Presented by:
Training Course: Cybersecurity for Small Businesses
This self-paced training exercise provides an introduction to securing information in a small business.Topics include: Defining cybersecurity; Explaining the importance of securing information through best cybersecurity practices; Identifying types of information that should be secured; Identifying the types of cyber threats; Defining risk management; and Listing best practices for guarding against cyber threats.
Once you click on the following button the course will open in a different window. To return to this page simply hit the browser's 'back' button.
Other Courses That May Interest You:
- How To Gain A Competitive Advantage
- How To Grow An Established Company
- How To Improve Your Customer Service
- How To Perform A Market Research
- How to Prepare a Loan Package
- Pricing Models for Successful Business
- Small Business Sales Management
- Successful Small Business Marketing
- Understanding Small Business Accounting
- How to Understand Your Customers
- How To Finance a Business
- Business Plan Training Course
- Developing Values for Your Business
- How To Buy A Business
- How To Choose A Franchise
- How To Create A Strategic Plan
- How To Export
- How To Find And Attract Investors
- How To Recruit And Keep Employees
- How To Sell A Business
- Marketing A High-Tech Product
- Pricing In Small Business
- Cyber Security for Small Businesses
For Additional Small Business Management Knowledge Feel Free to Explore the Following Topics:
Text Transcript of The Course
1.3 Course Topics
This course will address four areas, defining the importance of information security and what you can do to keep your information safe:
• What is cybersecurity?
• Why is cybersecurity so important?
• What are common cyber threats and crimes?
• How do I determine my level of risk?
• What can I do to protect my business?
Numerous additional resources are identified to assist you. Visit the resource icon in the course player or locate additional tools, templates, and mentors on SBA.gov once you finish the course.
Let’s get started!
1.4 Background
Cybersecurity is the comprehensive effort to protect computers, programs, networks, and data from attack, damage, or unauthorized access through technologies, processes, and best practices. Large businesses have been working to secure their information and systems, so small businesses are becoming more common targets because they have fewer resources than large companies have. Do you have information that needs to be secure? Consider:
• Personal information for employees
• Partner information
• Sensitive information for customers/clients
• Financial and sensitive business information
Information needs to be secured in your systems. This means the information that should be kept confidential should be available when needed, and should be kept as accurate as possible. Your website also needs to be secure in order to prevent putting current or potential customers at risk.
1.5 Aspects of Information Security
There are several different aspects of information security, including confidentiality, integrity, and availability.
Some considerations for confidentiality include: only those who need access to information, and have been properly trained on cyber security, should have it, especially when the information is sensitive. Training people in cyber security prevents security breaches when those who are authorized accidentally disclose information. Your goal should be to ensure information is not disclosed to non-authorized people.
Considerations for integrity include making sure your information is not improperly modified or destroyed. If you maintain information integrity, no one will be able to claim your information is inaccurate.
Last is availability. Your information should always be available to you quickly and reliably.
1.6 Security Costs
It is important to remember that there are costs for protecting information; there are also costs for not protecting information, which will be covered later in the risk topic.
The costs for not protecting information can be much higher than those associated with protecting it. These costs could be associated with notifying victims that their information has been released, which can be very costly, both in terms of perception and litigation. You can lose customers who have lost confidence in your business after a security breach. Depending upon the type of business you have, you may have to pay fines for not maintaining information security compliance. You may also have to reconfigure or replace hardware and/or software.
1.7 Threat Origins
While there are multiple threats to information security including natural disasters and systems failure, most threats have a human at their origin. We will focus on the threats with human origins.
Threats can be internal and external. Examples of external threats include experimenters and vandals, who are Amateur hackers, hactivists who have personal or political agendas, cybercriminals who are trying to make money, and information warriors who are professionals working for nation-states.
Despite the broad range of external threats, internal threats account for 80% of security problems according to the National Institute of Standards and Technology, or NIST. Internal threats can be intentional or unintentional and can include issues such as non- business use of computers which can allow threats in.
1.8 Types of Threats
There are a broad range of information security threats. Some of the most common threats include website tampering, theft of data, denial-of-service attacks, and malicious code and viruses.
1.9 Website Tampering
Website tampering can be a very big problem for your business. Website tampering can take many forms, including defacing your website, hacking your system, and compromising web pages to allow invisible code, which will attempt to download spyware to your computer.
Select each item to learn more.
1.10 Theft of Data
Data theft also comes in several forms and the problems that come with data theft depend upon the kind of data that is stolen. Some examples of data theft include:
• Theft of computer files
• Inappropriate access to computer accounts
• Theft of laptops and computers
• Interception of emails or internet transactions
• Phishing emails that trick you into giving away personal information
• Spear phishing emails that deceive a specific group of people into responding
• Identity theft
1.11 Denial of Service Attacks
A denial-of-service attack is an attack on a computer or website which locks the
computer and/or crashes the system and results in stopped or slowed workflow, prevented communication, and halted eCommerce. Some common ways that attackers achieve denial-of-service attacks include:
• Volumetric attacks, which attempt to use all available bandwidth and slow or stop performance and
• TCP State-Exhaustion Attacks, which cause problems with things like firewalls and application servers
The ultimate goal of these attacks is always to prevent you from conducting business of any kind with your internet connected systems.
Copyright © by Bizmove. All rights reserved.