Jump to Main Content
USA flagAn Official Website of the United States Government
Managing a Business

Blogs.Managing a Business

Register

9 Cyber Security Tips for Small Business Owners

Comment Count:
17

Comments welcome on this page. See Rules of Conduct.

9 Cyber Security Tips for Small Business Owners

By ngoriel, SBA Official
Published: October 17, 2013

Small businesses are becoming a larger target for criminals seeking to access sensitive data because attackers are well aware that small businesses have limited resources or personnel dedicated to information system security. In an effort to combat cyber-attacks, the Department of Homeland Security established October as National Cyber Security Awareness Month to educate the public about cyber security and to prepare the nation in the event of a cyber-incident.

Here are 9 cyber security tips for small business owners:

1.      Use the FCC’s Small Biz Cyber Planner to create a cyber security plan

The Small Biz Cyber Planner is valuable for businesses that lack the resources to hire a dedicated staff member to protect themselves from cyber threats. The tool walks users through a series of questions to determine which cyber security strategies should be included in the planning guide, and generates a customized PDF that serves as a cyber-security strategy template.

 

2.      Establish cyber security rules for  your employees

Establish rules of behavior describing how to handle and protect personally identifiable information.  Clearly detail the penalties for violating cyber security policies.

 

3.      Protect against viruses, spyware, and other malicious code
Install, use, and regularly update antivirus and antispyware software on every computer used in your business. Such software is readily available online from a variety of vendors.

 

4.      Educate employees about safe social media practices

Depending on what your business does, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be taught how to post online in a way that does not reveal any trade secrets to the public or competing businesses. This type of safe social networking can help avoid serious risks to your business.

 

5.      Manage and assess risk

Ask yourself, “What do we have to protect? And, what would impact our business the most?” Cyber-criminals often use lesser-protected small businesses as a bridge to attack larger firms with which they have a relationship. This can make unprepared small firms a less attractive business partner in the future, blocking potentially lucrative business deals.

 

6.      Download and install software updates when they are available
All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.

 

7.      Make backup copies of important business data and information
Regularly backup the data on every computer used in your business. Critical data includes word processing documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly.

 

8.      Control physical access to computers and network components

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.

 

9.      Secure Wi-Fi networks

If you have a Wi-Fi network for your home business make sure it is secure and hidden. To hide your Wi-Fi network, configure your wireless access point or router so that it does not broadcast the network name, known as the Service Set Identifier (SSID).  In addition, make sure that passwords are required for access. It is also critical to change the administrative password that was on the device when it was first purchased.

Click here for a list of cyber security events and webinars. 

Source: FCC's Cyber Security Tips for Small Business

 

Other Related Resources

Federal Communications Commission – Cyber Security for Small Business

Learn more about National Cyber Security Awareness Month

OnGuardOnline.gov- Federal government’s website to help protect you online

 

 

About the Author:

Natale Goriel

SBA Official

Hi, my name is Natale and I'm serving as a Moderator for the SBA Community. Our goal is to continually improve this site to meet your needs, so we appreciate your feedback and participation.

Comments:

My advice would be to train the staff of a company against the following. social engineering the art of human hacking
Thanks for these tips! You wouldn't believe the number of small business owners and freelancers like myself that put themselves at risk every time they are working remotely from a coffee shop or public place. Using an unsecure wifi connection can potentially cause you to be hacked and/or worse have your identity stolen - when you have your own small business, having your files and/or information stolen can be threatening to losing income and could harm your reputation. See what has happened even to large companies like Target having customer's information compromised. Here are more tips for other small business owners, stay safe everyone! 
Any spacial tipe for Wordpress User? Training staff not to be duped by browser alerts such as "you require a plugin to view this content" has been one of the hardest parts for us. As browser take over problems are often not caught by anti-viri programs. There's no telling what these 'addons' are transmitting or to who.
Nice article and good points. I would like to add on more point: " Run a periodic vulnerability check " , be updated about the new type of attacks.
Good post, I liked a lot of advice. It is very important to think about cyber security in the XXI century. Would be great if we will talk in more detail about each advice..
Great points, Small business are easy to get targeted. This article is every well written. I appreciate it.
Great points, Small and medium-sized businesses are an easy target. There is a huge fallacy in the small to medium sized business infrastructure that they are too small to be a target to cyber criminals. If an attacker can get into your system, they can probably get money out of it one way or the other. Customer information along with employee information such as social security numbers, date of birth, addresses, e-mails, bank account information and tax information are all huge profit makers for cyber criminals.
I get the impression that if a small business owner does most or all of their computing in the cloud, most if not all of the procedures above would be unnecessary as the cloud service would be in a position to better handle cyber attacks. Am I correct question
Training staff not to be duped by browser alerts such as "you require a plugin to view this content" has been one of the hardest parts for us. As browser take over problems are often not caught by anti-viri programs. There's no telling what these 'addons' are transmitting or to who. Often the best way to limit problems is to run your account and your staff account logins as limited users, and as such not allowing them to install new programs any time they please. If it only takes 20 odd seconds to log out of a limited 'user' account and login in as 'administrator' to install the latest sage updates or a new version of MS Office, i suggest it's worth the your time.
Great list. Setting up a routine backup of all computers is a good practice. This can be done automatically in Mac and WIndows machines.

Pages

Leave a Comment

You must be logged in to leave comments. If you already have an SBA.gov account, Log In to leave your comment.

New users, Register for a new account and join the conversation today!