My colleague, Pat Fowler, is one of the authors of Into the Breach… Data Privacy and Protection Blog and wrote a fantastic article about government websites with cybersecurity tips and information that I wanted to provide here. It’s the perfect one-stop-resource for those whose data and information (or third-party information under your control) is vulnerable. Here you go – Enjoy:
As part of the government’s recent clarion call to improve our individual and collective cybersecurity posture, several federal and state agencies have released a variety of guidelines, frameworks, best practices and tips. Some are more helpful than others. Much of it focuses on helping those perceived to be the most vulnerable in the current cyber-threat environment – small and midsize businesses (SMBs).
Now, finding that useful information among the 925 million websites currently in use can be a real challenge, especially if you’re in a pinch. So we have posted the links to some of the more prominent government sites that focus on basic cybersecurity, data protection and breach response topics. By posting these links, we’re not, of course, endorsing the accuracy or applicability of the information they may contain. And obviously, there are many other websites that may contain additional information that may be useful to you as well. But these are a good starting point, and you can see your tax dollars at work.
The Small Business Administration
The Small Business Administration has created an on-line, self-paced training exercise that provides an introduction to securing information in a small business. It’s called “Cybersecurity for Small Businesses” and can be downloaded as a pdf as well.
The Federal Trade Commission
The Federal Trade Commission (FTC) recently issued “Start With Security: A Guide For Business”, available also as a PDF, and as an on-line tutorial as well. It’s worth noting that the FTC says it drew upon some of its recent enforcement actions involving alleged consumer privacy violations and deceptive and unfair trade practice claims, so these materials also provide some insight concerning the FTC’s analysis of data breach scenarios.
If you or someone you know experiences an identity theft, the FTC has an identity theft resource site.
The Department of Justice
In the event of a cyber-attack and data loss, the Department of Justice’s “Best Practices for Victim Response and Reporting of Cyber Incidents” is a popular reference. Despite its title, it also contains recommended practices to take before the cyber-attack and data loss occurs.
The Federal Communications Commission
While you may not think of the Federal Communications Commission (FCC) in the cybersecurity and data privacy space, it has published several pertinent documents of note. These include “Cybersecurity for Small Businesses” and a “Cybersecurity Planning Guide”
The Department of Homeland Security
The Department of Homeland Security (DHS) has been particularly active in pushing out guidelines and tips in the cybersecurity and data privacy space. Among other things, it maintains the “Stop.Think.Connect: Cybersecurity Resources for Small Business” website. DHS also published “Cybersecurity Questions for CEOs”, “Cybersecurity 101” and “Cybersecurity Tips”
An agency within DHS, the United States Computer Emergency Readiness Team (US-CERT), maintains a website with useful cybersecurity resources: “Getting Started for Small and Midsized Businesses (SMB)”
The Securities and Exchange Commission
Earlier this year, the Securities and Exchange Commission, Division of Investment Management issued “Cybersecurity Guidance” to investment advisors and brokers. This follows the Division of Corporation Finance’s 2011 Guidance related to disclosure of cybersecurity risks and cyber incidents.
The Department of Commerce, National Institute for Standards and Technology
Last year, the Department of Commerce, National Institute for Standards and Technology (NIST) issued the Framework for Improving Critical Infrastructure Cybersecurity, which is a useful reference for companies to review when evaluating or implementing their cybersecurity programs. NIST maintains a website that contains version 1.0 of the Framework document as well as related resources and information.
The National Security Agency
The National Security Agency (NSA) has published a tip sheet “Best Practices for Keeping Your Home Network Secure”.
The State of California Attorney General’s Office
The California Attorney General’s Office, in collaboration with others, recently published, “Cybersecurity in the Golden State”. It contains information and tips that business owners can use to “protect against and respond to malware, data breaches and other cyberincidents.”
The Maricopa County, Arizona Office of Enterprise Technology
The Maricopa County, Arizona Office of Enterprise Technology maintains a website that contains links to a number of useful cybersecurity resources, including links to law enforcement agencies and other entities that focus on cybersecurity and data protection
If we learn of other website with useful information in the cybersecurity and data privacy space, we’ll update this in the future. Stay tuned.