By The Stop.Think.Connect.TM Campaign
The responsibilities and obstacles undertaken by small business owners are as numerous as they are formidable: managing cash flows, recruiting talent, securing clients and developing innovative products and services, all juggled by the entrepreneur in the face of vast uncertainty within the market. While the traditional challenges of leading an enterprise are daunting, it’s important not to neglect responsibilities in securing sensitive data, which can lead to legal as well as business consequences.
No company—regardless of size, age or pedigree—is safe from the mounting threats that reside in cyberspace. Small companies are just as susceptible to an attack as are their larger counterparts with 43% of all phishing attacks having been targeted at small businesses, a number which has grown every year since 2011 where it was only 18%[1]. Large companies that are heavily invested in cybersecurity also face significant threats. ICF International aptly points out, “Larger players, even those with sophisticated cybersecurity programs, may be especially attractive targets because the complexity of their networks outstrips the capabilities of their cybersecurity defenses”.[2] Cybercriminals do not discriminate and will often take advantage of lackadaisical attitudes toward cybersecurity when designing attacks.
Businesses must also consider the market consequences following a breach, which could span from permanently losing customers to having key intellectual property made available to competitors. One major breach is all it takes to cause a domino effect of irreversible legal and business consequences.
As two of the nation’s consumer protection and security agencies, the Federal Trade Commission (FTC) and the U.S. Department of Homeland Security (DHS) are committed to promoting data security across the nation. In response to the rising threat of cybercrime, the DHS and the FTC have developed an array of cybersecurity resources available for businesses of every size.
Protecting consumers and businesses starts with education. The FTC recently launched FTC.gov/SmallBusiness, a website with resources to help small businesses stay ahead of the latest scams, reduce their risk of cyber threats and know how to respond in case of a data breach. The website is home to videos, articles, blogs and other resources that will help you learn computer security basics to keep your company’s files, devices and wireless network protected, train your employees to recognize cybersecurity threats and know what to do if your business is the victim of a ransomware attack or a phishing scheme.
The Start with Security resources at FTC.gov/SmallBusiness are the centerpiece of the FTC’s cybersecurity guidance for businesses. These resources include 10 lessons businesses of all sizes and sectors can learn from the FTC’s data security cases. For each of the guide’s 10 lessons, the FTC has created a brief video to explain the principles in simple terms that everyone in your company can understand. The blogs section of FTC.gov/SmallBusiness is also worth highlighting—it’s where one can follow the blog series “Stick with Security,” which provides a deeper dive into each of the principles discussed in “Start with Security.” To subscribe to receive all the business blogs, go to FTC.gov/Subscribe.
The DHS has many useful resources as well, starting with the Critical Infrastructure Cyber Community Voluntary Program, or C3VP. The program, which can be found on the United States Computer Emergency Readiness Team’s (US-CERT) website, encourages the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework). The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. Examples of resources tailored to businesses include the Small Firms Cybersecurity Guidance, which provides information to small firms to increase their security and ensure the protection of their customers, and the Toolkit for Small and Midsize Businesses (SMBs), specifically designed to help SMBs recognize and address their cybersecurity risks.
The DHS also manages the Stop.Think.Connect.TM Campaign, a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. The campaign enlists partners from across the country to educate millions on current and commonly encountered cybersecurity threats. Members of business and industry are encouraged to join the campaign through the National Cyber Security Alliance at StaySafeOnline.org and to subscribe to the campaign’s monthly Friends newsletter, which keeps individuals updated on emerging best practices and trends in cybersecurity.
A business’ decision to adopt the tools and resources provided by the FTC and the DHS and to commit to improving its cybersecurity practices won’t just safeguard its own operations, it will also enhance the collective national and economic security in the process. Cybersecurity is a shared responsibility, requiring vigilance from all actors and sectors. In continuing the tradition of free enterprise, innovation and progress through industry, it is more important than ever to be equipped with the resources necessary to handle the new and rapidly evolving challenges we will face both today and in the days to come.