The latest publication by the National Institute of Standards and Technology (NIST), entitled “Small Business Information Security: The Fundamentals,” aims to promote and assist small businesses in their efforts to manage information security risks. Written by Celia Paulsen and Patricia Toth, the report speaks directly to the needs of growing businesses and suggests that the security of information, systems, and networks should be a top priority. Overall, the report explains some of the security issues unique to small businesses and offers a guideline for safeguarding information to help those businesses thrive. Below are several key takeaways from the report.
Small Businesses are Particularly Vulnerable
In many ways, small businesses have even more to lose than large ones simply because an event—whether a hacking, natural disaster, or business resource loss—can be incredibly costly. The report beings by noting that while cybersecurity improvements by some businesses have rendered them more difficult attack targets, this has led hackers and cyber criminals to focus more of their attention on less secure businesses. One reason for this is that small businesses, including startups, often lack the resources to invest in information security as larger businesses can. Many fall victim to cyber-crime. In a later comment on the report, author Pat Toth stated, "[s]mall businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals." She continued, "[small businesses] may have more to lose than a larger organization because cybersecurity events can be costly and threaten their survival."[i] National Cyber Security Alliance research adds further credibility to this assertion. It found that 60 percent of small businesses will close down within six months following a cybrattack.[ii]
Information Security is Good for Business
Another of the report’s goals is to refute the notion that information security is too cumbersome a task for a young business to undertake. In fact, investing in proper security is potentially excellent for business. Protecting customers’ information as well as personal employee information is a critical component of good customer service. Furthermore, a robust information security program can help small businesses grow and retain customers as well as employees and business partners. Nowadays, customers not only appreciate but have also come to expect that their sensitive information will be protected from theft, disclosure, or misuse. Therefore, it is necessary that your business protect customers’ information to establish their trust as well as increase your business. Additionally, business partners and vendors want to know that their information, systems, and networks are safe when doing business with you; therefore, it is important to be able to demonstrate that you have a method to protect their information. MORE