According to the 2018 Verizon Data Breach Investigations Report, 58% of cyberattack victims were small businesses (organizations with fewer than 250 employees). Many small and medium-sized businesses (SMBs) think that the data they have or have access to does not have value. Nothing could be further from the truth. A key message for businesses of varying industries and sizes is that all data is valuable. SMBs need to conduct a thorough assessment of the data that is created, collected, stored, accessed and transmitted on or through their network. Then, it needs to be classified by the level of sensitivity so that appropriate steps can be taken to protect it. A vital, underlying message for all businesses is that transparency builds trust and it’s critical to communicate clearly, honestly and often about what happens to consumers’ personal information after it is collected.
There are many myths about cybersecurity that can impact the SMB community. NCSA has created a top-line review of the 10 most common misconceptions coupled with user-friendly, action-based steps to implement best lines of defense. Whether it’s false information about a costly cybersecurity financial commitment or that cyberattacks are always committed by external hackers or that physical and digital security are two different entities, this one-pager – based on experiences of business leaders and employees nationwide ̶ breaks down the top misconceptions and offers user-friendly advice and tips.
“In addition to embracing smart cybersecurity practices, SMBs also need to recognize that when two companies join forces to do business, both organizations are taking on shared risks. Many smaller enterprises do not realize the degree of exposure that faces their supply chains,” said Daniel Eliot, NCSA’s director of education and strategic initiatives. “If there is a cyber incident, not addressing these inherent risks and taking action to protect potential vulnerabilities can end up being detrimental and very expensive. Having a strong cybersecurity posture across the board ̶ which includes supply chain partners ̶ adds a competitive edge to a business’ reputation.”
Another fundamental message is that empowering employees at all levels is essential. NCSA has led the charge in arming businesses with the resources and tools needed to stay safer with its CyberSecure™ My Business program. CyberSecure My Business shares critical online safety information with a non-technical, non-threatening approach. NCSA travels to local communities and educates SMBs on cybersecurity basics and offers real-life scenarios along with proactive steps to better secure data. Workshop attendees receive a variety of free resources and learn about common cyber threats and misconceptions, along with “quick wins” to increase online security. In addition, there is an opportunity to meet experts from public, private, and non-profit entities to begin building their cyber-risk strategy and ultimately use cybersecurity as a competitive advantage.
Resources Created by NCSA and CISA
Small businesses are quickly deploying various technologies to better serve their customers and manage their business more efficiently. Different kinds of technologies, however, come with a variety of risks and require alternative strategies to protect them and the data they use and store. This “Quick Wins” resource can be used as a starting point to manage the data and devices in your business.
Resources for Small & Medium-Sized Businesses: https://www.us-cert.gov/resources/smb
Cybersecurity Resources Roadmap for SMB in Critical Infrastructure: https://www.us-cert.gov/sites/default/files/c3vp/smb/DHS-SMB-Road-Map.pdf
Resources Created by NCSA’s Board Member Companies
Wells Fargo Guide to Small Business Cybersecurity: https://media.wellsfargoworks.com/management/premium-guide/keeping-your-business-safe.pdf
Infosec’s National Cybersecurity Awareness Month Training Toolkit: https://www2.infosecinstitute.com/l/12882/2019-08-26/fqz9yh
Facebook Account Security Tips for Small Businesses: https://youtu.be/BV4v6f7V-AE
Resources Created by NCSA’s Partners
Federal Trade Commission: https://www.ftc.gov/tips-advice/business-center/small-businesses
NIST Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyber
NIST Cybersecurity is Everyone’s Job Guidebook: https://www.nist.gov/news-events/news/2018/10/cybersecurity-everyones-job
Payment Security Resources for Small Merchants: https://www.pcisecuritystandards.org/merchants/