SlideShare ist ein Scribd-Unternehmen logo

Small Business Administration Recommendations

Meg Weber
Meg Weber

SBA Cyber Security Recommendations

Technologie
1 von 9
Downloaden Sie, um offline zu lesen
TRANSCRIPT - SBA Cybersecurity for Small Businesses SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA’s online training course: Cybersecurity for Small Businesses. SBA’s Office of Entrepreneurship Education provides this self-paced training exercise as introduction to securing information in a small business. You will find this course easy to follow and the subject matter indexed for quick reference and easy access. It will take about 30 minutes to complete the course. Additional time will be needed to review included resource materials and to complete the suggested next steps at the end of the course. As audio is used throughout the training, please adjust your speakers accordingly. A transcript and keyboard shortcuts are available to further assist with user accessibility. When you complete the course, you will have the option of receiving a completion confirmation from the SBA. 1.2 Course Objectives 1. The course has six key objectives: 2. Define Cybersecurity. 3. Explain the importance of securing information through best cybersecurity practices. 4. Identify types of information that should be secured. 5. Identify types of cyber threats. 6. Define risk management. 7. List best practices for guarding against cyber threats. 1.3 Course Topics This course will address four areas, defining the importance of information security and what you can do to keep your information safe: • What is cybersecurity? • Why is cybersecurity so important? • What are common cyber threats and crimes? • How do I determine my level of risk? • What can I do to protect my business? Numerous additional resources are identified to assist you. Visit the resource icon in the course player or locate additional tools, templates, and mentors on SBA.gov once you finish the course. Page 1 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses Let’s get started! 1.4 Background Cybersecurity is the comprehensive effort to protect computers, programs, networks, and data from attack, damage, or unauthorized access through technologies, processes, and best practices. Large businesses have been working to secure their information and systems, so small businesses are becoming more common targets because they have fewer resources than large companies have. Do you have information that needs to be secure? Consider: • Personal information for employees • Partner information • Sensitive information for customers/clients • Financial and sensitive business information Information needs to be secured in your systems. This means the information that should be kept confidential should be available when needed, and should be kept as accurate as possible. Your website also needs to be secure in order to prevent putting current or potential customers at risk. 1.5 Aspects of Information Security There are several different aspects of information security, including confidentiality, integrity, and availability. Some considerations for confidentiality include: only those who need access to information, and have been properly trained on cyber security, should have it, especially when the information is sensitive. Training people in cyber security prevents security breaches when those who are authorized accidentally disclose information. Your goal should be to ensure information is not disclosed to non-authorized people. Considerations for integrity include making sure your information is not improperly modified or destroyed. If you maintain information integrity, no one will be able to claim your information is inaccurate. Last is availability. Your information should always be available to you quickly and reliably. 1.6 Security Costs It is important to remember that there are costs for protecting information; there are also costs for not protecting information, which will be covered later in the risk topic. The costs for not protecting information can be much higher than those associated with protecting it. These costs could be associated with notifying victims that their information has been released, which can be very costly, both in terms of perception and litigation. You can lose customers who have lost confidence in your business after a security breach. Depending upon the type of business you have, you may have to pay Page 2 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses fines for not maintaining information security compliance. You may also have to reconfigure or replace hardware and/or software. 1.7 Threat Origins While there are multiple threats to information security including natural disasters and systems failure, most threats have a human at their origin. We will focus on the threats with human origins. Threats can be internal and external. Examples of external threats include experimenters and vandals, who are Amateur hackers, hactivists who have personal or political agendas, cybercriminals who are trying to make money, and information warriors who are professionals working for nation-states. Despite the broad range of external threats, internal threats account for 80% of security problems according to the National Institute of Standards and Technology, or NIST. Internal threats can be intentional or unintentional and can include issues such as non- business use of computers which can allow threats in. 1.8 Types of Threats There are a broad range of information security threats. Some of the most common threats include website tampering, theft of data, denial-of-service attacks, and malicious code and viruses. 1.9 Website Tampering Website tampering can be a very big problem for your business. Website tampering can take many forms, including defacing your website, hacking your system, and compromising web pages to allow invisible code, which will attempt to download spyware to your computer. Select each item to learn more. 1.10 Theft of Data Data theft also comes in several forms and the problems that come with data theft depend upon the kind of data that is stolen. Some examples of data theft include: • Theft of computer files • Inappropriate access to computer accounts • Theft of laptops and computers • Interception of emails or internet transactions • Phishing emails that trick you into giving away personal information • Spear phishing emails that deceive a specific group of people into responding • Identity theft Page 3 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses 1.11 Denial of Service Attacks A denial-of-service attack is an attack on a computer or website which locks the computer and/or crashes the system and results in stopped or slowed workflow, prevented communication, and halted eCommerce. Some common ways that attackers achieve denial-of-service attacks include: • Volumetric attacks, which attempt to use all available bandwidth and slow or stop performance and • TCP State-Exhaustion Attacks, which cause problems with things like firewalls and application servers The ultimate goal of these attacks is always to prevent you from conducting business of any kind with your internet connected systems. 1.12 Malicious Code and Viruses Malicious Code and viruses may be some of the better-known threats. These threats send themselves over the internet to find and send your files, find and delete critical data, or lock up the computer or system. They can hide in programs or documents, make copies of themselves, and install themselves on your system to record keystrokes to send to collection point. 1.13 Reasons for Vulnerabilities All of the threats we have discussed can be very scary. Before we can address how to prevent attacks, we must first investigate the reasons that small businesses are vulnerable to these kinds of attacks. • Computer hardware and software is outdated and/or insecure • Poor or missing security policies that do not establish security protocols. • Missing procedures for securing information • Lazy oversight • Loose enforcement of existing policies 1.14 Risk Let’s talk for a moment about risk management, beginning with risk assessment. Risk assessment is the technique of assessing, minimizing, and preventing accidental loss to a business through the use of safety measures, insurance, etc. Removing all of the risk factors associated with attacks can be costly, but you need to ask yourself, “How much risk can I live with?” Remember that no risk can be completely eliminated. If the consequence and probability of a breach is high, then your tolerance for risk is low. If the consequence is minor, more risk may be acceptable to you. If the risk is still too high after all protection efforts have been made, use commercial cyber insurance to “share” the risk/exposure. Contact your insurance provider to find out what options are available. Page 4 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses 1.15 Protecting Yourself from Human Vulnerabilities The first step to protecting the information in your business is to establish security policies. It’s very important that your security policies are comprehensive and up to date. You may have to revise your policies periodically as threats change. The second step to protecting information is ensuring that your employees both know and adhere to your security policies. Remember, most vulnerabilities have a human at their root! 1.16 Who Needs Training? Determine who will need to know the procedures. Consider: • Employees who use computers in their work • Help desk • System administrators • Managers/executives using specialized software • System maintenance • IT Out-sourcing 1.17 Training Basics You should train employees in basic security principles, and training should begin the first day at work. Include security policies and procedures, security threats and cautions, and basic security dos and don’ts in your training. 1.18 Continuing Education Training should continue with reminders and tools, including pamphlets, posters, newsletters, videos, rewards for good security, and periodic re-training - because people forget! Lack of training is one of the most significant information security weaknesses in most organizations. 1.19 Best Practices What should you actually train your employees on? How can you keep you information safe? You should address: • Safe internet practices • Safe email practices • Safe desktop practices 1.20 Internet Practices Some best practices to keep in mind when it comes to the internet include: • Do not surf the web with an administrative account • Do not download software from unknown pages Page 5 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses • Do not download files from unknown sources • Do not respond to popup windows requesting you to download drivers • Do not allow any websites to install software on your computer • Protect passwords, credit card numbers, and private information in web browsers and conduct online business and banking on secure connections Password manager tools can help you keep track of secure passwords for each site. 1.21 Email Practices Some best practices to keep in mind when it comes to email include: • Be careful when opening attachments • Don’t reply to unsolicited emails • Don’t click on links in an email 1.22 Desktop Practices Some desktop best practices include: • Use separate computer accounts for each user • Use passwords and don’t share • Use screen locking, log on and off, and power down your system at the end of the day • Don’t plug ”lost” infected USB drives into systems • Seriously consider encrypting sensitive data on your system. Try using your favorite search engine online to find encryption tools that will work within your computing environment. Select blue items to learn more. 1.23 Protecting Your Systems Now let’s discuss some ways to protect your information. There are several different areas you must consider in order to fully protect yourself. 1.24 Viruses, Spyware, Trojans, and Malware In order to protect yourself against viruses, spyware, trojans, and malware: • Install anti-virus software • Company-wide detection tools • Company-wide process • Assign responsibility in writing Page 6 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses • Up-to-date search definitions • Include employee’s home systems 21st century computers are complex and include mobile technology, tablets, and personal computers made by many different companies. These various systems tend to have different threats and often require different software in order to adequately protect against viruses, spyware, trojans, and malware. A basic understanding of your computer may help you protect it. Try searching for information about your particular system. 1.25 Hardware and Software Hardware and software protections require: • Secure internet connection and change passwords • Change passwords periodically • Use software firewalls • Patch operating systems and applications • Secure wireless access points 1.26 Backup Procedures Some people don’t consider how important backup procedures are for information security. Your goal should be the ability to restore systems and data to what existed before any threat is realized. Make back-up copies of important information and restore weekly. Store a backup copy offsite for safe keeping. You should also test your backups to make sure that they actually work. Also keep in mind the importance of disposing of old computers and media securely. Just because you’re finished with it doesn’t mean someone else can’t use it to get important information about you, your business, or your customers. 1.27 Summary That was a lot of information. In this course you have: • Learned what cybersecurity is • Learned why cybersecurity is important • Learned about common cybersecurity threats and crimes • Learned about risk assessment • Learned what you can do to protect your business 1.28 Next Steps Now what should you do? Follow these steps to begin securing your business from cyber threats. Page 7 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses Step 1. Conduct an analysis of information security needs Step 2. Assess the cost of losing your information Step 3. Create a plan to protect your information Step 4. Implement your plan through policies, training, and hardware and software controls 1.29 Resources SBA has a broad network of skilled counselors and business development specialists. Below is a short description of our resource partners: • There are more than 1,000 Small Business Development Centers (SBDCs) located around the country. SBDCs provide management assistance to current and prospective small business owners. • SCORE is a powerful source of free and confidential small business advice to help build your business. More than ten thousand SCORE volunteers are available to share their experience in lessons learned in small business. • Women’s Business Centers assist women and men in achieving their dreams by helping them start and run successful businesses. Some 90 WBCs are located around the country. • SBA has over 60 district offices located throughout the country to help you start and grow your business. • SBA's Small Business Learning Center is a powerful virtual campus with online training, videos, tools and links to local resources. Find your local resource using our handy zip-code tool: www.sba.gov/local-assistance There are additional cybersecurity resources you can access, including the National Institute of Standards and Technology, or NIST and the Department of Homeland Security (DHS). Most states have cybersecurity organizations as well. 1.30 Have a Question? Have a question? • Call SBA - 1-800 U ASK SBA (1-800 827-5722) • E-mail SBA - answerdesk@sba.gov • Locate a SCORE counselor, SBA district office near you, or an SBDC office near you at www.sba.gov/local-assistance • To provide feedback, comments or suggestions for other SBA online content, please use the following email: learning@sba.gov Page 8 of 9
TRANSCRIPT - SBA Cybersecurity for Small Businesses 1.31 Certificate Congratulations on completing this course. We hope it was helpful and provided a good working knowledge on how to successfully protect your business from cyber-attacks. Click the certificate to receive a course completion confirmation from the US Small Business Administration. Page 9 of 9

Empfohlen

information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
Kimberly Hood
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
CAS
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
Trustwave
 

Empfohlen

information security awareness course
information security awareness courseinformation security awareness course
information security awareness course
Abdul Manaf Vellakodath
 
Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...Information Security Awareness And Training Business Case For Web Based Solut...
Information Security Awareness And Training Business Case For Web Based Solut...
Michael Kaishar, MSIA | CISSP
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
Kimberly Hood
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
CAS
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Employee Security Awareness Program
Employee Security Awareness ProgramEmployee Security Awareness Program
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
Trustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education CatalogTrustwave Cybersecurity Education Catalog
Trustwave Cybersecurity Education Catalog
Trustwave
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
Daniel P Wallace
 
Topic11
Topic11Topic11
Topic11
Anne Starr
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
Mukalele Rogers
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
Ivo Depoorter
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
Vaughan Olufemi ACIB, AICEN, ANIM
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
BPalmer13
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
Pace IT at Edmonds Community College
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
Robert Straus
 
12 security policies
12 security policies12 security policies
12 security policies
Saqib Raza
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communication
SnapComms
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
guest34b014
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
Ana Meskovska
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
Dedi Dwianto
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig Clark
Service Desk Institute
 
Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019
Trustwave
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
Vivek Jindaniya
 
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
Meg Weber
 
TAG Luncheon: A+ Washington
TAG Luncheon: A+ WashingtonTAG Luncheon: A+ Washington
TAG Luncheon: A+ Washington
Meg Weber
 

Weitere ähnliche Inhalte

Was ist angesagt?

IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
Mukalele Rogers
 
Information security management
Information security managementInformation security management
Information security management
UMaine
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Bryan Len
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
Robert Straus
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
guest34b014
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
Ana Meskovska
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
Dedi Dwianto
 

Was ist angesagt? (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Topic11
Topic11Topic11
Topic11
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
 
Information security management
Information security managementInformation security management
Information security management
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
Cyber security vs information assurance
Cyber security vs information assuranceCyber security vs information assurance
Cyber security vs information assurance
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
PACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless AttacksPACE-IT, Security+3.4: Summary of Wireless Attacks
PACE-IT, Security+3.4: Summary of Wireless Attacks
 
Cybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex TrainingCybersecurity Training Seminars, 44 Courses : Tonex Training
Cybersecurity Training Seminars, 44 Courses : Tonex Training
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
CyberSec First Responder: Incident Response & Threat Analysis // CyberSAFE: S...
 
12 security policies
12 security policies12 security policies
12 security policies
 
Employee security awareness communication
Employee security awareness communicationEmployee security awareness communication
Employee security awareness communication
 
Computer Security Policy D
Computer Security Policy DComputer Security Policy D
Computer Security Policy D
 
2 Security And Internet Security
2 Security And Internet Security2 Security And Internet Security
2 Security And Internet Security
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
 
Hacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig ClarkHacking the Helpdesk, Craig Clark
Hacking the Helpdesk, Craig Clark
 
Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019Trustwave Cybersecurity Education Catalog 2019
Trustwave Cybersecurity Education Catalog 2019
 
Threat Modelling And Threat Response
Threat Modelling And Threat ResponseThreat Modelling And Threat Response
Threat Modelling And Threat Response
 

Andere mochten auch

2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
Meg Weber
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
Meg Weber
 

Andere mochten auch (6)

2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
 
TAG Luncheon: A+ Washington
TAG Luncheon: A+ WashingtonTAG Luncheon: A+ Washington
TAG Luncheon: A+ Washington
 
Cyber risk scorecards
Cyber risk scorecardsCyber risk scorecards
Cyber risk scorecards
 
Working with law enforcement
Working with law enforcementWorking with law enforcement
Working with law enforcement
 
Deber de ingles
Deber de inglesDeber de ingles
Deber de ingles
 
Future of cyber in the board room: Michael Cockrill Presents
Future of cyber in the board room: Michael Cockrill PresentsFuture of cyber in the board room: Michael Cockrill Presents
Future of cyber in the board room: Michael Cockrill Presents
 

Ähnlich wie Small Business Administration Recommendations

Information System Security
Information System Security Information System Security
Information System Security
Syed Asif Sherazi
 

Ähnlich wie Small Business Administration Recommendations (20)

1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Information and Cyber Warfare
Information and Cyber WarfareInformation and Cyber Warfare
Information and Cyber Warfare
 
Top 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptxTop 10 Measure to Mitigate Insider Security Threats.pptx
Top 10 Measure to Mitigate Insider Security Threats.pptx
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
Ijnsa050215
Ijnsa050215Ijnsa050215
Ijnsa050215
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...The Need for Internet Security for Small Businesses - 10 Best Practices | The...
The Need for Internet Security for Small Businesses - 10 Best Practices | The...
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
Information System Security
Information System Security Information System Security
Information System Security
 
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur ReviewHow to Protect Your Business from Cyber Threats | The Entrepreneur Review
How to Protect Your Business from Cyber Threats | The Entrepreneur Review
 
Cyber and information security operations and assurance
Cyber and information security operations and assurance Cyber and information security operations and assurance
Cyber and information security operations and assurance
 
Cyber Security Threats For Small Business- Detox Technologies.pdf
Cyber Security Threats For Small Business- Detox Technologies.pdfCyber Security Threats For Small Business- Detox Technologies.pdf
Cyber Security Threats For Small Business- Detox Technologies.pdf
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
The Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice GuideThe Small Business Cyber Security Best Practice Guide
The Small Business Cyber Security Best Practice Guide
 

Mehr von Meg Weber

Cybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-smallCybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-small
Meg Weber
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
Meg Weber
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks
Meg Weber
 
Nemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile ironNemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile iron
Meg Weber
 

Mehr von Meg Weber (20)

Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
 
Department of Homeland Security Guidance
Department of Homeland Security GuidanceDepartment of Homeland Security Guidance
Department of Homeland Security Guidance
 
Reasons to be secure
Reasons to be secureReasons to be secure
Reasons to be secure
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber Security
 
DHS Guidelines
DHS GuidelinesDHS Guidelines
DHS Guidelines
 
Online Trust Alliance Recommendations
Online Trust Alliance RecommendationsOnline Trust Alliance Recommendations
Online Trust Alliance Recommendations
 
Cybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-smallCybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-small
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks
 
Welcome to the Cyber Risk Summit
Welcome to the Cyber Risk SummitWelcome to the Cyber Risk Summit
Welcome to the Cyber Risk Summit
 
WCC Programs Overview
WCC Programs OverviewWCC Programs Overview
WCC Programs Overview
 
Audit summary from security solutions and ovation tech
Audit summary from security solutions and ovation techAudit summary from security solutions and ovation tech
Audit summary from security solutions and ovation tech
 
Jb hunt case study
Jb hunt case studyJb hunt case study
Jb hunt case study
 
Nemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile ironNemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile iron
 
State of indiana case study
State of indiana case studyState of indiana case study
State of indiana case study
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
Mark Anderson on Cyber Security
Mark Anderson on Cyber SecurityMark Anderson on Cyber Security
Mark Anderson on Cyber Security
 
Jimmy johns infractions
Jimmy johns infractionsJimmy johns infractions
Jimmy johns infractions
 
Can we be faster than disaster bill boyd
Can we be faster than disaster bill boydCan we be faster than disaster bill boyd
Can we be faster than disaster bill boyd
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Small Business Administration Recommendations

  • 1. TRANSCRIPT - SBA Cybersecurity for Small Businesses SBA Cybersecurity for Small Businesses 1.1 Introduction Welcome to SBA’s online training course: Cybersecurity for Small Businesses. SBA’s Office of Entrepreneurship Education provides this self-paced training exercise as introduction to securing information in a small business. You will find this course easy to follow and the subject matter indexed for quick reference and easy access. It will take about 30 minutes to complete the course. Additional time will be needed to review included resource materials and to complete the suggested next steps at the end of the course. As audio is used throughout the training, please adjust your speakers accordingly. A transcript and keyboard shortcuts are available to further assist with user accessibility. When you complete the course, you will have the option of receiving a completion confirmation from the SBA. 1.2 Course Objectives 1. The course has six key objectives: 2. Define Cybersecurity. 3. Explain the importance of securing information through best cybersecurity practices. 4. Identify types of information that should be secured. 5. Identify types of cyber threats. 6. Define risk management. 7. List best practices for guarding against cyber threats. 1.3 Course Topics This course will address four areas, defining the importance of information security and what you can do to keep your information safe: • What is cybersecurity? • Why is cybersecurity so important? • What are common cyber threats and crimes? • How do I determine my level of risk? • What can I do to protect my business? Numerous additional resources are identified to assist you. Visit the resource icon in the course player or locate additional tools, templates, and mentors on SBA.gov once you finish the course. Page 1 of 9
  • 2. TRANSCRIPT - SBA Cybersecurity for Small Businesses Let’s get started! 1.4 Background Cybersecurity is the comprehensive effort to protect computers, programs, networks, and data from attack, damage, or unauthorized access through technologies, processes, and best practices. Large businesses have been working to secure their information and systems, so small businesses are becoming more common targets because they have fewer resources than large companies have. Do you have information that needs to be secure? Consider: • Personal information for employees • Partner information • Sensitive information for customers/clients • Financial and sensitive business information Information needs to be secured in your systems. This means the information that should be kept confidential should be available when needed, and should be kept as accurate as possible. Your website also needs to be secure in order to prevent putting current or potential customers at risk. 1.5 Aspects of Information Security There are several different aspects of information security, including confidentiality, integrity, and availability. Some considerations for confidentiality include: only those who need access to information, and have been properly trained on cyber security, should have it, especially when the information is sensitive. Training people in cyber security prevents security breaches when those who are authorized accidentally disclose information. Your goal should be to ensure information is not disclosed to non-authorized people. Considerations for integrity include making sure your information is not improperly modified or destroyed. If you maintain information integrity, no one will be able to claim your information is inaccurate. Last is availability. Your information should always be available to you quickly and reliably. 1.6 Security Costs It is important to remember that there are costs for protecting information; there are also costs for not protecting information, which will be covered later in the risk topic. The costs for not protecting information can be much higher than those associated with protecting it. These costs could be associated with notifying victims that their information has been released, which can be very costly, both in terms of perception and litigation. You can lose customers who have lost confidence in your business after a security breach. Depending upon the type of business you have, you may have to pay Page 2 of 9
  • 3. TRANSCRIPT - SBA Cybersecurity for Small Businesses fines for not maintaining information security compliance. You may also have to reconfigure or replace hardware and/or software. 1.7 Threat Origins While there are multiple threats to information security including natural disasters and systems failure, most threats have a human at their origin. We will focus on the threats with human origins. Threats can be internal and external. Examples of external threats include experimenters and vandals, who are Amateur hackers, hactivists who have personal or political agendas, cybercriminals who are trying to make money, and information warriors who are professionals working for nation-states. Despite the broad range of external threats, internal threats account for 80% of security problems according to the National Institute of Standards and Technology, or NIST. Internal threats can be intentional or unintentional and can include issues such as non- business use of computers which can allow threats in. 1.8 Types of Threats There are a broad range of information security threats. Some of the most common threats include website tampering, theft of data, denial-of-service attacks, and malicious code and viruses. 1.9 Website Tampering Website tampering can be a very big problem for your business. Website tampering can take many forms, including defacing your website, hacking your system, and compromising web pages to allow invisible code, which will attempt to download spyware to your computer. Select each item to learn more. 1.10 Theft of Data Data theft also comes in several forms and the problems that come with data theft depend upon the kind of data that is stolen. Some examples of data theft include: • Theft of computer files • Inappropriate access to computer accounts • Theft of laptops and computers • Interception of emails or internet transactions • Phishing emails that trick you into giving away personal information • Spear phishing emails that deceive a specific group of people into responding • Identity theft Page 3 of 9
  • 4. TRANSCRIPT - SBA Cybersecurity for Small Businesses 1.11 Denial of Service Attacks A denial-of-service attack is an attack on a computer or website which locks the computer and/or crashes the system and results in stopped or slowed workflow, prevented communication, and halted eCommerce. Some common ways that attackers achieve denial-of-service attacks include: • Volumetric attacks, which attempt to use all available bandwidth and slow or stop performance and • TCP State-Exhaustion Attacks, which cause problems with things like firewalls and application servers The ultimate goal of these attacks is always to prevent you from conducting business of any kind with your internet connected systems. 1.12 Malicious Code and Viruses Malicious Code and viruses may be some of the better-known threats. These threats send themselves over the internet to find and send your files, find and delete critical data, or lock up the computer or system. They can hide in programs or documents, make copies of themselves, and install themselves on your system to record keystrokes to send to collection point. 1.13 Reasons for Vulnerabilities All of the threats we have discussed can be very scary. Before we can address how to prevent attacks, we must first investigate the reasons that small businesses are vulnerable to these kinds of attacks. • Computer hardware and software is outdated and/or insecure • Poor or missing security policies that do not establish security protocols. • Missing procedures for securing information • Lazy oversight • Loose enforcement of existing policies 1.14 Risk Let’s talk for a moment about risk management, beginning with risk assessment. Risk assessment is the technique of assessing, minimizing, and preventing accidental loss to a business through the use of safety measures, insurance, etc. Removing all of the risk factors associated with attacks can be costly, but you need to ask yourself, “How much risk can I live with?” Remember that no risk can be completely eliminated. If the consequence and probability of a breach is high, then your tolerance for risk is low. If the consequence is minor, more risk may be acceptable to you. If the risk is still too high after all protection efforts have been made, use commercial cyber insurance to “share” the risk/exposure. Contact your insurance provider to find out what options are available. Page 4 of 9
  • 5. TRANSCRIPT - SBA Cybersecurity for Small Businesses 1.15 Protecting Yourself from Human Vulnerabilities The first step to protecting the information in your business is to establish security policies. It’s very important that your security policies are comprehensive and up to date. You may have to revise your policies periodically as threats change. The second step to protecting information is ensuring that your employees both know and adhere to your security policies. Remember, most vulnerabilities have a human at their root! 1.16 Who Needs Training? Determine who will need to know the procedures. Consider: • Employees who use computers in their work • Help desk • System administrators • Managers/executives using specialized software • System maintenance • IT Out-sourcing 1.17 Training Basics You should train employees in basic security principles, and training should begin the first day at work. Include security policies and procedures, security threats and cautions, and basic security dos and don’ts in your training. 1.18 Continuing Education Training should continue with reminders and tools, including pamphlets, posters, newsletters, videos, rewards for good security, and periodic re-training - because people forget! Lack of training is one of the most significant information security weaknesses in most organizations. 1.19 Best Practices What should you actually train your employees on? How can you keep you information safe? You should address: • Safe internet practices • Safe email practices • Safe desktop practices 1.20 Internet Practices Some best practices to keep in mind when it comes to the internet include: • Do not surf the web with an administrative account • Do not download software from unknown pages Page 5 of 9
  • 6. TRANSCRIPT - SBA Cybersecurity for Small Businesses • Do not download files from unknown sources • Do not respond to popup windows requesting you to download drivers • Do not allow any websites to install software on your computer • Protect passwords, credit card numbers, and private information in web browsers and conduct online business and banking on secure connections Password manager tools can help you keep track of secure passwords for each site. 1.21 Email Practices Some best practices to keep in mind when it comes to email include: • Be careful when opening attachments • Don’t reply to unsolicited emails • Don’t click on links in an email 1.22 Desktop Practices Some desktop best practices include: • Use separate computer accounts for each user • Use passwords and don’t share • Use screen locking, log on and off, and power down your system at the end of the day • Don’t plug ”lost” infected USB drives into systems • Seriously consider encrypting sensitive data on your system. Try using your favorite search engine online to find encryption tools that will work within your computing environment. Select blue items to learn more. 1.23 Protecting Your Systems Now let’s discuss some ways to protect your information. There are several different areas you must consider in order to fully protect yourself. 1.24 Viruses, Spyware, Trojans, and Malware In order to protect yourself against viruses, spyware, trojans, and malware: • Install anti-virus software • Company-wide detection tools • Company-wide process • Assign responsibility in writing Page 6 of 9
  • 7. TRANSCRIPT - SBA Cybersecurity for Small Businesses • Up-to-date search definitions • Include employee’s home systems 21st century computers are complex and include mobile technology, tablets, and personal computers made by many different companies. These various systems tend to have different threats and often require different software in order to adequately protect against viruses, spyware, trojans, and malware. A basic understanding of your computer may help you protect it. Try searching for information about your particular system. 1.25 Hardware and Software Hardware and software protections require: • Secure internet connection and change passwords • Change passwords periodically • Use software firewalls • Patch operating systems and applications • Secure wireless access points 1.26 Backup Procedures Some people don’t consider how important backup procedures are for information security. Your goal should be the ability to restore systems and data to what existed before any threat is realized. Make back-up copies of important information and restore weekly. Store a backup copy offsite for safe keeping. You should also test your backups to make sure that they actually work. Also keep in mind the importance of disposing of old computers and media securely. Just because you’re finished with it doesn’t mean someone else can’t use it to get important information about you, your business, or your customers. 1.27 Summary That was a lot of information. In this course you have: • Learned what cybersecurity is • Learned why cybersecurity is important • Learned about common cybersecurity threats and crimes • Learned about risk assessment • Learned what you can do to protect your business 1.28 Next Steps Now what should you do? Follow these steps to begin securing your business from cyber threats. Page 7 of 9
  • 8. TRANSCRIPT - SBA Cybersecurity for Small Businesses Step 1. Conduct an analysis of information security needs Step 2. Assess the cost of losing your information Step 3. Create a plan to protect your information Step 4. Implement your plan through policies, training, and hardware and software controls 1.29 Resources SBA has a broad network of skilled counselors and business development specialists. Below is a short description of our resource partners: • There are more than 1,000 Small Business Development Centers (SBDCs) located around the country. SBDCs provide management assistance to current and prospective small business owners. • SCORE is a powerful source of free and confidential small business advice to help build your business. More than ten thousand SCORE volunteers are available to share their experience in lessons learned in small business. • Women’s Business Centers assist women and men in achieving their dreams by helping them start and run successful businesses. Some 90 WBCs are located around the country. • SBA has over 60 district offices located throughout the country to help you start and grow your business. • SBA's Small Business Learning Center is a powerful virtual campus with online training, videos, tools and links to local resources. Find your local resource using our handy zip-code tool: www.sba.gov/local-assistance There are additional cybersecurity resources you can access, including the National Institute of Standards and Technology, or NIST and the Department of Homeland Security (DHS). Most states have cybersecurity organizations as well. 1.30 Have a Question? Have a question? • Call SBA - 1-800 U ASK SBA (1-800 827-5722) • E-mail SBA - answerdesk@sba.gov • Locate a SCORE counselor, SBA district office near you, or an SBDC office near you at www.sba.gov/local-assistance • To provide feedback, comments or suggestions for other SBA online content, please use the following email: learning@sba.gov Page 8 of 9
  • 9. TRANSCRIPT - SBA Cybersecurity for Small Businesses 1.31 Certificate Congratulations on completing this course. We hope it was helpful and provided a good working knowledge on how to successfully protect your business from cyber-attacks. Click the certificate to receive a course completion confirmation from the US Small Business Administration. Page 9 of 9