Sobel & Co. LLC,  accounting firm livingston,  accounting firm livingston

Sobel and Co Secure File Sharing  Sobel and Co Site Search

Sobel and Co Client Portal Access  Pay My Bill at SobelCo

973-994-9494 Sobel and Co LinkedIn PageSobel and Co Facebook PageSobel and Co BlogSobel and Co Facebook Page

Small Business Cybersecurity - How to Get Started

Print Friendly, PDF & Email

I was recently a panelist for a webinar on Cybersecurity and Fraud Vulnerability during COVID-19. Many audience members owned or worked for small businesses, and were overwhelmed by the scope and scale of the risks the panel discussed. They didn’t know where to even start the process of addressing such risks. They wondered how a small business should approach the management and mitigation of cybersecurity and fraud risks without the sophisticated systems and financial means of larger companies. While risk management and mitigation can be daunting to small businesses, there are resources available to educate and assist the small business owner in understanding their risks and implementing controls to reduce them.

Small businesses tend to be soft targets for cyber criminals and fraudsters because they generally have fewer resources to devote to security and sophisticated controls. As the webinar panel discussed, security is best achieved by implementing multiple layers of protection, and businesses need to consider the different components of security, for example, physical, personnel, and operational, in order to build a comprehensive safety net.

The National Institute of Standards and Technology (“NIST”) has issued a publication titled “Small Business Information Security: The Fundamentals” [NISTIR 7621 Revision 1], available free of charge. This publication provides guidance on how small businesses can provide basic security for their information, systems, and networks. It is written without technical jargon, breaks down the issues of cybersecurity for small business into easily understood topics, and suggests ways to identify, evaluate, and resolve cybersecurity vulnerabilities. Based on guidance from NIST’s Framework for Improving Critical Infrastructure Cybersecurity, the reader will come away with a basic, but valuable, education in the fundamentals of cybersecurity to use as a foundation for building a more secure infrastructure.

NIST also maintains a Small Business Cybersecurity Corner, where one can find information on topics such as telework security and tips for securing conference calls, as well as resources where one can access free and low cost online cybersecurity learning content.

Another source of useful information for small businesses is the Center for Internet Security (“CIS”). This site offers information on cybersecurity best practices, tools, and threats. It is more technical than the NIST publication mentioned above, but offers a wealth of information that can help small businesses. I recommend reading their Resource Guide for Cybersecurity During the COVID-19 Pandemic for a summary of prominent scams and quick tips to help prevent your organization from becoming a victim.

The Federal Trade Commission includes a section about protecting small businesses on its website. Here, one can find information about both cybersecurity and the fraud scams that target small businesses.

The Association of Certified Fraud Examiners (“ACFE”) has a Fraud Prevention Check-Up tool available on its website. This tool can help small business owners assess their own vulnerabilities to fraud and it identifies various internal controls that can be implemented to strengthen the organization against fraud.

While cybersecurity and fraud risks can seem to be insurmountable for the small business owner, doing even small things to mitigate the risks is better than doing nothing at all. The resources listed above can be a worthwhile starting point to begin getting your arms around these issues, and become better educated about how best to handle your own small business’ needs. If you would like to learn more, the professionals at SobelCo can help you assess your situation and find solutions to mitigate your cybersecurity and fraud risks.

Rebecca Fitzhugh, SobelCo