Small businesses aren’t taking the necessary precautions to protect themselves from cyber attacks, according to the U.S. Federal Communications Commission (FCC) – but Uncle Sam wants to help.
The U.S. Government agency, better known for battles over media deregulation, is now looking ot help small businesses secure their networks and IT assets, according to a roundtable discussion this week. Small businesses are ill prepared for the cyber security challenges of a new world in which Internet access will be critical to almost every business, according to panel members, who called for a “culture change” regarding network security similar to that which they compared to the changes in public opinion about smoking over the last few decades.
The round table is part of the larger National Initiative for Cybersecurity Education (NICE), a partnership led by the National Institute for Standards and Technology (NIST). The partnership is designed to educate small businesses about broadband Internet connections and other technologies that can greatly increase revenue. Securing small business networks goes hand in hand with that effort, so the FCC has created a cyber security tip sheet along with private sector partners including the US Chamber of Commerce, McAfee, and Symantec.
Many small businesses in the U.S. have a “throw your hands in the air” attitude about security, assuming either that intrusions are too complicated for them to effectively mitigate or that their company is not a viable target. That’s a contrast to large enterprises, most of which have taken the necessary steps to secure their networks, and have, as a result, become more difficult to compromise. Fully 74% of small to mid-size businesses have reported being affected by an attack of one kind or another in the last year according to data from Symantec.
Secretary Michael Chertoff, Chairman of Chertoff Group pointed to a few areas of critical concern in protecting small businesses from intrusions. According to him, these companies need to be concerned with how they protect sensitive transactional information, proprietary business data, intellectual property, and the personally identifiable information of their customers, employees, and contractors in addition to being vigilant regarding criminal extortion threats against their networks, like DDoS and external attacks.
Firms need to take appropriate precautions that will help prevent cyber attacks. However, no defense is perfect, so there needs to be a plan in place to respond to and survive attacks. That includes backing up data, putting the necessary security mechanisms in place, and perhaps most importantly, educating employees about common cyber security risks, panel members agreed. Among the tips recommended by the FCC panel:
- Train employees in security principles.
- Protect information, computers and networks from viruses, spyware and other malicious code.
- Provide firewall security for your Internet connection
- Download and install software updates for your operating systems and applications as they become available.
- Make backup copies of important business data and information.
- Control physical access to your computers and network components.
- Secure your Wi-Fi networks.
- Require individual user accounts for each employee.
- Limit employee access to data and information, and limit authority to install software.
- Regularly change passwords.
