Cybersecurity needs to be part of your business plan because any company that uses the Internet is exposed to digital risks, regardless of size or industry. A few key points from the guidance: - **Theft of digital information is now the most commonly reported fraud**, ahead of physical theft. - Even basic activities—like using email, maintaining a website, or adopting cloud tools—create entry points for attackers. - Customers expect you to protect their data; a visible commitment to security helps **build business and consumer confidence**. For small businesses, a single incident (like stolen customer records, compromised payment data, or locked systems from malware) can disrupt operations, damage your reputation, and create unexpected costs. The FCC has created resources specifically for small businesses, such as the **Small Biz Cyber Planner 2.0** and a **one-page Cybersecurity Tip Sheet**, to help you build a practical, right-sized cybersecurity plan. Treating cybersecurity as a normal part of how you run the business—rather than an afterthought—helps you protect your data, your customers, and your ability to operate day to day.

You don’t need an enterprise-sized budget to meaningfully reduce your risk. The FCC highlights 10 practical steps that work well for small businesses: 1. **Train employees in security basics** - Require strong passwords and clear internet use guidelines. - Explain how to handle and protect customer information and other sensitive data. - Make sure employees understand there are consequences for ignoring security policies. 2. **Keep information, computers, and networks protected** - Keep all devices “clean” with up-to-date security software, web browsers, and operating systems. - Set antivirus to scan after each update and install software patches as soon as they’re available. 3. **Use a firewall for your internet connection** - Turn on the operating system’s built-in firewall or install reputable free firewall software. - If employees work from home, ensure their home systems are also protected by a firewall. 4. **Create a mobile device action plan** - Require passwords on phones and tablets that access company data. - Encrypt data on mobile devices and install security apps. - Set clear reporting procedures for lost or stolen devices. 5. **Back up important business data regularly** - Identify critical data (documents, spreadsheets, databases, financial files, HR files, accounts receivable/payable). - Back up automatically if possible, or at least weekly. - Store backups offsite or in the cloud. 6. **Control physical access and use separate user accounts** - Prevent unauthorized people from using business computers. - Lock up laptops when unattended. - Give each employee their own user account and require strong passwords. - Limit administrative privileges to trusted IT staff and key personnel. 7. **Secure your Wi‑Fi network** - Make sure your Wi‑Fi is secure, encrypted, and hidden. - Configure your router so it does not broadcast the network name (SSID). - Password-protect access to the router. 8. **Follow best practices for payment cards** - Work with your bank or payment processor to use trusted, validated tools and anti-fraud services. - Understand and meet any security obligations in your agreements. - Isolate payment systems from other, less secure programs. - Avoid using the same computer for payment processing and general web browsing. 9. **Limit employee access and software installation rights** - Give employees access only to the systems and data they need for their jobs. - Do not allow employees to install software without approval. 10. **Strengthen passwords and authentication** - Require unique passwords and have employees change them every three months. - Consider multi-factor authentication (MFA) for sensitive systems. - Ask your banks and other vendors handling sensitive data if they offer MFA. If you’re looking for a starting point, focus first on employee training, keeping systems updated, backups, and strong passwords/MFA. These steps address many of the most common small-business attacks.

You have access to several reputable, small-business-focused resources that can help you reimagine how you manage cybersecurity without starting from scratch. From the FCC and U.S. government: - **FCC Small Biz Cyber Planner 2.0**: An online tool to help you build a customized cybersecurity plan tailored to your business. - **FCC Cybersecurity Tip Sheet**: A one-page summary with practical tips, including mobile device and payment/credit card security. - **NIST Small Business Cybersecurity Corner**: Guidance, templates, and tools designed specifically for small organizations. - **FTC Cybersecurity for Small Business**: Plain-language advice on topics like ransomware, phishing, and data protection. - **CISA: Secure Your Business**: Checklists and best practices to help you reduce cyber risk. From industry and nonprofit organizations: - **National Cyber Security Alliance (NCSA) – Small and Medium-Sized Business Resources**: Educational materials and best practices. - **Global Cyber Alliance (GCA) Cybersecurity Toolkit for Small Business**: A set of **free cybersecurity tools** and resources you can start using quickly. - Articles and reports such as: - *What Small Business Owners Need to Know About Cybersecurity* (Entrepreneur Magazine) - *3 Biggest Cybersecurity Threats Facing Small Businesses Right Now* (Entrepreneur Magazine) - *Microsoft Cybersecurity Tips and Technology for Small Businesses* - *FICO and U.S. Chamber of Commerce Assessment of Cyber Security Risk Report* Additional support: - **SCORE: How to Protect Your Small Business from a Cyber Attack**: Educational content and mentoring resources for small business owners. These resources are designed to help you: - Understand your main cyber risks. - Put basic protections in place using clear, actionable steps. - Rethink how you handle data, devices, and payments so security becomes part of everyday operations. You can start by using the FCC Small Biz Cyber Planner 2.0 to outline your plan, then use NIST, FTC, CISA, and GCA toolkits to fill in the details with specific controls, tools, and training materials.