Though many small businesses may think that they are too trivial to be the target of a cyberattack, even the smallest businesses can face cyberattack and can face serious repercussions, according to Pat Toth, supervisory computer scientist in the computer security division at the National Institute of Standards and Technology (NIST) and author of NIST’s cybersecurity guide “Small Business Information Security: The Fundamentals.”
“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” she said. “Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals.”
The guide, based on NIST’s 2014 “Framework for Improving Critical Infrastructure Cybersecurity,” provides small businesses with tools and best practices for maintaining their cybersecurity, such as training employees in security, encrypting data, and updating operating systems and applications.
“Many small businesses think that cybersecurity is too expensive or difficult; Small Business Information Security is designed for them,” Toth said. “In fact, they may have more to lose than a larger organization because cybersecurity events can be costly and threaten their survival.”
The National Cyber Security Alliance found that, in the wake of a cyberattack, 60 percent of small businesses close down within six months, as smaller businesses do not always have the resources or capital to cover the damages from an attack.
The guide also offers analysis of tools that businesses may purchase to improve their cybersecurity capabilities.
“We recommend backing up data through a cloud-service provider or a removable hard drive and keeping the backup away from your office, so if there is a fire, your data will be safe,” Toth said.