all while networking with local peers. Earn 6-12 CPE
        credits through educational elements, learning from nationally
        recognized industry leaders. Visit the expo hall and discover the latest
        technologies from security solutions providers. Use a NCSA promo code at
        registration to get a discount on your pass.
    --  CyberNextDC: Privacy. Partnerships. Protection. Wednesday, Oct. 25, 7:30
        a.m. - 6:00 p.m. (EDT), 600 Massachusetts Avenue NW, 9th Floor,
        Washington, D.C.: In honor of NCSAM, the Coalition for Cybersecurity
        Policy & Law, the Cyber Threat Alliance and The National Security
        Institute at the George Mason University Antonin Scalia School of Law
        will host this inaugural policy day in Washington. This daylong event
        will feature prominent members of the cybersecurity community as well as
        congressional and administration leadership who are actively engaged in
        cybersecurity policy issues. The event will also feature top
        policymakers, leading industry practitioners and other experts
        discussing the current state of cybersecurity, fostering critical
        discussions among participants and identifying forward thinking
        approaches to improve cybersecurity.

Learn more about upcoming NCSAM events (and submit your own events to NCSA's events calendar) at

Helpful Resources from NCSA and Partners

    --  NCSA
        --  CyberSecure My Business
        --  NCSA and NACD Tip Sheet: Communicating with the Board about
            Cybersecurity - Making the Business Case
        --  NCSAM Infographic - Cybersecurity in the Workplace Is Everyone's
        --  Ransomware Facts & Tips
    --  DHS
        --  DHS' Stop.Think.Connect. Toolkit: The Stop.Think.Connect. Toolkit
            provides numerous materials on how small businesses and industry can
            protect themselves from cyber attacks. These include tip cards for
            phishing, insider threats, identity theft and internet scams.
        --  DHS' Critical Infrastructure Cyber Community Voluntary Program
            (C(3)VP): C(3)VP encourages use of the National Institute of
            Standards and Technology (NIST) Cybersecurity Framework to manage
            cyber risks and strengthen critical infrastructure cybersecurity
            through resources like the Small and Mid-Sized Businesses toolkit.
        --  DHS' Federal Virtual Training Environment or FedVTE is a free,
            online, on-demand cybersecurity training system for federal, state,
            local, tribal and territorial government personnel. The FedVTE
            Training Catalog consists of various cybersecurity courses, ranging
            from beginner to expert. Share this information with any government
            employees or veterans you know!
        --  The National Initiative for Cyber Careers & Studies (NICCS): NICCS
            was created by DHS as a key public resource for cybersecurity
            careers and training. The Training Catalog contains over 3,000
            courses with more being added every day! Additionally, the NICCS
            website includes key resources for employers looking to build out
            their cybersecurity teams and job seekers pursuing positions within
            cybersecurity. These include The National Cybersecurity Workforce
            Framework and The Cybersecurity Workforce Development Toolkit.
    --  The Better Business Bureau found that only half of small businesses
        could remain profitable for even two months if they lost essential data.
        This is a significant finding in the 2017 "State of Cybersecurity Among
        Small Businesses in North America" report that will be released on
        Thursday. The full report focuses on the effectiveness of cybersecurity
        best practices, standards, and frameworks. It also addresses how to make
        cost effective cybersecurity investment decisions. To receive a copy of
        the report when it is released, send an email to
    --  ESET's Security Awareness Training: ESET's Cybersecurity Awareness
        Training is a free on-demand training program that allows businesses to
        get their employees the cyber-smarts they need, while also meeting
        compliance. This training is a must for SMB's that want to make sure
        their employees become more cyber aware, and are equipped with the
        knowledge to defend your network.
    --  FTC
        --  Start With Security: A Guide for Business: The FTC's 50+ data
            security settlements offer guidance for businesses on how to keep
            sensitive information safer. "Start with Security" synthesizes those
            cases into 10 practical lessons adaptable to companies of any size
            and in any sector.
        --  Protecting Personal Information: A Guide for Business: Most
            companies keep sensitive personal information in their files. If
            this information falls into the wrong hands, it can lead to fraud or
            identity theft. The principles in this brochure can help a business
            keep data secure.
        --  Data Breach Response: A Guide for Business: You just learned that
            your business experienced a data breach. Find out what steps to take
            and who to contact if personal information is exposed.
    --  Logical Operations
        --  CyberSAFE Readiness Test: End-users play a critical role in
            protecting their organization's data, but they are often the weakest
            link in the security chain due to lack of awareness of potential
            threats. The CyberSAFE Readiness Test is a complimentary tool that
            can be used to measure the extent to which employees can recognize
            and avoid common cyber threats like phishing, malware and non-secure
        --  CFR Readiness Test: Comprised of 20 questions, the CyberSec First
            Responder (exam CFR-210) Readiness Assessment is a complimentary
            tool to help you evaluate your current level of expertise as a
            cybersecurity professional, and give you a sense of the skills and
            knowledge you'll acquire from the CyberSec First Responder (exam
            CFR-210) training.
    --  MediaPro NCSAM 2017 Toolkits: Once per week in October, MediaPro will
        send those who opt in a free bundle of security awareness resources
        aligned with NCSAM weekly themes. Each toolkit includes an assortment of
        employee-facing educational resources and security program management
        content to help you create a risk-aware workforce.
    --  Microsoft Store Events: Cybersecurity attacks are on the rise and
        Microsoft Store is committed to supporting all consumers, small
        businesses and entrepreneurs to understand how to stay safe from
        cyberattacks. Protect yourself or your small business by taking
        advantage of special events, workshops and resources at your local
        Microsoft Store and during National Cyber Security
        Awareness Month, including:
        --  Office Hours for Business, partner-led presentations and a new
            "Cybersecurity for your Business" workshop where you can learn about
            common security risks and how to stay safe with Microsoft products
            and services.
        --  New cybersecurity risk assessment tool to help assess cyberthreats,
            estimate potential costs and learn about countermeasures for each

All month long, you can follow the NCSAM conversation on social media using the hashtag #CyberAware (and tag your own posts with #CyberAware, too!). Additionally, @STOPTHNKCONNECT will host weekly Twitter chats in support of NCSAM to discuss different topics and trends in cybersecurity. Tune in for hour-long chats Oct. 12, 19 and 26 and Nov. 1 at 3 p.m. EDT/noon PDT; visit the STOP. THINK. CONNECT.(TM) website for the full chat schedule. NCSA has created sample social media posts, infographics, posters, memes and more that you can download and share, and that encourages organizations and individuals to show their support for NCSAM and get the latest resources by registering as NCSAM Champions. Finally, check out the Stay Safe Online blog for NCSAM posts from NCSA and partners during the month of October.

About National Cyber Security Awareness Month
National Cyber Security Awareness Month (NCSAM) was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. Now in its 14th year, NCSAM was co-founded and is co-led by the Department of Homeland Security and the National Cyber Security Alliance, the nation's leading nonprofit public-private partnership promoting the safe and secure use of the internet and digital privacy. Recognized annually in October, NCSAM involves the participation of a multitude of industry leaders ? mobilizing individuals, small and medium-sized businesses, nonprofits, academia, multinational corporations and governments. Encouraging digital citizens around the globe to STOP. THINK. CONNECT.(TM), NCSAM is harnessing the collective impact of its programs and resources to increase awareness about today's ever-evolving cybersecurity landscape. Visit the NCSA media room for more information and resources.

About the National Cyber Security Alliance
The National Cyber Security Alliance (NCSA) is the nation's leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA's primary partners are the U.S. Department of Homeland Security (DHS) and NCSA's Board of Directors, which includes representatives from ADP; Aetna; AT&T Services Inc.; Bank of America; Barclays; CDK Global, LLC; Cisco; Comcast Corporation; ESET North America; Google; Facebook; LifeLock, Inc.; Logical Operations; NXP Semiconductors; RSA, the Security Division of EMC; Symantec Corporation; Intel Corporation; MasterCard; Microsoft Corporation; PayPal; Raytheon; PKWARE; Salesforce; SANS Security Awareness; TeleSign; Visa and Wells Fargo. NCSA's core efforts include National Cyber Security Awareness Month (October); Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT.(TM), the global online safety awareness and education campaign co-founded by NCSA and the Anti Phishing Working Group, with federal government leadership from DHS. For more information on NCSA, please visit

STOP. THINK. CONNECT.(TM) is the global cybersecurity education and awareness campaign. The campaign was created by an unprecedented coalition of private companies, nonprofits and government organizations with leadership provided by NCSA and the Anti-Phishing Working Group. DHS leads the federal engagement in the campaign. Learn how to get involved at

View original content with multimedia:

SOURCE National Cyber Security Alliance