SMALL IS THE NEW BIG FOR BUSINESS CYBERSECURITY READINESS

smallbiz

Federal regulators have been hitting big companies with cybersecurity awareness messaging for several years. But it is likely that even the smallest business processes credit card transactions or handles employee health information. Luckily, the basic cybersecurity preparedness bullet points from the big business effort are useful also to small businesses too.

According to the Small Business Administration, there are approximately 28.2 million small businesses in the U.S., and those small businesses employ half of all workers in the country. The scary thing is that 60 percent of small businesses close within 6 months after facing a cyberattack, according to the National Cyber Security Alliance.

The Commerce Department’s National Institute of Standards and Technology (NIST) has released Small Business Information Security: The Fundamentals , which outlines such cybersecurity hygiene basics as: limit worker access to sensitive data and give them training about data security; create data security policies; encrypt data; and install and keep updated protective software. Small businesses might even consider getting cybersecurity coverage, NIST said.

NIST is the same agency that came up with the Framework for Improving Critical Infrastructure Cybersecurity that has served as a touchstone for discussions on improving big business preparedness.

“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” Pat Toth, the author of the NIST small business guidance said.

There are things a small business can do even if a safeguards fail and a cyberattack exposes data. The Federal Trade Commission has issued Data Breach Response: A Guide for Businesses . Even a small business without a sophisticated response plan in place can take steps to protect itself through steps outlined in the guidance document, the FTC said.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.