The National Cyber Security Society (NCSS)
What data does the NCSS collect and what do we do with that data?
- Based upon the type of visitor, we collect different data from you based upon your needs. We want to learn from your visit in order to improve your experience. Our users include casual users (base level users) and members (small businesses). Members are defined as those small businesses that pay an annual fee, visit our site on a regular basis and agree to set up an account. Members have a higher level of access to NCSS data. Whether you are a member or casual visitor, the NCSS is dedicated to protecting your information and respecting your privacy.
SMB Member information
- The small and medium businesses who create an account will be releasing to the NCSS their company name, type of company you own, geographic location in the United States, email address, and the number of employees that you employ. Proprietor name, business name and address will not be required at this time but as membership moves forward it will be necessary in order for you to benefit from NCSS services.
- The NCSS will be collecting this information in order to improve our services to better serve you and potential members. Your email address will be used to assist in your return to NCSS if log in and/or password has been forgotten. Your email will also be used to inform you of important information regarding the NCSS (only if you provide consent to receiving such information). NCSS respects member privacy and members may opt out of receiving information from the NCSS if they desire to do so.
SMB Information Technology Infrastructure Information
- In the event your company wishes to obtain a more detailed remediation plan and assessment of your cyber risk, NCSS will offer scanning of your IT infrastructure. In order to do this, NCSS will require the small business owner sign a legal agreement providing consent. The scan will not affect your operations and be scheduled during a period defined by the customer, often after hours, so as not to impact your business operations. This information will be treated confidential, and used to assess the age, current software version, and state of your IT infrastructure, to include hardware and other peripheral devices on your network. NCSS will use this information to score your IT assets from a safety and security perspective. The NCSS will retain the results of your scan in encrypted form for one year from date of scan. After one year, the NCSS will destroy the data and maintain permanent records of destruction (certificate date and means of destruction).
SMB Business Practice Information
- SMBs will complete an on-line questionnaire that will include more detailed information about their business such as who currently manages their IT assets, what education their employees have with respect to cybersecurity, what critical data the SMB has that needs protection, and what they believe is their cyber risk. They will also answer questions related to their customers, suppliers and whether they are in a regulated industry. The NCSS will be gathering this information in order to properly assess cyber risk, and to provide the SMB with a remediation plan and cyber risk score. NCSS will also provide recommendations for training materials, remediation, and types of services (vendor neutral) for the small business owner to consider.
- NCSS will aggregate the scores in an annual report to assess whether the educational methods NCSS employs are efficient and whether through these methods have improved the cyber risk posture of the SMBs. No information about the company will be revealed, other than the industry that they are in, the geographic location and number of employees.
- The NCSS will collect data from our Donors such as: donation amount, billing information (first name, last name, address, city, state, zip code, country and email address). We will also collect payment method information such as credit card, bank account information (if you select this option) and/or pay pal account info. The information gathered from NCSS donors will be used to process billing information. The email received will be used to send you additional information and/or receipts for tax purposes if you decide not to use regular mail.
Technology Community Information
- The NCSS will collect data from our technology partners such as: company name, address, city, state, zip code, country, email address, point of contact and type of educational service offered. In addition, there will be the ability for the technology partner to upload a technical proposal of potential educational services offered to the NCSS. The information gathered will be used to contact technology partners directly for in-person interviews and provide contribution receipts for tax purposes.
- The NCSS will collect data from our Education providers/contributors such as: name (if you are an individual educator) and/or company name, address, city, state, zip code, country, email address, point of contact and type of educational service, tool or technology proposed. In addition, there will be the ability for the educator to upload a technical proposal of potential educational services offered to the NCSS. The NCSS will use the company or personal information to have NCSS staff contact you or your company directly for an in-person interview. NCSS will use the information provided to provide contribution receipts for tax purposes.
- Cookies will be created and stored in order to allow repeat users from re-entering passwords to their account. Storing a cookie on our website will allow users to, not have to enter a password more then once per session. If NCSS users do not allow the cookie they may still use our website.
Traffic Patterns and Records
- The NCSS will collect traffic numbers in order to identify the volume of visitors to our site. We will also be recording the time of your stay and what webpages you visited. This information about traffic pattern and use will be collected to improve the user experience on the NCSS website.
To whom does the NCSS share the information collected and how is it protected?
- NCSS will not share any traffic patterns, user records and information to any other entity beside NCSS.
- The SMB data collected will only be used for NCSS services and not released to the public. All business data about the Small and Medium Businesses will be protected by the highest encryption methods both data in transit and data at rest. NCSS maintains a record retention and data destruction policy to ensure data at the end of the calendar year will be permanently destroyed.
- SMBs may request copies of NCSS audit data on our security practices, which will demonstrate how we protect and secure your data. In the event a data breach occurs, the entity will be notified prior to any mandated public notification.
- Donors, Technology Community members, Educator providers/contributors may wish to display their information about their services on pages specified for them, but are not obligated to do so.
- NCSS will not share Donor information other than the aggregate information needed for IRS reporting. Sponsor and founding donors can request NCSS to advertise their status as a key founding member, having their information reported on our website.
- In regard to potential employees, the NCSS takes great measures to protect private information and will not release any information received to the public. Only NCSS recruiting staff will use the data you submit to consider you for a job. Resumes will be retained for one year and destroyed after one year, unless hired.
- NCSS will only share educational information with SMBs who have an account.
What kind of communication should I anticipate from NCSS?
- Members may receive emails with new promotions, benefits and other services in regard to their membership.
- Opting out of our email notifications will be possible.
What are the Benefits of visiting the NCSS website?
- By becoming a member of NCSS, and obtaining an account, you will receive free educational materials, access to webinars and monthly news bulletins. This information will be provided to the SMB to educate them and to help them improve their understanding of the cyber risk.
- Upon completion of the scan and scoring, the SMB will receive a remediation plan and recommendations for approaches to consider improving their cyber risk.
- Visitors to the site gather information about our non-profit, about how to contribute, reasons to participate, and employment information.
- Technology Community Members, Donors, Collaborators, and Educators who provide services, technology, advisory services to SMBs will be able to claim their contribution as a tax deduction.
- Potential Technology Community Members, Donors, Collaborators, Educators and Employees will discover information that will benefit them if they decide to participate or become considered for employment.
- Educational providers can also manage their own content, and ensure content is accurate and reliable without going through a third party. NCSS will provide Educational providers access to your SMB educational page so that you can upload and oversee educational content directly.