FTC’s cybersecurity guidance for small businesses

On October 18, 2018, the Federal Trade Commission (FTC) published – along with Department of Homeland Security, the National Institute of Standards and Technology, and the Small Business Administration – guidance for small businesses on how to deal with cyber threats and increase data security.

The FTC highlighted a dozen need-to-know topics: Cybersecurity Basics, Understanding the NIST Cybersecurity Framework, Physical Security, Ransomware, Phishing, Business Email Imposters, Tech Support Scams, Vendor Security, Cyber Insurance (thanks to the National Association of Insurance Commissioners), Email Authentication, Hiring a Web Host, and Secure Remote Access.

The FTC included videos and quizzes for in-house training and several other resources that can be used by small business to deal with data security.

Below an overview of the topics touched by the fact-sheets.

  1. Cybersecurity Basics. Provides advice on how to protect your files and devices, your wireless network, use security policies in your daily business.
  2. Understanding the NIST Cybersecurity Framework. Suggests the use of the NIST Cybersecurity Framework to enact best practices to help businesses reducing cybersecurity risks. The NIST Cybersecurity Framework covers five areas: Identify, Protect, Detect, Respond, and Recover.
  3. Physical Security. This fact-sheet gives advice on how to protect equipment & paper files, data on devices, and includes physical security in employees’ training.
  4. Ransomware.  The document explains how ransomware happens, how to protect your business and what to do when it your business is attacked.
  5. Phishing. The fact-sheet explains how phishing works, what shall be done before sharing sensitive business information, how to protect the business, and what to do once you felt for a phishing scheme.
  6. Business Email Imposters, which happens when a scammer sets up an email address that looks like it’s from your company. The FTC provides advice on how to protect businesses, and what to do if someone spoofs your email.
  7. Tech Support Scams. Sometimes businesses get a phone call, pop-up, or email informing that there’s a problem with the computer. The fact-sheet explains how to protect your business and what to do if you are scammed.
  8. Vendor Security. The facts-sheet warns businesses that it is important to make sure that vendors are also securing their own computers and networks. The document provides guidance on how to protect your business and what do to if a vendor has a security breach.
  9. Cyber insurance. The fact-sheet provides a list of incidents that should be covered by companies’ cyberinsurance policies. The document also explains what is first-party and third-party coverage and which coverage should you look for.
  10. Email Authentication. This link provides information on email authentication technology and advice on the use of email authentication tools.
  11. Hiring a Web Host. This document provides tips that will help businesses know what to look for when upgrading your business’s website, as well as tips that business owners should ask when hiring a web host provider, to make sure your business data is protected.
  12. Secure Remote Access. The fact-sheet advice on how to make employees and vendors follow strong security standards before they connect to the business’s network.


The page cybersecurity resources for your small business is available at https://www.ftc.gov…



For more information and for advice on privacy and data protection, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli.



Follow us on& Like us on