Cybersecurity Resources to Help Your Take Control of Your Risks

Learn how to protect your business and customer’s privacy from ransomware, business email compromise and other malicious attacks. The cybersecurity resources in this section were developed by the National Institute of Standards and Technology, the U.S. Small Business Administration, the Department of Homeland Security, U.S Government Agencies, in addition to the open-source community, to fortify you business information systems. We have collated this information to ease the burden on your path to cyber-resilience. More importantly, we are here to help.

I’ve Just Had An Incident, Now What?

At Arcane Cyber, we understand small business; after all, we are one too. If you are here trying to figure out what your next step is because you’ve been breached; let us help you.

We don’t recommend taking on the task for a breach recovery by yourself. Certainly not if you don’t have a plan. The goal for recovery is to get your business back up and running. Your resources are limited and your workforce is relying on you. We are not suggesting you sit back and relax, because we’ll have it all taken care of. We can help you get back up and running, together. Along the journey to recovery, we’ll identify ways to mitigate the vulnerabilities that led to the breach and processes to avoid this from reoccuring.

Resources to Avoid Ransomware

Ransomware is a major problem for all businesses and organizations. Opening an innocent looking email or clicking on a web link is all it can take to become a victim. Advertisements can carry a malicious payload; meaning that no action by you is required for your computer to be affected.  In effect, cyber-criminals are unrelenting and go to extraordinary lengths to hold your business hostage. In short, understanding how malware works will help you be prepared for it happening.

Refer to the following cybersecurity resources from the community to improve employee awareness.

Key Tips

  • Keep your systems and software up to date
  • Use anti-virus software on computers
  • Backup and secure your data; we recommend the 3-2-1 principle
  • Create a continuity and incident response plan

Business email compromise, or BEC, is a fast-growing type of scam in which fraudsters impersonate company owners or executives to deceive employees. As a result, the criminals fool businesses into transferring money or turning over confidential data. Many times, the email appear legitimate, making it very difficult for even seasoned professionals to determine if they are malicious or a real outreach for service. Given these points, knowing how to protect from an email compromise is critical to your information security.

Key Tips

  • Be careful what you share online because your information is used to create realistic looking malicious emails
  • Check email addresses for slight changes and URL’s pointing to incorrect web sites
  • Be wary of email attachments; scanning with anti-virus software will not necessarily identify new malware
  • If an email comes from someone you know but appears suspicious, call them
  • Don’t act quickly under pressure

Privacy and Personally Identifiable Information

Privacy and Personally Identifiable Information (PII) protection is important to businesses today. The European Union signaled its firm stance on data privacy and security, with GDPR. At a time when businesses request more personal data and the Internet has no clear boundary, private data is being leaked daily. Following in the EU’s footsteps are U.S. States acting, independent of the U.S. government, to protect the rights and private information of their state’s citizens. This, and other privacy acts; HIPAA, PCI DSS, and COPPA, have created a patchwork of privacy laws and regulations. Therefore, making compliance complicated for small businesses.

Generally speaking, even if you are a company in the U.S., you may have European Union data protection requirements under the GDPR and/or other countries. Fines for violating GDPR requirements can be very high. Importantly, failing to reveal a data breach and follow reporting criteria can lead to hefty fines.

Key Tips

  • Everything you do must consider data protection
  • Parents of minors, children under 13, are in control of their child’s data
  • Limit PII data collection to only what is needed
  • Consumers have a right to know, to correct and to be forgotten; plan for it
  • You can be liable for the loss of PII under most regulations; protect the data with encryption and minimize individuals with access.

The cybersecurity resources will help you understand your requirements under the various consumer privacy protection laws and acts. If you have questions, please contact us.

Where do I start?

Planning for your computer security may make you feel overwhelmed. As a small business, where should you start? Moreover, when do you know you’ve done enough? First, we recommend starting with the basics.  Watch the Cyber Security Basics provided by the Federal Trade Commission. Second, we recommend identifying your important data.  Third, determine who has access. After all, your business data is what cyber-criminals know is most important to your business and its reputation. In essence, by securing your data properly from threats, you are likely to stay compliant and keep your customers satisfied.

Arcane Cyber

Looking to Take the Next Step?

Implementing good cybersecurity for your business does not need to be an overwhelming or impossible task. Allow us to help you in your endeavor.