It’s National Cyber Security Awareness Month, and we all have to do our part. So says The National Cyber Security Alliance, a nonprofit public-private partnership.

Consider the recent increase in cybercrime hitting U.S. businesses. It’s gotten so bad that credit bureau Equifax recently “lost” information including Social Security numbers on 143 million consumers.

Think about that for a minute: a company whose main job is to safeguard data got hacked. Imagine how vulnerable other types of businesses are.

The Alliance cites a recent MediaPro’s survey, in which seventy percent of respondents showed at least some lack of security and privacy awareness. The study had several other notable findings:

  • 24 percent of employees surveyed took potentially risky actions when presented with scenarios related to organizational physical security, such as letting strangers in without identification.
  • 20 percent of employees showed a lack of awareness related to safe social media posting, choosing risky actions such as posting on their personal social media accounts about a yet-to-be-released product of their employer.
  • 19 percent of respondents chose to take risky actions related to working remotely, such as connecting their work computers to an unsecured public WiFi hotspot.
  • 12 percent of respondents failed to recognize commons signs of malware when presented with real-life examples, such as a sluggish computer or anti-virus software unexpectedly switching off.

Sobering statistics. The alliance offers some tips for organizations that don’t wish to join the growing ranks of cyber-victims:

  • Identify: Conduct an inventory of your most valuable assets – the “crown jewels” of greatest importance to your business and of most value to criminals – such as employee, customer and payment data.
  • Protect: Assess what protective measures you need in place to defend the organization as much as possible against a cyber incident.
  • Detect: Have systems set up that would alert you if an incident occurs, including the ability for employees to report problems.
  • Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.

Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.

The National Cyber Security Alliance (NCSA) offers a wealth of education, programs, strategies and advice for businesses of all sized. Find out more at: