Cyber Security Information Sharing Act
At the end of November, the Senate passed the Cybersecurity Information Sharing Act. This legislation gives private companies legal immunity for sharing data with the Federal Government. This was passed over the protests of many lawmakers and consumer advocates. “In theory, the information shared would be limited to ‘threat indicators’ — data such as technical information about the type of malware used or the ways that attackers covered their tracks while sneaking through systems.” Andrea Peterson — The Washington Post
One of the purposes of this legislation is to help U.S. companies react more quickly to cyberattacks on their computer systems. If a company gets hit with a specific type of hack, the federal government would receive an alert and immediately distribute warnings to other companies.
While cyber laws provide some immunity to businesses, it only applies to information sharing with the Federal Government. Businesses still need Cyber Liability Insurance as part of their risk management program. What we do not know, is what will the Federal Government do with information? It will be impossible to know until the law is fully implemented later in 2016.
Cyber Prevention Tips
- Provide Training to all employees. Helping your employees understand how cyber breaches occur, will go a long way in prevention.
- Keep your operating system, browser, anti-virus, and other critical software up to date.
- Activate your firewall. Firewalls are the first line of cyber defense; they block connections to unknown or bogus sites and will keep out some types of viruses and hackers.
- Secure all passwords and do not share them with anyone.
- Use only secure wireless networks.
- Develop a secure way to allow laptops off the premises. Never keep client information on laptops if used off site.
- When an employee leaves the company or is terminated, turn off the access to their computer. If there is personal information on their computer, have your IT person manage the process.
- Be aware of pushing scams. This involves a hacker using an email or website to install malicious software onto your computer. These web entities are designed to look like a normal email or website, which is how hackers convince their victims to hand over personal information.
- Never open an email from someone you don’t recognize, even if it identifies you by name.