Business
Cybersecurity for Small & Medium Sized Business
In our digital age, cyber threats loom large for companies of all sizes. Yet many small and medium-sized businesses (SMB) remain vulnerable, lacking the resources of their larger counterparts. This represents a major risk. One cyber-attack can cripple operations and destroy customer trust.
As an SMB, you should not resign yourself to insecurity. With careful planning and smart investments, you can build robust cyber defenses tailored to your needs and budget. The key is taking a proactive approach, not a reactive one.
Implementing multi-factor authentication, updating software, training your employees on security best practices, and backing up data can go a long way.
SMBs would also be wise to partner with experienced managed service providers.
By leveraging outside expertise, companies gain an invaluable ally in the cyber battlefield. With the right strategy, SMBs can develop cybersecurity, befitting their stature - not as small fish but as influential engines of the economy. The threats are real, but so is our power to protect against them.
Device Security
By proactively approaching device security, you can safeguard your company's most valuable asset - its data. The threats are real, but with vigilance and the proper safeguards, your SMB can stay protected.
Maintain physical security of all devices approved for professional use and enable screen locks.
Keep all hardware and software updated with the latest versions.
Run and monitor an endpoint detection and response (EDR) solution on all systems.
Only allow trusted software to be installed on endpoints.
Maintain a remote wipe capability for organization-issued and BYOD devices if a device is lost or stolen.
Data Security
As an SMB, your company's data is one of its most valuable assets. Data breaches could devastate customer information, financial records, and intellectual property. That's why prioritizing data security should be at the top of your to-do list. Don't wait until it's too late. Take proactive steps now to protect your business.
Encrypt sensitive data on the network and implement a data loss prevention solution to safeguard against unauthorized access and disclosure.
Consider restricting the use of external drives on the network.
Maintain multiple redundant backups of all critical and sensitive data. Keep these backups off the network and test them regularly to ensure their integrity.
Create, modify, and exercise incident response and continuity of operations plans initiated during cybersecurity incidents.
Online Security
In today's digital landscape, online security is more critical than ever for small and medium businesses. As your company expands, so does your digital footprint and risk exposure. It only takes one breach to severely damage client trust and company reputation. That's why proactively investing in cybersecurity needs to be a top priority.
Only allow public Wi-Fi use with a virtual private network (VPN).
Have all staff take cybersecurity awareness training at least once a year, emphasizing learning how to identify potential social engineering schemes.
Require passwords that meet industry standards for length and complexity, as the National Institute of Standards and Technology (NIST) recommends.
Enable multi-factor authentication (MFA) for every user and every account, where possible. MFA should be required for remote connections.
Free Cybersecurity and Infrastructure Security Agency (CISA)
Tools and Resources
Stopransomware.gov. As part of the whole-of-government approach to combating ransomware, CISA created StopRansomware.gov, a one-stop-shop of free resources for organizations of any size to protect themselves from becoming victims of ransomware. If you have experienced a ransomware attack, we strongly recommend using the following checklist from our Ransomware Guide.
CISA Regional Support. Reach out to the CISA Regional Team for tailored assistance. They provide cyber and physical services to the sup CISA Regional Team to support the security and resilience of critical infrastructure owners, operators, and state, local, tribal, and territorial partners.
Cybersecurity Evaluation Tool (CSET). The Cybersecurity Evaluation Tool (CSET) is an open-source self-assessment tool designed for stakeholders to install on their endpoint devices. For those interested in using the tool or participating in CISA's open-source community, visit https://github.com/cisagov/cset. To download the file, click https://cset-download.inl.gov/.
Risk Management Considerations. For businesses and organizations considering using a Managed Service Provider (MSP) for their security services, review CISA's guidance on important risk management considerations.
Cloud Security. For businesses and organizations considering using a Cloud Service Provider (CSP), review CISA's guidance on cloud security.
Additional Resources
CyberWyoming
CyberWyoming aims to build national and Wyoming resilience by pulling business communities together on cybersecurity and advancing our State's security through information sharing.
Blue Cyber Education Series for Small Businesses
This site is sponsored by the US Air Force and has various training available.
Cybersecurity & Infrastructure Security Agency (CISA)
This is an operational component of the Department of Homeland Security. Cisa has cybersecurity publications and information on how to protect your business computers and how to know of internet threats.
Small and Medium Businesses | Cybersecurity and Infrastructure Security Agency CISA
Ransomware Vulnerability Warning Pilot Program (CISA)
This is no-cost resource for organizations to sign up for.
Please use this link to access the information.
Internet Crime Complaint Center (FBI)
This is a site that you can file a cyber complaint and to obtain additional information about Internet Crime.
Internet Crime Complaint Center(IC3) | File a Complaint