Large Organizations are Small Organizations Too
Large public and private organizations are comprised of big, medium and small organizational components. Sharing a common understanding and unified messaging is critical to delivering business/mission value and security.
Small and mid-size businesses are the largest group of employers. Thinking of large organizations separately from this group ignores very important opportunities to increase business value and security because they are all connected and interdependent.
Cyber Liability and Data Breach Insurance for Small Businesses
- Application Process: If the insurance agent asks you a significant number of questions about your cyber hygiene during the application process, don’t answer them and move on.
- Understand Your Coverage: Many policies have limits on the coverage relating to the cause. If you are seeking a $1m policy make sure there is no limit on the cause or the real amount of coverage is that limitation.
- Support Line: The Insurance policy should come with a 24hr support line. Make sure you can call for help without making a claim. Make sure the support line is establishing Attorney-Client privilege.
FTC Guidance for Cyber
The Federal Trade Commission easy to follow guidance for small businesses.
Note: The FTC is going to update and release new guidance Oct 18th.
Is Your Business Prepared for an Emergency?
Is Your Data?
When an emergency strikes, your business’s most vulnerable asset may not be in the stockroom or warehouse. It could be the data that has been central to your success. The FTC has six steps you can take to help protect your company’s information from the unpredictable.
Secure Paper, Physical Media, and Devices
High-profile hackers grab the headlines. But some data thieves prefer old school methods – rifling through file cabinets, pinching paperwork, and pilfering devices like smartphones and flash drives. As your business bolsters the security of your network, don’t let that take attention away from how you secure documents and devices.
FTC law enforcement actions, closed investigations, and experiences we’ve heard from businesses demonstrate the wisdom of adopting a 360° approach to protecting confidential data. As Start with Security suggests, securing paper, physical media, and devices is an important part of that strategy.
Internet of Things FBI
Cyber Actors use Internet of Things devices as proxies for anonymity and pursuit of malicious cyber activities.
NIST Releases SP 800-37 r2
The National Institute of Standards announced the final public draft of Special Publication 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations–A System Life Cycle Approach for Security and Privacy.
NIST 800-171 Controlled Unclassified Information
The protection of Controlled Unclassified Information (CUI) resident in non-federal systems and organizations is of paramount importance to federal agencies and can directly impact the ability of the federal government to successfully conduct its assigned missions and business operations.
Mitre Releases Supply Chain Guidance for DoD
Federal Communications Commission on Reasonableness
By clarifying that our standard is one of “reasonableness” rather than strict liability, we address one of the major concerns that providers—including small providers and their associations—raise in this proceeding.
NIST Cybersecurity Risk Management Conference
Nov 7-9, The newly expanded conference format builds on the annual Cybersecurity
Framework Workshops held for the past five years and adds other cybersecurity risk management topics: Risk Management Framework, Supply Chain Risk Management, and the Privacy Framework. Renaissance Baltimore Harborplace Hotel, Baltimore, MD
Framework Workshops held for the past five years and adds other cybersecurity risk management topics: Risk Management Framework, Supply Chain Risk Management, and the Privacy Framework. Renaissance Baltimore Harborplace Hotel, Baltimore, MD
President Trump Cyber Security Month
“Each of us can contribute by requesting more security from the products and services we use; using multi-factor authentication on our digital accounts and devices; leveraging private, protected, and secure networks; limiting how much personal information and location data we share; and taking other actions to secure the applications we use every day,” the proclamation states.
“I also encourage every American to learn more about how to protect themselves and their businesses through the Department of Homeland Security’s STOP.THINK.CONNECT. campaign and the Department of Commerce’s NIST Cybersecurity Framework,” President Donald Trump
Controlled Unclassified Information Security Requirements Workshop
On Thursday, October 18, 2018, the National Institute of Standards and Technology (NIST), in coordination with the Department of Defense (DoD) and the National Archives and Records Administration (NARA), is hosting an informational workshop providing an overview of Controlled Unclassified Information (CUI), the Defense Acquisition Regulations System (DFARS) Safeguarding Covered Defense Information and Cyber Incident Reporting Clause, and NIST Special Publications 800-171 and 800-171A.
American Bar Association Annual Meeting
Charlie Tupitza presented to the American Bar Association CyberSecurity Task force at their annual meeting August 5 in Chicago. Conversations addressed how the insurance industry can help support small and solo law practices in the United States and how taking advantage of the NIST Cybersecurity Framework is helpful to establish a common lexicon enabling the sharing of good practices.
He also addressed the importance of all organizations to establish a clear policy regarding the sharing of cyber hygiene information. One example is the request from the insurance industry for this information when it is not necessary.
Americas Small Business Development Centers
Annual Meeting
The 38th Annual America’s SBDC Conference takes place September 4-7, 2018, in Washington, DC, at the Washington Marriott Marquis. Every year our conference attracts 1,300+ SBDC professionals from all over the nation. These advisers, trainers and directors come together for professional development and networking.
Cyber Business Quotes
“Every organization, regardless of size, must have a policy addressing the sharing of cyber related information.” Charlie Tupitza, CEO, National Forum for Public and Private Collaboration and President of RightExposure.
“No private data should be copied to a Blockchain.” Anil John, program manager for the identity management project in the Cyber Security Division of the Homeland Security Advanced Research Projects Agency
“To think large organizations should be thought of as separate from small and midsize organizations may miss some very important opportunities. To think they are more secure also misses opportunities.” Charlie Tupitza
“Definition of Competition: Come together to seek improvement. When we come together with like purpose we naturally do better. When we come together with an attitude of improvement we make great progress towards our common desired outcomes.” Charlie Tupitza
About Us
Small and Mid-Size Organizations: RightExposure works closely with both the public and private sector in support of small and mid size organizations within the United States.
Supply Chain: Helping them understand their cybersecurity responsibilities.
Insurance Industry: Helping them understand the needs of small and mid-sized organizations for sustainability and cyber protection. Identifying products and services they can bring to support cyber hygiene by taking advantage of large numbers.
Charlie Tupitza is a licensed insurance consultant. He was a charter member of the presidential directive working group to determine needs of the US government procurement community in support of cyber security. He participates regularly in working groups regarding supply-chain cyber security and sustainability and other related topics such as utilization of the NIST Cybersecurity Framework, Risk Management Framework and SP 800-171 to protect information.
Charlie communicates regularly with the FTC, NIST, GSA, DHS, DoD, SBA and associations representing large groups of small and mid-size companies. As the CEO of the National Forum for Public Private Collaboration he led a study to help understand the value of cyber liability and data breach insurance for small organizations.
Contact Us
Phone 202 839-5563 – – email sustainable@rightexposure.com