How to Make the DHS Cybersecurity Initiative Make Sense for Your Business
Cybersecurity is a growing concern for individuals and businesses alike, so much so that federal agencies have taken strides to help make the nation more cyber aware. As part of that effort, the Department of Homeland Security (DHS) has developed a coordinated cybersecurity initiative targeted to various demographics, providing them with educational resources, insights, and tools. For the small to midsize business (SMB) owner, there are three programs worth your while: the Stop.Think.Connect. Campaign, the NIST Cybersecurity Framework, and the Critical Infrastructure Cyber Community (or C3, pronounced “C Cubed”) Voluntary Program. Here, we’ll discuss each one and ways you can incorporate them into your existing cybersecurity program.
The Stop.Think.Connect. Campaign is an unprecedented effort among state and federal governments, non-profit organizations, and industry organizations that encourages the safe use of the Internet. Its primary objectives are to increase and reinforce awareness, increase the number of organizations engaged in providing education, and change the perception of cybersecurity to one of a shared responsibility. The simple steps businesses can immediately implement to become more diligent in recognizing and reducing their risks of cyber threats is identified in the campaign’s name:
- Stop—Before you or your personnel use the Internet, take time to understand the risks and learn how to spot potential problems.
- Think—Take a moment to be certain the path ahead is clear. Consider how your actions online could impact your business.
- Connect—Enjoy the Internet with greater confidence, knowing you and your staff have taken the right steps to safeguard yourselves and your computers.
The Campaign makes available downloadable resources to help your organization adopt safe online behaviors, including tip cards and planning guides. For example, a rollout package complete with talking points, sample articles, and a timeline can be downloaded to ease the implementation company-wide. For more information on how to implement or update your Internet use policies and cybersecurity plans, contact us today.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a set of standards and best practice guidelines designed to help organizations manage and reduce their cybersecurity risks. Originally, those organizations defined as critical to maintaining our national infrastructure—energy and water utilities, transportation, financial services, communications, healthcare and public health, food and agriculture, chemical and other facilities, key manufacturers, dams, emergency services—were the primary audiences for these guidelines. However, the Cybersecurity Framework Core (CSF Core) has five functional areas any business can use to better assess their risks, plan for threats, and react to and recover from cyber-attacks.
- Identify—The identify section of the CSF Core encourages organizations to focus on their assets, business environment, governance, risk assessment, and risk management strategy to recognize how these areas are defined, cataloged, communicated, and mapped to various internal and external roles.
- Protect—The protect section of the CSF Core suggests organizations implement practices that control who has access to critical information, strengthen data security, and ensure maintenance and repairs to the systems are performed on a regular basis. These practices can be administered through policies and training programs.
- Detect—The detect section of the CSF Core urges organizations to continuously monitor their systems so that anomalous activity is detected early. Additionally, organizations should test their detection practices regularly to ensure they comply with company standards.
- Respond—The respond section of the CSF Core advises organizations to have response measures in place that include knowing who is responsible for what, coordinating internal and external communications, taking measures to prevent the incident from expanding, and analyzing efforts for areas of improvement.
- Recover—The recover section of the CSF Core recommends organizations have recovery processes in place to ensure the timely restoration of systems and assets affected by cybersecurity events. Organizations should also include communications plans in their recovery efforts, as well as analysis for improvement.
Need help working through the Cybersecurity Framework Core functional areas? We offer a variety of services to assist you with your risk assessments; training of personnel; detection, penetration, and reporting practices; and plan testing, along with providing an online portal for you to store critical information accessible anywhere 24/7. Visit www.preparis.com/cybersecurity to learn more.
C3 Voluntary Program
The Critical Infrastructure Cyber Community Voluntary Program was developed by the DHS to support and promote the use of the NIST Cybersecurity Framework within all businesses, not just the ones critical to the nation’s infrastructure. Small to midsize businesses can access the C3 Voluntary Program SMB Toolkit to help them understand and address the cyber threats their businesses may encounter. These resources include:
- Begin the Conversation: Understanding the Threat Environment—Use this guide to get a handle on cybersecurity concepts before evaluating your program.
- Getting Started: Top Resources for SMB—This list identifies several resources to get you started on strengthening your cyber risk management.
- Cybersecurity for Startups—It’s never too early to begin your cybersecurity program. This document helps those whose companies are just getting off the ground.
- C3 Voluntary Program Outreach and Messaging Kit—This kit provides a complete overview of the program.
- SMB Leadership Agenda—CEOs can use this guide to have an informed conversation with the rest of their company’s leadership team.
- Hands-On Resource Guide—Use this guide to connect with DHS cybersecurity partners.
In addition to the toolkit, SMBs have access to training, a cybersecurity planning guide, whitepapers and other researched documents, and listings to government partners in your state.
Cybersecurity is our shared responsibility. As such, it is imperative we do all that we can to ensure we protect ourselves, our families, our businesses, and each other from cyber criminals. To learn more ways to protect your critical information, clients, employees, and brand, register for our Cybersecurity & Disaster Recovery webinar on Thursday, October 22nd, at 2pm EDT to join Preparis CEO Armistead Whitney and information technology expert Mark McKinney as they discuss key things you should be doing to mitigate risks. For more information on building and maintaining a culture of preparedness within your organization, visit www.preparis.com or contact us at firstname.lastname@example.org.