We often hear from small businesses that they do not believe they can be a “target” of hackers, or that they are at risk of a cyber intrusion. This thought is naïve as small businesses are at risk of cyber intrusions, and due to the fact that they do not have the resources to protect their systems like larger organizations, they can be used as a conduit to get into larger companies’ systems.

Recognizing the problem, the National Institute of Standard and Technology (NIST) has issued a cybersecurity guidance for small businesses. Entitled Small Business Information Security: The Fundamentals, it is designed to help small business owners who are not experienced in cybersecurity to take basic steps to better protect their IT systems.

According to NIST, “Many small businesses think that cybersecurity is too expensive or difficult…In fact, they may have more to lose than a larger organization because cybersecurity events can be costly and threaten their survival.”

The guidance provides users with a simple risk assessment to assess vulnerabilities, including mapping their data and determining the risk if the data is compromised. It helps businesses determine how to limit employees’ access to data, training employees on data privacy and security, developing policies and procedures, encryption, and data security tools.

The Guide is a must read for small businesses and can be accessed here.