Small Business

Federal Trade Commission: http://www.ftc.gov/bcp/menus/business/data.shtm

The FTC is a U.S. federal government agency that promotes consumer protection and business competition jurisdiction. The FTC pursues law enforcement to advance consumer interests, develops policy and research laws, and creates educational programs for consumers and businesses.

Small Business Administration: http://www.sba.gov/beawareandprepare/cyber.html

The SBA is a U.S. federal government agency that works to counsel, assist and protect the interests of small business concerns, preserve business competition, and strengthen the U.S. economy.

National Institute of Standards and Technology: http://csrc.nist.gov

NIST is a non-regulatory federal agency within the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology.

U.S. Chamber of Commerce:

http://www.uschamber.com/publications/reports/0409_hs_cybersecurity.htm

The U.S. Chamber of Commerce is the world's largest business federation representing 3 million businesses of all sizes, sectors, and regions. The Chamber's core purpose is to fight for free enterprise before Congress, the White House, regulatory agencies, the courts, the court of public opinion, and governments around the world.

Cisco:

http://www.cisco.com/en/US/netsol/ns170/networking_solutions_solution_segment_home.html

Cisco is a multinational corporation that designs and sells networking and communications technology and services. They work to create Internet solutions for individuals, companies, and countries.

Symantec:

https://www.symantec.com/business/resources/articles/article.jsp?aid=20081208_how_safe_is_small_business_data
(Prevent Information Loss)

https://www.symantec.com/business/resources/articles/article.jsp?aid=20080729_best_defense_is_a_layered_defense
(Secure From Threats)

Symantec is a security software manufacturing corporation. They provide security, storage, and systems management solutions.

Microsoft:

http://www.microsoft.com/smallbusiness/resources/technology/security/Keep_your_small_business_safe_10_tips.mspx

Microsoft is a multinational computer technology corporation that develops, manufactures, licenses, and supports a wide range of software products for computing devices.

Capital One:

http://www.capitalone.com/smallbusiness/cyber_security.php

Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small businesses, and commercial clients.

National Cyber Security Alliance:

http://www.staysafeonline.org/content/small-business

The NCSA, a 501c(3) non-profit organization, is a public private partnership working with the Department of Homeland Security, corporate sponsors, and non-profit collaborators. Their mission is to empower and support digital citizens to use the Internet securely and safely, protecting themselves and the cyber infrastructure.

Keeping your customers safe requires that your own computer systems are fully protected. The best policies in the world won't protect your customers if your network and resources are at risks for attacks or preventable failures.

We recommend that you check out our Top Tips for Staying Safe Online. Protecting your network and systems requires a lot of the same steps as protecting a single computer, only on a larger scale.

Particularly, you should:

Use a firewall. A good hardware or software firewall keeps the criminals out and your customers' sensitive data in.

Install and maintain anti-virus software. Computer viruses can steal and corrupt your customers' personal data. Your first line of defense is to install good anti-virus software on all your computers, and make sure it stays up-to-date.

Install and maintain anti-spyware software. Like viruses, spyware can compromise your customers' personal data. Spyware can also bog down your computers, costing your company time and money. A good anti-spyware program will protect you and your customers from the worst of it.

Use spam filters. In addition to being a huge drain on your company's time and resources, spam can carry malicious software and scams, some aimed directly at businesses. A good spam filter may not block it all, but it will make your email system safer and easier to use.

Install updates. Updates to your operating system and business software often close serious security gaps. Set your software to auto-update, or make sure to download and install the updates yourself regularly.

Use a "VPN" for remote access. A virtual private network or "VPN" allows your employees to access your files remotely, while still providing a strong level of protection for the data they transmit and receive.

Following good computer security practices will make you and your customers safer. In addition, a coherent security plan can put you and your customers even more at ease.

Customers want to know what sort of information you're collecting about them, what you're doing with it and how you intend to protect it. These information practices will help safeguard your customers' identities and help them feel better about doing business with you online.

Have and follow a privacy policy. If you have a Web site, you should have a privacy policy that simply and accurately describes for customers what information you collect about them, how you use it, and whether and how you share it with other companies or entities.

Know what you have.  You should take stock of all the personal information you have about your customers, how and where you're storing it, and what you're using it for.

Keep what you need and delete what you don't. It may sound obvious, but if you're storing information about your customers that you don't need, delete it. The less you collect and store, the less opportunity there is for something to go wrong.

Protect what they give you. If you're holding onto information about your customers, you need to earn their trust by locking it down and keeping it secure.

For a detailed tutorial on how to protect your customers' personal data, visit the Federal Trade Commission's guide for business.

If you have become the victim of an Internet attack or crime, it is important to notify the appropriate authorities to give you the best chance to recoup any losses and ensure that the criminals behind the attacks are brought to justice.

Here are some tips for responding to various sorts of online incidents:

• Hacker attacks and computer viruses: Following a suspected attack or viral infection, the most important thing is to limit the damage by disconnecting the affected computer from the Internet and having it thoroughly scanned and cleaned, either by your internal IT department or a specialist. Report any suspected Internet crimes to the FBI.
• Spyware: If you think you've been infected with unwanted spyware or adware, your first priority should be to clean your computer. Run a spyware scan or have it professionally diagnosed and cleaned. Report spyware incidents to the Federal Trade Commission.
• Spam: The best way to combat spam is to use a spam filter and to delete messages that make their way through. You can also forward fraudulent spam messages to the FTC at spam@uce.gov.
• ID Theft: If you become a victim of identity theft, you may have to take several steps to regain your identity and notify the relevant authorities. Start with the FTC's identity theft page which contains instructions for reporting ID theft and recovering your identity.
• Online Shopping Fraud: Be careful who you conduct business with online. If you are defrauded in an online transaction, try to resolve things with the seller. If that fails, you can report incidents to:
  • Your state attorney general
  • The FTC
  • Your local Better Business Bureau

The United States Computer Emergency Readiness Team (US-CERT) also maintains an incident reporting system for computer security incidents.