House panel to DHS, FBI: help small biz with cybersecurity – start with good cyber hygiene

The following testimony excerpts are very similar to what the #CyberAvengers have been preaching, and for good reason, it is the truth. Checkout the #CyberAvengers Tools for where to begin.

Richard Driggers, DHS deputy assistant secretary for the cybersecurity and communications, said that basic computer hygiene, such as regular software updates, could keep small businesses safer.

“It doesn’t take sophistication to exploit a vulnerability in a small business. And I think all small businesses need to assume that they have some type of vulnerability that exists within their networks or devices that they’re using,” Driggers said. “A lot of small businesses don’t have the resources to really put in place very sophisticated cyber defense mechanisms. But they do have the resources to do the low-cost things … and that should be the focus.”

* * *

“The best thing small businesses can do is elevate the need for cybersecurity within their organizations. Hire capable, competent people to help protect data, create a culture within the organization that promotes security. It’s gotta be something you do every day; it can’t be after the fact,” Marshall said.

Full article: https://fcw.com/articles/2018/02/01/small-biz-cybersecurity-williams.aspx?m=1

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.

Helpful FTC Guidance on Cybersecurity for Small and Midsize Companies

FTCIt is important for all companies — especially small and midsize companies — to have a basic understanding of what the FTC considers to be reasonable cybersecurity. The FTC is known for being one of the more aggressive regulators that are investigating and enforcing (what it views as) inadequate cybersecurity by companies doing business in the United States. In the watershed case solidifying the FTC’s authority to regulate companies’ cybersecurity under the FTC Act, F.T.C. v. Wyndham Worldwide Corp.,  the U.S. Third Circuit Court of Appeals looked to resources published on the FTC’s website and found that Wyndham’s cybersecurity was very rudimentary and contravened recommendations in the FTC’s 2007 guidebook, Protecting Personal Information: A Guide for Businesses.

The FTC recently published a couple of helpful resources on its website and companies of all sizes would be well-served to spend some time reviewing the recommendations in these resources:

______________________

Shawn Tuma (@shawnetuma) is an attorney with an internationally recognized reputation in cybersecurity, computer fraud, and data privacy law. He is a Cybersecurity & Data Privacy Attorney at Scheef & Stone, LLP, a full-service commercial law firm in Texas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, around the world.