FTC Cybersecurity for Small Business Guides

January 17, 2020 | Articles

FTC Cybersecurity for Small Business

Robust FTC Resources

The Federal Trade Commission (FTC) offers a great “Cybersecurity for Small Business” website that helps small business leaders learn about cybersecurity basics. Developed in cooperation with the National Institute of Standards and Technology (NIST), the U.S. Small Business Administration (SBA), and the Department of Homeland Security (DHS), the website provides several resources that inform, educate, and assess small business teams.

You Will Learn

The FTC site is jam-packed with practical cybersecurity content, videos, tutorials, guides, case studies, quizzes, and best practices. The resources cover topics like:

You will learn cybersecurity basics, such as protecting your files and devices, protecting your wireless network, and making smart security your “business as usual.” The FTC offers tips for training your employees to protect equipment, paper files, and USB drives. They explain how attacks happen, how employees should react, ways to protect your business, and what to do if you experience an attack. They offer best practices for working with vendors, choosing a cyber insurance policy, setting up a secure website, and securing your network. This content is available in a downloadable 28-page eBook.

FTC Cybersecurity Guides

Start with Security: A Guide for Business

This guide summarizes ten (10) “lessons learned” from more than 50 law enforcement actions (out of court settlements) that the FTC announced. The missteps in those cases were distilled down to create these fundamental security best practices.

Protecting Personal Information: A Guide for Business

Small businesses manage sensitive personal information from their employees, suppliers, and customers. This guide will help you safeguard this information by following five (5) easy steps — take stock, scale down, lock it, pitch it, and plan ahead.

Data Breach Response: A Guide for Business

If you experience a cybersecurity breach, this guide will walk you through the steps of a basic breach response process, including securing your operations, fixing vulnerabilities, notifying appropriate parties, and more.

Cybersecurity Services

Cybersecurity can be overwhelming for small businesses that can’t competitively attract, hire, and retain the security expertise they need to protect their assets properly. There are options with outsourced services:

  • SOC-as-a-Service (SOCaaS) is a collection of services that manage the security controls and logs within your environment. When a known threat or vulnerability is identified, the team will notify you to take action per a service level agreement.
  • Managed Detection and Response (MDR) is a more robust outsourced service that includes the identification of both known and unknown threats on your network. MDR solutions typically include threat hunting, total network visibility (including IoT devices), and concierge-style support options.
  • Advisory Services are available from cybersecurity consulting firms. These services include Virtual CISO, Security Policy, Security Governance, Vendor Risk Management, Penetration Testing, Vulnerability Assessments, Incident Response, and Security Awareness Training.

If your organization needs to comply with industry standards, government regulations, or privacy laws, a small business compliance program can help you systematically prepare for your third-party certification or attestation audit.

Start with the Basics

The best place to start is with the basics found on the FTC Cybersecurity for Small Business website. Share the content you found most valuable with your staff and employees and discuss what you learned with your IT team.  If you determine that your resources are strapped, and your current IT vendor only offers firewall, backup, and virus protection services, then you’ll likely need to look for some more robust cybersecurity services. Starting with a vulnerability or risk assessment would establish a solid baseline. Reach out to us—we would love to discuss your requirements.

Frequently Asked Questions

What are Cybersecurity for Small Business basics?

The Federal Trade Commission (FTC) protects small businesses from anticompetitive, deceptive, and unfair business practices through law enforcement, advocacy, and education. They have developed a “Cybersecurity for Small Business” website through cooperation with the National Institute of Standards and Technology (NIST), the U.S. Small Business Administration (SBA), and the Department of Homeland Security (DHS). This FTC website has a number of resources for small businesses leaders looking to learn and share cybersecurity basics with their employees.

Where can I find cybersecurity quizzes?

The Federal Trade Commission (FTC) provides cybersecurity content and quizzes to help small businesses improve their cyber awareness and practices. They offer tutorials, tips, and guides to prepare you and your employees for the quizzes.

What should a Cyber Insurance policy cover?

The Federal Trade Commission (FTC) provides a checklist of items that small businesses should look for in a cyber insurance policy including first-party coverage and third-party coverage items. For more help, you can contact a local cybersecurity consultant or cyber insurance agency.

How should a small business respond to a cybersecurity breach?

The Federal Trade Commission (FTC) provides a guide for small businesses that experience a data breach. The 16-page Data Breach Response guide lists a basic set of steps you can take in response to a cybersecurity breach. They suggest how you should secure your operations, fix vulnerabilities, and notify appropriate parties. A small business-focused cybersecurity consultant can help you respond to a recent incident and proactively develop a custom incident response plan.

What companies can help a small business with cybersecurity?

Small business cybersecurity requirements can vary greatly depending on your organization’s size, industry, supply chain, privacy laws, and location of your customers. A small business-focused cybersecurity consultant will be able to help you with security policies, governance, compliance, controls, assessments, and services. If you have internal information security resources, they can reach out to organizations that specialize in a specific tool, professional service, or managed service that you require.

Share this Post with Your Social Media Followers (use the icons on the left or the “Share This” bar on mobile).

Recent Blog Posts

Pin It on Pinterest

Share This