Most experts recommend that businesses start by having a strategic approach to cybersecurity. This strategic approach should include plans to secure existing systems and keep your business secure going forward.
The Federal Communications Commission created the Small Biz Cyber Planner to help businesses evaluate their current cybersecurity posture and create a plan. (The Small Biz Cyber Planner is also available in a PDF version.)
A comprehensive cybersecurity plan needs to focus on three key areas:
- Prevention: Solutions, policies and procedures need to be identified to reduce the risk of attacks.
- Resolution: In the event of a computer security breach, plans and procedures need to be in place to determine the resources that will be used to remedy a threat.
- Restitution: Companies need to be prepared to address the repercussions of a security threat with their employees and customers to ensure that any loss of trust or business is minimal and short-lived.
- AllClear ID Incident Response Workbook
- FBI InfraGard Program
- Federal Trade Commission (FTC): Bureau of Consumer Protection Business Center
- FEMA: Business Emergency Plan
- Homeland Security U.S. Computer Emergency Readiness Team (US-CERT) Cyber Security Tips
- Microsoft Business Hub
- On Guard Online: Small Business Resources
- National Institute of Standards and Technology (NIST): Computer Security Resource Center
- National Institute of Standards and Technology (NIST): Small Business Corner
- U.S. Chamber of Commerce: Internet Security Essentials for Small Business