Happy Friday, Federal friends! Can anyone else believe next week is Halloween? Feels like only yesterday I was talking about the start of the MLB season and now we're through 2 games of the World Series...
So this week is the 4th week of National Cybersecurity Awareness Month. To me this is one of the more important weeks as the campaign centers around Cybersecurity for Small/Medium sized businesses and Entrepreneurs. The important focus of the week is to enable all those start-ups, "mom & pop" shops and medium-sized businesses who think they might not be a target for the attackers out in the wild. As I talked about a few times previously these businesses are a core component, and potentially the weakest component, of your networks. These organizations tend to serve larger companies/organizations in a variety of ways and typically have some form of network access. While the Federal Government is fairly self-reliant there are still a vast number of small companies applying their services to a variety of institutions. Everything from small contracting shops to catering companies, and even Chinese Take-out menu sites, may or may not have access to your network in some form or another. Which makes it crucial that these businesses are up to speed on the risks they pose to their own network as well as yours. For DHS to focus an entire week to better educating and enabling these smaller players speaks volumes to me. The threats are real and while DHS is working to reach a broader audience through this campaign, it's up to us to voice concerns regarding risk, as well as basic cyber-hygiene, to our smaller partners out there.
As part of this week's effort DHS has posted some tips, and links to some helpful sites, for the SMB/Entrepreneur space. Take a look at the below lists and forward them off to anyone this may benefit. The reality is that by enabling a larger audience, even outside the direct scope of your network, we'll all be better off.
6 Tips to Making your Network more Secure:
- Use and regularly update anti-virus and anti-spyware software on all computers; automate patch deployments across your organization to protect against vulnerabilities.
- Secure your Internet connection by using a firewall, encrypting information and hiding your Wi-Fi network.
- Establish security practices and policies to protect sensitive information; educate employees about cyber threats and how to protect your organization’s data and hold them accountable to the Internet security policies and procedures.
- Require that employees use strong passwords and regularly change them.
- Invest in data loss protection software for your network and use encryption technologies to protect data in transit.
- Protect all pages on your public-facing websites, not just the checkout and sign-up pages.
Additional Resources for Businesses:
- The Federal Small Biz Cyber Planner, a tool for businesses to create custom cybersecurity plans.
- Cybersecurity for Small Business is training course that covers the basics of cybersecurity and information security.
- Stay Safe Online offers a guide that explains how to implement a cybersecurity plan.
- The US Small Business Association’s cyber course provides an introduction to securing information in a small business.
- For a list of free botnet detection and remediation resources visit the Keep Machines Clean information page
As I mentioned last week, we here at Rapid7 are doing our part in pursuing changes for DCMA and CFAA reform. By enabling the experts in the Cybersecurity/InfoSec community to do their research without fear of prosecution we can better understand the vulnerabilities, and threat vectors, malicious actors are using and exploiting. The current mantra we hear all the time is that we, in the Cybersecurity/InfoSec Community, will always be a step behind the threat actors. Well it's time to grant the research experts the ability to dig in deeper, so we can ultimately change this mindset and start gaining ground on the bad actors. Please visit our and sign the petition on Change.org and support this cause.
HD Moore has posted and open letter asking for organizations, not just individuals, to support these efforts as well. You can read his post here, and please forward this, as well as the Change.org petition, along to as many of your cybersecurity contacts as well. We are also hosting a Webinar next week on being able to talk about cybersecurity with C-Level and Board Members. If interested you can sign up here.
Now for some additional inspiration, here's a Stallone gif.