Recently, cybersecurity company FireEye announced a partnership with Visa to develop products and services for merchants, as well as card issuers, to detect and respond to attacks. The announcement underscores how cybersecurity affects online commerce at all levels, small businesses as well as large.
Here is a list of online security resources for small businesses. There are news sites to stay current on cybersecurity, online blogs from security experts, topic and policy indexes to help businesses find security guidance, social media security resources, federal security resources, and a threat-intelligence exchange. All of these resources are free.
This list is a follow-up to my recent article, “25 Online Security Tools for Small Businesses.”
Security Resources for Small Businesses
Open Threat Exchange. Open Threat Exchange is a crowd-sourced threat intelligence exchange and analysis network, hosted by AlienVault, to put effective security measures within the reach of all organizations. Stay current on the latest threats, access free tools, and collaborate with your peers. Utilize an interactive map that consolidates the latest threat data in real-time. Dig into the historical activity of malicious IPs and see how to defend yourself.
FireEye Blogs. FireEye, a leading cybersecurity company, provides multiple blogs about online security. FireEye’s Threat Research Blog is a technical discussion on threat research, cyber attacks, and threat intelligence topics from the FireEye Labs team. FireEye’s Executive Perspectives Blog covers the latest news and trends in cyber threats and cybersecurity, focusing on the impact to business.
Securezoo. Securezoo’s mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses. It provides and index of Security Topics, with easy to understand language, and overviews of policies to implement. Securezoo also provides an index of industry standards with relevant information. Securezoo also provides a free Small Business Security Assessment to evaluate to your vulnerabilities.
Krebs on Security. Krebs on Security is an in-depth security news and investigation blog. Brian Krebs worked as a reporter for The Washington Post from 1995 to 2009, authoring more than 1,300 blog posts for the Security Fix blog, as well as hundreds of stories for washingtonpost.com and The Washington Post newspaper.
Naked Security from Sophos. Naked Security is Sophos’s award-winning threat newsroom, giving you news, opinion, advice and research on computer security issues and the latest internet threats. It also features links to free security tools, including firewall, virus removal tool, antivirus tool and mobile security.
Security Weekly. The Security Weekly blog provides free content within the subject matter of IT security news, vulnerabilities, hacking, and research. Find a complete archive of all of the shows (audio, video, show notes, interviews and technical articles) in the Technical Wiki Archive.
Threatpost. Threatpost, The Kaspersky Lab security news service, is an independent news site covering IT and business security. Threatpost produces content, including news updates, videos, feature reports and more. Threatpost editor Dennis Fisher also authors the Digital Underground blog, covering malware attacks and cybercrime for Threatpost readers.
Graham Cluley. Graham Cluley’s blog is an award-winning resource for computer security news, advice and opinion. Graham Cluley has worked as a programmer, writing the first ever version of Dr. Solomon’s Anti-Virus Toolkit for Windows, as well as filling senior rolls at Sophos and McAfee. Get a free email newsletter containing all the latest security-related stories, hints and tips published on the website.
Schneier on Security. This is the blog of security guru Bruce Schneider, a fellow at the Beckman Center for Internet and Society at Harvard Law School and the Chief Technology Officer at Resilient Systems. The blog also offers Crypto-Gram, a free monthly email digest of posts. The blog and newsletter are read by over 250,000 people. Recent post include “Why We Encrypt” and “History of the First Crypto War.”
WhiteHat Security Blog. This blog is from WhiteHat Sentinel, an enterprise application security platform that approaches website security through the eyes of the attacker. The blog features #HackerKast, a weekly video series on internet security.
Facebook Security. Facebook Security provides information to protect your information both on and off Facebook. Like the Page to receive updates of Facebook security. In a recent post, small businesses can learn more about the advanced security settings available, as well as Facebook Security Basics.
SANS. The SANS Institute provides training to master the practical steps necessary for defending systems and networks. SANS offers a variety of blogs, including Computer Forensics Blog, Security Awareness Blog, Cloud Security Blog, and Penetration Testing Blog. Its Reading Room is a collection of information security research documents and whitepapers on information security, from firewalls to intrusion detection.
PCI Security Standards Council. The PCI Security Standards Council provides merchants with education and training on protecting payment card data with the PCI Security Standards. The site features a variety of resources for small merchants, including a series of training videos and a best-practices guide.
Twitter Security. Here is Twitter’s security section of its Help Center to control your Twitter experience. The site offers information on understanding your settings, controlling your experience, handling issues online, and additional topics and resources. Learn how to protect your personal information, deal with online abuse, and adopt best practices for an ideal Twitter experience.
The New School of Information Security. This blog is inspired by the book of the same title, The New School of Information Security, by Adam Shostack and Andrew Stewart. Its mission it to learn from other professions (such as economics and psychology) to unlock problems in information security, share data and analysis widely, and embrace the scientific method to solve problems in information security.
FCC Small Biz Cyber Planner. FCC Small Biz Cyber Planner is an online resource to help small businesses create customized cybersecurity plans. Create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. The site also provides a Cybersecurity Tip Sheet.
US-CERT. United States Computer Emergency Readiness Team (US-CERT) works to improve the Nation’s cybersecurity, coordinate cyber information sharing, and manage cyber risks. Get practical information, alerts and tips to better secure your small-business network. Explore additional resources, such as related security organizations, tools, and guidelines.