Jump to Main Content
USA flagAn Official Website of the United States Government
SBA News and Views

Blogs.SBA News and Views

Register

It’s National Cyber Security Awareness Month - Tips for Safeguarding Your Business

Comment Count:
9

Comments welcome on this page. See Rules of Conduct.

It’s National Cyber Security Awareness Month - Tips for Safeguarding Your Business

By Stephen Morris, SBA Official
Published: October 19, 2012 Updated: October 19, 2012

Small businesses are becoming a larger target for criminals seeking to access sensitive data because attackers are well aware that small businesses have limited resources or personnel dedicated to information system security. In an effort to combat cyber-attacks, the Department of Homeland Security established October as National Cyber Security Awareness Month to educate the public about cyber security and to prepare the nation in the event of a cyber-incident.

Here are 9 steps your business can take to improve your cyber security:

  1. Use the FCC’s Small Biz Cyber Planner to create a cyber security plan

    The Small Biz Cyber Planner is valuable for businesses that lack the resources to hire a dedicated staff member to protect themselves from cyber threats. The tool walks users through a series of questions to determine which cyber security strategies should be included in the planning guide, and generates a customized PDF that serves as a cyber security strategy template.
     
  2. Establish cyber-security rules for  your employees

    Establish rules of behavior describing how to handle and protect personally identifiable information.  Clearly detail the penalties for violating cyber security policies.
     
  3. Protect against viruses, spyware, and other malicious code

    Install, use, and regularly update antivirus and antispyware software on every computer used in your business. Such software is readily available online from a variety of vendors.
     
  4. Educate employees about safe social media practices

    Depending on what your business does, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be taught how to post online in a way that does not reveal any trade secrets to the public or competing businesses. This type of safe social networking can help avoid serious risks to your business.
     
  5. Manage and assess risk

    Ask yourself, “What do we have to protect? And, what would impact our business the most?” Cyber-criminals often use lesser-protected small businesses as a bridge to attack larger firms with which they have a relationship. This can make unprepared small firms a less attractive business partner in the future, blocking potentially lucrative business deals.
     
  6. Download and install software updates when they are available

    All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.
     
  7. Make backup copies of important business data and information

    Regularly backup the data on every computer used in your business. Critical data includes word processing documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly.
     
  8. Control physical access to computers and network components

    Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.
     
  9. Secure Wi-Fi networks

    If you have a Wi-Fi network for your home business make sure it is secure and hidden. To hide your Wi-Fi network, configure your wireless access point or router so that it does not broadcast the network name, known as the Service Set Identifier (SSID).  In addition, make sure that passwords are required for access. It is also critical to change the administrative password that was on the device when it was first purchased.

Cyber security is an ever-changing field and businesses must continually adapt to new attack methods.  Check out the National Cybersecurity Alliance’s StaySafeOnline.com or the FTC’s OnGuardOnline.gov, both of which provide information about cyber security issues.

Source: FCC's Cybersecurity Tips for Small Business

Related Resources

National Cyber Security Awareness Month at the Dept. of Homeland Security
Federal Communications Commission – Cyber Security for Small Business
Learn more about National Cyber Security Awareness Month

About the Author:

Stephen Morris

SBA Official

Stephen Morris is online media coordinator for the U.S. Small Business Administration where he manages digital outreach to the small business community.

Comments:

Small to medium sized businesses are easy prey for hackers. In the past large corporations was the focus of hackers backed by organized crime organizations. Today’s fact is large corporations are now spending millions of dollars to protect their IT infrastructure leaving the focus now on small to medium-sized businesses. Like bank robber’s cyber criminals not only want to go where the money is but they also want to be sure that they can get it. Small and medium-sized businesses are an easy target. There is a huge fallacy in the small to medium sized business infrastructure that they are too small to be a target to cyber criminals. If an attacker can get into your system, they can probably get money out of it one way or the other. Customer information along with employee information such as social security numbers, date of birth, addresses, e-mails, bank account information and tax information are all huge profit makers for cyber criminals. Cyber security is our main focus as a Managed Service Provider. Our clients sleep better at night knowing we are covering their systems 24/7 S3
Excellent move from the Department of Homeland Security to establish a Cyber Security awareness month! Thanks SBA for offering great tips and resources to increase business cyber security. In 49th Street Bail Bonds, our IT department updates our computers systems and anti- virus often. We also train our staff to only open attachments or links from known senders. We offer our customers confidentiality and keep our back up system in a safe location.
I agree with the points above. At Del-Air Security in Orlando Florida all of our employees are educated on the safety of internet security. We require employees to lock their work stations when leaving their desk. We also have a very strong anti-virus system in place. Our IT department is regularly updating our systems for the latest threats of hackers. Backing up our files has been vital, we back up weekly all of our data.
I strongly agree to the points that have been set out in this post, especially item number 3 that talks about the importance of installing protective software programs. Never forget to keep your anti-virus software updated because internet hackers are always on the move to generate negative cyber elements that are designed to attest the vulnerability of e-commerce sites and apps -- who knows, you might end up being one of their targets. So, beware. Haven't really experience this kind of mishap yet, but I do know some people who have been victims of internet viruses, which resulted to loss of important data. However, there are errors that can't be handled any anti-virus tool. These errors are usually self-inflicted or manifestations of actions and configuration tweaks that have been taken that resulted towards syntax errors. These errors don't just slow down the workflow, but can weaken cyber defenses when a chain of programs become affected. So, a good addendum to this post would be the utilization of a log viewer that can make the entire system transparent for its gaps via log file presentation. Trust me, this helps troubleshoot virtually any computer issue.
Found this article online and thought i would reply since some of these points are so true. My job is in the Information Security sector, the 2nd point you are mentioning is the biggest flaw around. You'd be surprised to see the amount of incidents caused by humans that should be avoided with some basic awareness.
Great tips here. Securing your online business is very important, if you don't you can lose almost everything, not to mention your customer information.
I work in Information Security and we always stress User Awareness through User Education. You'd be surprised how many data loss incidents could have been avoided had the employees been more educated on social engineering and the likes. Security means addressing (remediate, mitigate, accept) all risk though, not just one or half. So it's important to understand this.
Excellent tips. Today's news in my country, a young man whom was just high school graduate managed to hack on several online bussiness. On his Bank account was found a money tranfers for more than 9 billion IDR or equal to 9 million USD from his crime.
thanks for informations.. :)

Leave a Comment

You must be logged in to leave comments. If you already have an SBA.gov account, Log In to leave your comment.

New users, Register for a new account and join the conversation today!