This document is written for small businesses that operate in a home office or a small business office. Their information technology (IT) typically consists of mobile phones, laptops or desktops, wireless routers and, in some cases, cloud services (e.g., O365). Their software typically consists of email, Microsoft Office, accounting software, social media and specialized software for their business sector.

Guiding Principles for the Small Business Cyber Security Guide:

• Each business has its own cybersecurity risk profile and different risk appetites.
• Eliminating all risk is not economically feasible. Reducing risk to an acceptable level is the goal.
• Leverage the high quality best practice security content and tools that are publicly available.
• Use security practices that are likely to reduce cyber risk posed by moderately skilled, opportunistic attackers.
• Preventing a security incident is much cheaper and less disruptive than reacting to one. Consider that 44 percent of small businesses reported being the victim of a cyber attack, with an average cost of approximately $9,000 per attack. (Source: 2013 Small Business Technology Survey, National Small Business Association).

APPROACH
Work safely on-line. Understand the basics of cyber threats, risks and defensive measures.

RESOURCES

• First watch Cyber Security 101: Is your business safe?: An on-line, 60 min learning course and assessment for non-technical small business owners and employees.
• Read and follow these recommendations. It describes in easy-to-understand language steps that will provide immediate benefits.

APPROACH
Build on your results from the previous “Better” Step by planning and implementing more cyber security program elements.

RESOURCES

• Create a custom cybersecurity plan for your small business with the Federal Communication Commission’s (FCC) Small Biz Cyber Planner 2.0. This Planner is an online resource that allows you to pick the specific topics you need for your business. The end results is a downloadable plan.
• To develop security policies, use these templates
• For employee awareness, use National Cyber Security Alliance’s “CyberSecure My Business™” monthly newsletter
• Data Breach Response: A Guide for Business. This guide addresses the steps to take once a breach has occurred.

For free security checkups of your systems and devices:

• Free Online Security Checkups and Tools: Visit any of the recommended links to check your devices for known viruses and spyware and see if your device is vulnerable to cyber attacks.
• Free DHS security checkups: DHS offers free cyber hygiene vulnerability scanning for small businesses. This service can help secure your internet-facing systems from weak configuration and known vulnerabilities. You will receive a weekly report for your action.