Editor’s Note: This is your weekly cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive weekly updates here.
Cybersecurity breaches grab the headlines on a regular basis. Looking beyond the news, there are many industries that are taking a proactive approach to protecting themselves, their data and their customers’ data. According to the Portland Tribune, Oregon Senator Ron Wyden is planning to introduce legislation that will permit U.S. political candidates and lawmakers to use campaign funds to fund cybersecurity protections of their personal and political accounts and devices. Previously, political candidates were forbidden to use campaign funds for what was seen as a personal expense.
Since reports of foreign agents and governments interfering with U.S. politics continues to appear, the goal of the legislation is to use “campaign funds to pay for protection of personal devices, such as cell phones and computers, secure home routers and networking equipment, and security tokens and “keys,” personal software and apps, firewalls and antivirus software, password management tools, secure and encrypted backup and cloud services, and secure and encrypted chat, email, and project management tools. It would pay for cybersecurity consulting services and security services to clean up malware and restore systems after an attack.”
Part of this push is a result of hundreds of German politicians recently being attacked by hackers who shared the politician’s private information via Twitter, as reported by the New York Times. As Senator Wyden commented, “Given the growing cybersecurity threats posed by foreign governments hacking the personal accounts and devices of elected officials, it is common sense to permit these same funds to be spent on cybersecurity as well.”
Similarly, the Seattle Post-Intelligencer discussed the need for SMBs to raise their game when it comes to protecting company and customer data. Both Symantec and the Better Business Bureau have issued reports about the state of cybersecurity for SMBs. Symantec’s 2018 Internet Security Threat Report highlights how cyberattacks on the rise for SMBs and the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America reported “that U.S. small businesses lost an average $79,841 from cyberattacks in 2017, it makes sense to take action to avoid these potential losses.”
Steps SMBs can take
Fortunately, there are steps that small to medium-sized businesses (SMBs) can take to protect themselves and their customers from having personal and financial data exposed:
- Conduct a cybersecurity audit
- Train and monitor your employees
- Manage information access
- Set up automatic software updates
- Use a decentralized virtual network
That’s the good news.
The bad news comes from the education sector where a new report from security firm SecurityScorecard said that the education industry has the worst cybersecurity vulnerability of 17 sectors in the U.S., according to an article in EdWeek.
The main reasons for this are underfunding cybersecurity initiatives in schools, limited staff which can include volunteers, and DoS attacks. The most common recommendations to improve security in the education industry is to find “more efficient ways to report lost or stolen data, maintain and upgrade equipment, anti-virus, and anti-malware software, as well as incorporate network redundancy and backup recovery plans.”
Cyber Oregon partner blog post of interest