Small businesses can feel the pain of a cyber-attack more than most enterprises. With scarce resources to allocate beyond business operations, small businesses are a prime target for cyber criminals.
There’s a false statistic circulating that 60% of small businesses fail within six months of a cyber-attack. While the number may be exaggerated, small businesses do have a hard time responding appropriately.
It’s not surprising that a cyber-attack, with all the costs and time involved, can derail a small business. Luckily, the FTC has recently provided some recourse for the little guys.
Recognizing these struggles, the FTC launched a website dedicated to help small businesses avoid scams and protect their computers and networks from cyber-attacks.
The FTC markets their new site as, “a one-stop shop where small businesses can find information to protect themselves from scammers and hackers.”
They cite several ways small businesses are specifically targeted by cyber criminals:
- Social engineering tactics charging the business for supplies they didn’t order
- Soliciting donations for fake charities
- Phishing small businesses into giving access and control to computers and networks
The resources on the FTC site include:
- Small Business Computer Security Basics Guide
- Information on responding to a data breach
- Guidance on threats like ransomware and phishing
There’s been a push lately to educate small and medium sized businesses on cyber risks and threats. We’ve seen guidance trickle down from regulators (see article PCI Guide for Small and Medium-Sized Businesses), and this website from FTC provides yet another resource for businesses to leverage.
One benefit to guidance materials like these from the FTC: in the event of an incident an organization can probably gain some points with the regulators by showing their due diligence with the provided regulatory cyber tools and resources.
We also strongly encourage small businesses to take advantage of the cyber risk management resources in their cyber insurance policies. We provide policyholders with easy tools to leverage:
- Phishing training courses
- Sample security policies and procedures
- Cyber security fitness check
- Incident Response Plan templates and guidance
Reach out to firstname.lastname@example.org for any help accessing these resources, or to schedule a meeting with our Virtual-CISOs to discuss any of your cyber initiatives.