Tiêu đề Small Business Guide Cyber Security.pdf ✅

CYBERSECURITY FOR SMALL BUSINESS LEARN MORE AT: FTC.gov/SmallBusiness CYBERSECURITY BASICS Cyber criminals target companies of all sizes. Knowing some cybersecurity basics and putting them in practice will help you protect your business and reduce the risk of a cyber attack. PROTECT YOUR FILES & DEVICES Update your software This includes your apps, web browsers, and operating systems. Set updates to happen automatically. Secure your files Back up important files offline, on an external hard drive, or in the cloud. Make sure you store your paper files securely, too. Require passwords Use passwords for all laptops, tablets, and smartphones. Don’t leave these devices unattended in public places. Encrypt devices Encrypt devices and other media that contain sensitive personal information. This includes laptops, tablets, smartphones, removable drives, backup tapes, and cloud storage solutions. Use multi-factor authentication Require multi-factor authentication to access areas of your network with sensitive information. This requires additional steps beyond logging in with a password — like a temporary code on a smartphone or a key that’s inserted into a computer. LEARN MORE AT: FTC.gov/SmallBusiness
CYBERSECURITY FOR SMALL BUSINESS PROTECT YOUR WIRELESS NETWORK Secure your router Change the default name and password, turn off remote management, and log out as the administrator once the router is set up. Use at least WPA2 encryption Make sure your router offers WPA2 or WPA3 encryption, and that it’s turned on. Encryption protects information sent over your network so it can’t be read by outsiders. MAKE YOUR BUSINESS AS USUAL SMART SECURITY Require strong passwords A strong password is at least 12 characters that are a mix of numbers, symbols, and capital lowercase letters. Never reuse passwords and don’t share them on the phone, in texts, or by email. Limit the number of unsuccessful log-in attempts to limit password-guessing attacks. Train all staff Create a culture of security by implementing a regular schedule of employee training. Update employees as you find out about new risks and vulnerabilities. If employees don’t attend, consider blocking their access to the network. Have a plan Have a plan for saving data, running the business, and notifying customers if you experience a breach. The FTC’s Data Breach Response: A Guide for Business gives steps you can take. You can find it at FTC.gov/DataBreach. LEARN MORE AT: FTC.gov/SmallBusiness
CYBERSECURITY FOR SMALL BUSINESS LEARN MORE AT: FTC.gov/SmallBusiness Understanding THE NIST CYBERSECURITY FRAMEWORK You may have heard about the NIST Cybersecurity Framework, but what exactly is it? And does it apply to you? NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary. It gives your business an outline of best practices to help you decide where to focus your time and money for cybersecurity protection. You can put the NIST Cybersecurity Framework to work in your business in these five areas: Identify, Protect, Detect, Respond, and Recover. 1. IDENTIFY Make a list of all equipment, software, and data you use, including laptops, smartphones, tablets, and point-of-sale devices. Create and share a company cybersecurity policy that covers: 2. PROTECT • Control who logs on to your network and uses your computers and other devices. • Use security software to protect data. • Encrypt sensitive data, at rest and in transit. • Conduct regular backups of data. • Update security software regularly, automating those updates if possible. • Have formal policies for safely disposing of electronic files and old devices. • Train everyone who uses your computers, devices, and network about cybersecurity. You can help employees understand their personal risk in addition to their crucial role in the workplace. Roles and responsibilities for employees, vendors, and anyone else with access to sensitive data. Steps to take to protect against an attack and limit the damage if one occurs.
CYBERSECURITY FOR SMALL BUSINESS 3. DETECT Monitor your computers for unauthorized personnel access, devices (like USB drives), and software. Check your network for unauthorized users or connections. Investigate any unusual activities on your network or by your staff. 4. RESPOND Have a plan for: • Notifying customers, employees, and others whose data may be at risk. • Keeping business operations up and running. • Reporting the attack to law enforcement and other authorities. • Investigating and containing an attack. • Updating your cybersecurity policy and plan with lessons learned. • Preparing for inadvertent events (like weather emergencies) that may put data at risk. Test your plan regularly. 5. RECOVER After an attack: Repair and restore the equipment and parts of your network that were affected. Keep employees and customers informed of your response and recovery activities. For more information on the NIST Cybersecurity Framework and resources for small businesses, go to NIST.gov/CyberFramework and NIST.gov/Programs-Projects/Small-Business-Corner-SBC. LEARN MORE AT: FTC.gov/SmallBusiness