Strong small and medium-sized businesses are a critical component of our nation’s economy. Due to the sensitive consumer data small businesses house – including personal and financial account information – they have become a prime target for cyber attacks. Cybercriminals recognize that small businesses hold very valuable consumer data and often lack the resources to put in place strong cybersecurity practices, leaving them more vulnerable to attacks. For small businesses, cyber resources could mean financial resources to dedicate to cybersecurity, hiring cybersecurity professionals, or purchasing software to protect against attacks. Lacking in any or all of these cyber resources can leave a small business very susceptible to a cyber breach.

From the start, it is imperative for small business to make cybersecurity a top priority. Not only are small and medium-sized companies at high risk of a cyber attack, but when they experience a breach, the fallout can be devastating.

It is critical for businesses to take steps to defend against a cyber attack and prepare for how to keep operations running in the event that a cyber breach does occur. Cybercriminals take advantage of the uninformed and complacent, so Department of Homeland Security (DHS) encourages you to be proactive in strengthening your company’s cybersecurity. These measures include:

1. Installing security software. Make sure all of your organization’s computers are equipped with antivirus software and antispyware. Update the software regularly.
2. Securing your Internet. Secure your Internet connection by using a firewall, encrypt information, and password protect or hide your Wi-Fi network.
3. Having a plan. Establish security practices and policies to protect sensitive information.
4. Educating employees. Take time to educate your employees about cyber threats and how to protect against them. Hold employees accountable to the Internet security policies.
5. Using strong passwords. Require employees to use strong passwords and to change them often. Lock down your login by enabling two-factor authentication on all business and personal accounts, when available.

Resources Available to Small and Medium-Sized Businesses

The government and private sector both provide various tools and resources for small and medium business owners to improve their cybersecurity. Here is a list of resources that are available to you at no cost:

• Use the Department of Homeland Security's C³ Voluntary Program Small and Midsize Business Toolkit for resources to help your business recognize and address cybersecurity risks.
• Use The National Initiative for Cybersecurity Careers & Studies (NICCS) to find training for your technical and non-technical team members. NICCS is the nation's one-stop shop for cybersecurity careers and studies.
• Create a custom cyber security plan for your small business with the Federal Communication Commission's (FCC) Small Biz Cyber Planner 2.0.
• Get information from the United States Computer Emergency Readiness Team (US-CERT) on how to secure your business network.
• Learn about compliance resources on collecting sensitive data from consumers and employees from the Federal Trade Commission (FTC).
• Safeguard your business, employees, and customers from online attacks, data loss, and other threats with resources from the National Cyber Security Alliance (NCSA).

For more information about cybersecurity for businesses, please visit the Stop.Think.Connect. Toolkit at www.dhs.gov/publication/stopthinkconnect-small-business-resources.