The Federal Trade Commission (FTC) has launched a resource to raise awareness about the vital role cybersecurity plays for the 32+ million small businesses in the US.
This effort was part of the National Cyber Security Awareness Month (NCSAM) in October, which has been recognized every month since 2003. The NCSAM was established with the collaboration of the U.S. Department of Homeland Security and the National Cyber Security Alliance to ensure the safety and security of internet users.
As more small businesses started getting online, the cyber threats they face has been growing with them. And today small businesses are a big of a target as anyone else in the digital world. The goal of the FTC’s new resources platform is to keep small businesses informed and fully aware of the dangers they face with their online presence.
Rosario Méndez, Attorney, Division of Consumer and Business Education, FTC, explained how this campaign to educate small businesses came about.
On the FTC blog, Méndez said, “This new national cybersecurity education campaign grew out of discussions we had last year with small business owners across the country about cybersecurity challenges.”
She goes on to say the FTC took notes and developed a resource which was easy to digest for small business owners and their employees. The campaign is co-branded with the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), and the Small Business Administration (SBA).
The Tools and Resources
The tools and resources the FTC provides come from cybersecurity experts in the private and public field.
An easy to use format clearly displays a wide range of cybersecurity topics with fact sheets that can be downloaded for business owners, their employees, vendors, and anyone which is part of the organization.
The fact sheets, videos, and quizzes cover the following topics.
- Cybersecurity Basics
- Understanding the NIST Cybersecurity Framework
- Physical Security
- Business Email Imposters
- Tech Support Scams
- Vendor Security
- Cyber Insurance (with thanks to the National Association of Insurance Commissioners)
- Email Authentication
- Hiring a Web Host
- Secure Remote Access
According to Andrew Smith, Director, FTC Bureau of Consumer Protection, each topic has been designed to get to the point it is addressing without wasting your time.
A good example of this is Cybersecurity Basics. When you download the fact sheet for this topic and go through it, you will be able to answer:
- Why you should set your apps, web browsers, and operating systems to update automatically.
- Three key steps to help secure your router.
- Multi-factor authentication: What it is and why it should matter to your business.
- How planning for the “what ifs” may help keep your business running even if you experience a data breach.
You can also watch the video of the same topic, which you can see below.
What Should you do in the Event of a Security Breach?
The FTC has come up with 10 practical lessons small businesses can apply based on the more than 50+ data security settlements the agency has overseen.
- Start with security – Don’t collect personal information you don’t need,; Hold on to information only as long as you have a legitimate business need; Don’t use personal information when it’s not necessary.
- Control access to data sensibly – Restrict access to sensitive data; Limit administrative access.
- Require secure passwords and authentication – Insist on complex and unique passwords; Store passwords securely; Guard against brute force attacks; Protect against authentication bypass.
- Store sensitive personal information securely and protect it during transmission – Keep sensitive information secure throughout its lifecycle; Use industry-tested and accepted methods; Ensure proper configuration.
- Segment your network and monitor who’s trying to get in and out – Segment your network; Monitor activity on your network.
- Secure remote access to your network – Ensure endpoint security; Put sensible access limits in place.
- Apply sound security practices when developing new products – Train your engineers in secure coding; Follow platform guidelines for security; Verify that privacy and security features work; Test for common vulnerabilities.
- Make sure your service providers implement reasonable security measures – Put it in writing; Verify compliance.
- Put procedures in place to keep your security current and address vulnerabilities that may arise – Update and patch third-party software; Heed credible security warnings and move quickly to fix them.
- Secure paper, physical media, and devices – Securely store sensitive files; Protect devices that process personal information; Keep safety standards in place when data is en route; Dispose of sensitive data securely.
The FTC wants small businesses owners as well as everyone working for/with them to be well informed. The more your organization is aware, the harder it will be to fall for the scams, tricks and methods hackers use to breach the protocols you have in place.
The key to doing this is staying informed and hyper-aware of the existing threats your small business faces day in and day out.
You can go to the FTC small business page and get more information on cybersecurity and other related issues here.
Photo via Shutterstock