There's no denying that cybersecurity is a major issue that impacts all types of enterprises. The pervasive nature of cybercrime is leading to large-scale responses which go all the way up to the governing body of our country.
Senate's Critical Infrastructure Bill Gets Passed
The bill, called S. 1353, the Cybersecurity Act, has been gestating for a while, but it wasn't until Dec. 11 that a motion to reconsider the bill brought it directly before the U.S. Senate. The bill was sponsored by Sen. John D. Rockefeller IV, a Democrat from West Virginia. It was passed on the 11th, according to The Hill. The passage came by way of a unanimous consent agreement. Unlike many other issues on the table, cybersecurity is a largely bipartisan topic.
According to the bill's summary, its overarching aim is "to facilitate and support the development of a voluntary, industry-led set of standards and procedures to reduce cyber risks to critical infrastructure." The Director of the National Institute of Standards and Technology (NIST) is the one given the responsibility of carrying out the bill's objectives. Here are a few of the directives outlined by the Act, to be overseen by NIST's director, currently acting director Willy May:
- Reach out to workers in the private enterprise sector and make sure they're up to par in terms of security
- Carry out cybersecurity-related consultations with agencies that are charged with any national security responsibilities
- Refine a voluntary critical infrastructure security checklist that can be deployed at relevant and interested enterprises
The full text of the Act is available here. But it doesn't take reading through the entire thing to glean the central point: Namely, that the government is becoming increasingly proactive when it comes to regulating cybersecurity. The question is this: Can your business keep up?
Taking Steps To Promote Enterprise Cybersecurity
With the action going on in Washington, it's time that your business took a serious look at its cybersecurity efforts. If you're one of the many companies out there that's doing most things right except accounting for cybersecurity gaps, then it's time to change your tune. Protecting your online presence isn't something that should be in the periphery of your business. It should be front and center. Here are a few proactive steps your company can take to keep up with the rest of the country in terms of protection:
- Educate all employees about cybersecurity: In Section 303 of the cybersecurity bill, there's a discussion about cybersecurity competitions and challenges. The text states that, per the terms of the Act, government officials are obliged to "support competitions and challenges" surrounding cybersecurity. This means actively recruiting workers based on their cybersecurity skills (such as ethical hacking, vulnerability assessments and cyber forensics), rewarding aptitude in the digital defense realm, and building up cyber awareness in schools. This kind of effort will likely become a model for what companies should do. In the same way that government officials will be reaching out to different groups with an educative and rewards-centered cybersecurity focus, this same kind of practice should be deployed by businesses of all types. As company administrators, make an effort to teach the fundamentals of cybersecurity to all workers — not just the ones in IT. And if a particular person shows exceptional skill in the cyberdefense realm, find a way to leverage his or her talent to better the company.
- Guard and secure laptops and mobile devices: Bring-your-own-device practices are just a fact of corporate life these days. Companies that don't have BYOD are behind the times, but for those that do, mobile device management is absolutely critical.Consider this: A study conducted by the Ponemon Institute found that of the participating organizations, there were an average of 263 laptops lost per company per year. But the real value of a business laptop isn't the device itself, it's what's contained within it. That's why the typical misplaced or stolen laptop leads to nearly $50,000 in lost money. But the costs associated with potentially compromised data on a lost device like a laptop or smartphone can be mitigated with mobile security and other protective measures. If, for instance, you outfit your company's laptops with multifactor authentication, that'll go a long way toward preventing a malicious intruder from gaining access to the machine.
- Follow the news: Cyberthreats aren't the kinds of things that exist in a state of stasis. The cybercriminal realm is always evolving, and the various strains of malware that could threaten your enterprise are growing along with it. As an enterprise, it's your responsibility to keep up with the cybersecurity news and understand new threats as they arise. That way, you'll significantly minimize the odds of getting caught off guard by an attack.
- Consider what it means to function online: In order to have the safest company computing environment possible, it helps to build one in which everyone has a thorough knowledge of Web identity. A good discussion of the basics of Web identity is captured in this New York Times piece, but basically, the idea is that in order to maintain the best online citizenship possible, one should consider things like what they're sharing publicly versus privately and if they're practicing any negative behaviors associated with computing. By holding an enterprise teach-in about online citizenship, you can build the Internet integrity of your workers and consequently have a safer atmosphere.