In recognition of National Cybersecurity Awareness Month, each Friday this October, we will highlight a different step that organizations can take to increase awareness of potential cyber threats, reduce the risk of a cyber attack or minimize damage from an attack.  All four steps are solutions that all organizations, regardless of size or budget, can implement. Specifically, over the course of the month we will examine information security plans, training, vendor due diligence and data retention and destruction, as tools organizations can use to arm themselves to both prevent and in the event of a cyber attack. 

The federal government recently released a couple of resources that may also be helpful.  First, is a toolkit developed by the Department of Homeland Security as part of its programming related to the 15th anniversary of National Cybersecurity Awareness Month.  The second resource comes from the Cybersecurity Unit of the Department of Justice (DOJ) entitled “Best Practices for Victim Response and Reporting of Cyber Incidents.” The DOJ developed this guidance “to help organizations prepare a cyber incident response plan and, more generally, to better equip themselves to respond effectively and lawfully to a cyber incident.”  This revised guidance addresses incident response considerations, ransomware, information sharing under federal law, cloud computing, and working with cyber incident response firms.