VCSP Small Business Cybersecurity Outreach Mission
Provide the Commonwealth’s small business community cybersecurity resources designed to raise awareness of cyber risks and practical techniques to address them.
Guiding Principles for the Small Business Cyber Security Guide
This document is written for small businesses that operate in a home office or a small business office. Their information technology (IT) typically consists of mobile phones, laptops or desktops, wireless routers and, in some cases, cloud services (e.g., O365). Their software typically consists of email, Microsoft Office, accounting software, social media and specialized software for their business sector.
Guiding Principles for the Small Business Cyber Security Guide:
- Each business has its own cybersecurity risk profile and different risk appetites.
- Eliminating all risk is not economically feasible. Reducing risk to an acceptable level is the goal.
- Leverage the high quality best practice security content and tools that are publicly available.
- Use security practices that are likely to reduce cyber risk posed by moderately skilled, opportunistic attackers.
- Preventing a security incident is much cheaper and less disruptive than reacting to one. Consider that 44 percent of small businesses reported being the victim of a cyber attack, with an average cost of approximately $9,000 per attack. (Source: 2013 Small Business Technology Survey, National Small Business Association).
Work safely on-line. Understand the basics of cyber threats, risks and defensive measures.
Build on your results from the previous “Good” Step. Add more defense to your cyber arsenal.
- Use the GCA Cybersecurity Toolkit to assess your security posture, implement free tools, find practical tips, and use free resources and guides to improve your company’s cybersecurity readiness and response. The toolkit is based on the Center for Internet Security Controls; addressing the first five CIS Controls can significantly reduce your risk of cyber-attack.
- Additional recommendations. This document expands the previous Step and includes ransomware, phishing, data breaches, web hosting and more.
Build on your results from the previous “Better” Step by planning and implementing more cyber security program elements.
- Create a custom cybersecurity plan for your small business with the Federal Communication Commission’s (FCC) Small Biz Cyber Planner 2.0. This Planner is an online resource that allows you to pick the specific topics you need for your business. The end results is a downloadable plan.
- To develop security policies, use these templates
- For employee awareness, use National Cyber Security Alliance’s “CyberSecure My Business™” monthly newsletter
- Data Breach Response: A Guide for Business. This guide addresses the steps to take once a breach has occurred.
For free security checkups of your systems and devices:
- Free Online Security Checkups and Tools: Visit any of the recommended links to check your devices for known viruses and spyware and see if your device is vulnerable to cyber attacks.
- Free DHS security checkups: DHS offers free cyber hygiene vulnerability scanning for small businesses. This service can help secure your internet-facing systems from weak configuration and known vulnerabilities. You will receive a weekly report for your action.
The information and content provided by the VCSP such as resources, guidance (“Content”) merely constitute information that may be useful to you as part of your independent business considerations but are not intended to provide and should not and cannot be considered as legal or technical advice or opinion. The Content are intended for informational and educational use only. Cybersecurity risks and needs vary widely by organization and are constantly changing. You therefore assume sole responsibility for any and all actions you take based upon your use of, or any information provided by the VCSP. Any reliance upon the Content is at your sole risk. We make no guarantees as to your or any other person’s cybersecurity, technical, or legal compliance, conformity, or levels of security or maturity achieved.