The three B’s of cybersecurity for small businesses

(Courtesy of Jacksonville Business Journal)

Large-scale cyberattacks with eye-watering statistics, like the breach of a billion Yahoo accounts in 2016, grab most of the headlines. But what often gets lost in the noise is how often small and medium-sized organizations find themselves under attack.

In the last year, half of American small businesses have been breached by hackers. That includes Meridian Health in Muncie, Indiana, where 1,200 workers’ W-2 forms were stolen when an employee was duped by an email purporting to come from a top company executive. Many small companies are just one fraudulent wire transfer away from going out of business.

There’s lots of advice available about how to fight cybercrime, but it’s hard to tell what’s best. I am a scholar of how businesses can more effectively mitigate cyber risk, and my advice is to know the three “B’s” of cybersecurity: Be aware, be organized and be proactive.

Here’s how more companies can boost their cybersecurity preparedness without breaking the bank.

Be aware

The best defenses against these types of attacks involve skepticism and vigilance. Attackers can be very clever and persistent: If just one person has one weak moment and clicks on one malicious link, an entire network can be compromised.

Most companies go to great lengths to protect their physical assets and personnel. But many do not take similar precautions with their digital information. A key computer may be kept disconnected from the internet, but if it accepts flash drives or rewriteable CDs, or if its password is easy to guess, the information is just as vulnerable.

Small business owners need to prioritize cybersecurity. Without proper preparation, even large companies can find themselves unprepared for cyberattacks. When Sony was hacked in 2011, it did not have an executive focused solely on information security. But hiring someone did not prevent another hack in 2014.

Be proactive

Planning ahead is vital, instead of just being reactive. The National Institute for Standards and Technology Cybersecurity Framework lists five main functions of cybersecurity efforts: Identify vulnerabilities, protect against attacks, detect anyone who gets through, respond to the attack quickly and recover after the attack has been stopped.

Some companies are already receiving advice that following the NIST guidelines can reduce legal liability if cybersecurity problems arise or are discovered. Companies can also work with colleges and universities to create cybersecurity clinics, or even consider buying cyber risk insurance.

There’s no way to avoid being the target of a cyberattack, but that doesn’t mean becoming a victim. Simple steps can have huge results: The Australian government reported resisting 85 percent of cyberattacks by taking three basic steps: restricting which programs can run on government computers, keeping software updated regularly and minimizing the number of people who have administrative control over networks and key machines.

Cybersecurity doesn’t have to be rocket science; it’s just computer science.

Work Wanted: Cybersecurity jobs a priority for government

cyber-security

(Courtesy of The Florida Times Union)

On July 12, the federal government issued a four-part workforce strategy that would allow cybersecurity professionals to perform a “tour of duty” in the public sector as part of their career plan.

The White House plans to streamline guidelines that would allow it to hire private sector security experts more quickly. It will also create a “cybersecurity cadre” within the Presidential Management Fellows program, a leadership development program for advanced degree candidates.

The Office of Personnel Management will also build cybersecurity career paths for current information security professionals working in government, including credentialing programs, rotational assignments, and efforts to make them subject matter experts in their field.

The federal government plans to hire 3,500 more IT security professionals before the year ends, in addition to the 3,000 hired in the first half of the current fiscal year. The strategy sets aside $62 million in the 2017 budget to expand cybersecurity education across the country in agencies like the IRS, which requested funding for 400 new IT professionals last year. That money would fund competitive scholarships or grants to hire or retain professors, adopt a cybersecurity core curriculum and strengthen existing education programs.

The National Science Foundation funds the CyberCorps Scholarship for Service, a program designed to grow and strengthen the cadre of federal information professionals that protect the government’s information infrastructure. According to the program’s website, it provides scholarships for full-time students while attending a participating institution, including tuition and fees.

To be eligible for scholarships, applicants must be a full-time student pursuing a bachelor’s or master’s degree in a formal program focused on cyber security at an approved institution, or be a research-based doctoral student. (Florida State is the only approved university in our state.) Applicants must also be a citizen or a lawful permanent resident of the United States.

In return for the scholarship, students must work in cybersecurity for a local, state or federal government office for a period equal to your scholarship grant. One academic year or less would require one calendar year of employment, for example. Many of the jobs would be in Washington, D.C., but participants must be willing to relocate. If you leave your job before the end of your term of service, you’d be required to pay back some of the grant funding.

Salaries will vary according to participant qualifications, but in general, new graduates would be appointed at the GS-7 level. Master’s degree recipients may be appointed at the GS-9 level, and those with doctorate degrees may be appointed at the GS-11 level.

Information security is one of the most critical needs of any government, so if you’ve considered the idea in the past, this may be the time to investigate a government career. You can find more about the program at sfs.opm.gov.

Candace Moody is vice president of communications for CareerSource Northeast Florida. Her column appears every Wednesday in the Times-Union, and she can be reached at cmoody@careersourcenefl.com.

Cyber Security Training Starts May 9

Military Veterans and Spouses May Qualify for Scholarships

Network+ Fundamentals of Cybersecurity
With a large majority of cybersecurity breaches currently arising from attacks via social engineering and other people-centered applications, knowing the “nuts and bolts” of network operations and security is no longer enough to qualify as a superior candidate for many job openings.

This 2-part certificate program provides job-relevant skills required by employers.
Course Start: Monday, May 9
Course End: Friday, August 26
Course Duration: 16 Weeks
Tuition: $2,400 Full scholarships available for military, prior military, dependents, and military spouses

CompTIA Network+
This component offers an introduction to computer networking, including wide area networks (WANs), local area networks (LANs) and the protocols used to coordinate and control communications.

The module will provide the students with the body of knowledge required to pass the Network+ exam from CompTIA. Students will receive one exam voucher. Fifty percent of all course time will be devoted to CompTIA Network+.

Introduction to Cybersecurity
This component offers an introduction to four key topic areas and skillsets essential to current cyber security operations. Fifty percent of all course time will be devoted to these cyber security topics:

  • Analytics and Critical Thinking: This topic teaches biases to students to improve awareness of our weaknesses. It also teaches simple, structured methods to mitigate and overcome those biases, improving their critical thinking and reducing cognitive errors.
  • Communications, Personality Assessment and Leadership for Information Technology:  provides students with best practices in communication, personality assessment and leadership to boost effectiveness in team dynamics. This module will also feature a two-day, in-person communications workshop.
  • Global Perspectives on Cybercrime and Cyberterrorism: introduces ethical and legal considerations of information security as well as interactions with law
    enforcement and regulatory bodies and the management of the relationships. To provide an awareness of the background of geo-politics, students will learn about both US domestic and international developments and an
    analysis of how decision makers seek resolution—addressing legal, policy and operational considerations.
  • Risk Assessment and Management for Information Technology: introduces the concept of risk, explains how risk can affect organizational objectives and how to utilize a risk management methodology to understand, communicate and address risk in operational strategies, plans and activities.

Contact Genene Poppell for enrollment and scholarship information:

Phone: 850-474-3083
Email: gpoppell@uwf.edu

Offered in collaboration with the National Cyber Partnership, Net+ Cybersecurity is a
fast-track preparation for jobs in the cyber industry. Majority of coursework (95%) will be online with assignments due weekly. A two-day in-person communications workshop will occur in Pensacola. The dates will be determined by class members and instructor.