***Article published in the Colorado Springs Business Journal Friday, February 19, 2016***
Written by Jonathan A. Liebert, CEO/Executive Director of Better Business Bureau of Southern Colorado
In our digital age where there is more and more technology that can improve our lives, increase productivity and make it easier to access data, there is also an increased risk for criminals to use this information for financial gain. The estimated cost of cybercrime is around $114 billion annually and when huge organizations like Apple or Amazon are breached, this makes national news. But what happens when small and medium size business are hit by cybercrime? These companies rarely get mentioned in the news or media but that does not mean that they are immune to these exploits. In a study done by Verizon Communications’ forensic analyst unit, they estimated that nearly 72 percent of data breaches were at companies with less than 100 employees and anticipate that the trend of targeting small and medium business (SMB’s) will only increase. SMB’s will only continue to increase the interest of cybercriminals because they are typically easy targets due to the fact that they lack the expertise, time and budget to ensure that they have a security solution that is effective for their businesses.
As the term “cyber security” continues to become used more in everyday conversations, local businesses in Colorado Springs should build their awareness and knowledge of this growing industry. Last month Governor Hickenlooper announced plans to open a National Cyber Security Intelligence Center here in Colorado Springs, which will not only help our economy but will also continue to build awareness of the importance of cyber security.
Cyber security for your business is not only about adding layers of security technology but is also about understanding and managing your cyber security risks. Recently, the Better Business Bureau has created a training program through a collaboration with the National Cyber Security Alliance (NCSA)*. The 5-Step Approach to Better Business Cybersecurity is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This represents an approach that applies to the specifics of your business, helping you understand how best to identify and protect your business’ vital data and technology assets, and how to detect, respond to and recover from a cybersecurity incident. The goal of this approach is to empower SMB owners to begin to assess what business assets need to be protected from cyber attacks and encourage them to make their businesses more resistant when they experience an attack as well as how to respond if one is experienced.
Below is The 5-Step Approach which follows guidance from the “Framework for Improving Critical Infrastructure Cybersecurity” Version 1.0, National Institute of Standards and Technology, February 12, 2014.
Step 1: Identify
Take inventory of key technologies you use and know what information you need to rebuild your infrastructure from scratch. Inventory the key data you use and store and keep track of likely threats.
Step 2: Protect
Assess what protective measures you need to have in place to be as prepared as possible for a cyber incident. Put protective policies in place for technologies, data and users, and ensure that your contracts with cloud and other technology service providers include the same protections.
Step 3: Detect
Put measures in place to alert you of current or imminent threats to system integrity, or loss or compromise of data. Train your users to identify and speedily report incidents.
Step 4: Respond
Make and practice an Incidence Response Plan to contain an attack or incident and maintain business operations in the short term.
Step 5: Recover
Know what to do to return to normal business operations after an incident. Protect sensitive data and your business reputation over the long term.
This month the White House launched its Cyber Security National Action Plan and BBB will be one of the private sector supporters. With plans to invest over $19 billion for cybersecurity, this will be part of the President’s Fiscal Year (FY) 2017 Budget. This represents a more than 35 percent increase from FY 2016 in overall Federal resources for cybersecurity and represents a huge investment for the industry.
BBB Cybersecurity is a business education resource created to provide SMBs with valuable tools, tips, and content to help them manage cyber risks and learn about cybersecurity best practices in the modern business environment.
*About The National Cyber Security Alliance
The National Cyber Security Alliance (NCSA) is the nation's leading nonprofit public-private partnership promoting the safe and secure use of the Internet and digital privacy. NCSA leads initiatives for STOP. THINK. CONNECT., Data Privacy Day, and National Cyber Security Awareness Month. For more information on NCSA, please visit staysafeonline.org/about-us/overview/