I frequently get complaints from small businesses that they don’t have the resources or resilience to properly address cybersecurity and that it is overwhelming to them.
Well, it is. We frequently tell businesses that they must be prepared as they might not think they are targets, but they are. But what happened to the relevance of the concept of “according to the size and scope of the entity?”
On March 10, 2016, the House Small Business Committee issued new cybersecurity aids for small businesses following a hearing that emphasized the vulnerabilities of small businesses.
The statistics are quite alarming: almost 60 percent of small companies go out of business in the wake of a hacking incident and 71 percent of all cyber assaults happen in businesses with less than 100 employees.
The guide is split into three parts. The first relates to data breach response, and basically refers businesses to the Federal Trade Commission (FTC) guidance on the topic.
The second is targeted to small vendors and internet of things products and outlines measures to protect themselves and their customers.
Another section outlines five things small companies can do to protect personal information. They include:
- Taking stock—map and know where personal information is and when it is on Web-connected computers
- Scale Down—only keep the information the business needs
- Lock It—how to protect the information
- Pitch It—how to properly dispose of personal information when it is no longer needed
- Plan Ahead—how to develop a security incident response plan.
Basic, but sound measures that small businesses can take to protect themselves and get the overwhelming process started so it doesn’t seem so difficult. It’s worth a read.