October 10, 2017

The Internet is the new storefront for many businesses in America. As companies large and small embrace the advantages of doing business online, they also experience increased risk of cyber attacks and data breaches.

An organization could experience significant financial losses, damage to its reputation, and severe interruptions to its operations from a cyber incident, which is why all businesses – including large corporations, small businesses, and startups – need to ensure their sensitive data and networks are secure.

As recent major cyber incidents have shown, cyber criminals often gain access to systems and information by exploiting human error, such as clicking on malicious links, creating weak passwords, and failing to install software patches. That’s why every individual in an organization – from the custodian to the CEO, and the intern to the administrative assistant – has a role in cybersecurity.

As part of National Cyber Security Awareness Month 2017, the Department of Homeland Security (DHS) encourages businesses of all sizes to strengthen their cybersecurity defenses. Even simple behaviors can make a huge difference in the overall security of an organization.

Here are some online safety habits any employee – regardless of their role – can practice daily:

• Use strong passwords and change them regularly.
• Keep your usernames, passwords, or other computer/website access codes private.
• Only open emails and attachments from people you know.
• Do NOT install or connect any personal software or hardware to your organization’s network without permission from the IT department.
• Make electronic and physical backups or copies of all your important work.
• When you work from home, secure your Internet connection by using a firewall, encrypting information, and hiding your Wi-Fi network.

DHS, the agency most responsible for domestic security, understands the importance of prioritizing cybersecurity awareness and training for our workforce. A good example is DHS’s Transportation Security Administration (TSA), which trains new employees in cybersecurity from the minute they walk through the door.

“At TSA, we face the same cybersecurity threats that businesses fact, like phishing and social engineering,” said Peter Sindt, Section Chief, Cyber Security Awareness and Outreach, TSA. “That’s why we are constantly reinforcing cybersecurity awareness and best practices.”

TSA uses a combination of video and classroom training, phishing exercises, and even a cybersecurity-focused app to train their employees on the latest cybersecurity threats. Their newest initiative is a cybersecurity ambassador program, in which employees in non-IT fields serve as ambassadors to help raise cybersecurity awareness among their coworkers.

To improve the cyber resiliency of your organization, leverage the C³ Voluntary Program Small and Midsize Business (SMB) Toolkit, which provides resources specifically designed to help small and medium sized businesses evaluate and minimize their vulnerability to cybersecurity risks. You can also take advantage of the NICE Cybersecurity Workforce Framework, which helps employers hire the most qualified cybersecurity professionals by providing a standard set of terms, tasks, and skill to define cybersecurity work.

For more information about protecting your organization from cyber threats, please visit www.dhs.gov/ncsam or www.dhs.gov/StopThinkConnect.