Cybersecurity is critical to all businesses, especially small businesses. In order to understand cybersecurity, we’ll begin our Cybersecurity Basics with some definitions, why cybersecurity is relevant to small businesses, and a review of some of the legal requirements associated with data security and consumer privacy.
Cyberspace is the global interdependent network of information technology infrastructures, including the Internet, telecommunications networks and computer systems. Information Systems are a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information. Cyberattacks target an enterprises’ use of cyberspace for the purposes of disrupting, disabling, destroying and/or controlling data. Cybersecurity then, is simply the ability to protect or defend the use of cyberspace from cyberattacks.
A whopping 66% of small and medium-sized businesses were the victims of a cyberattack in 2019. The average financial cost of cyberattacks to a small business over 12 months is high at $25,612. Remote work has increased the average cost of a data breach by $137,000. In 2020, 20% of small businesses said they faced a security breach because of a remote worker. Nearly a quarter of firms said a cyberattack damaged their brand and reputation and 59% of small businesses have no contingency plan even though one-in-six firms that experienced an attack said the impact was serious enough to threaten the viability of the company.
In short, every business is at risk for a cyberattack.
For general information on small business cybersecurity, visit:
- SBA – Stay Safe from Cybersecurity Threats
- FTC Cybersecurity for Small Businesses
- NIST Cybersecurity Insights
- CISA Small Business Resources.
For more statistics on small business cybersecurity, see reports from:
Cybersecurity Basics: Laws & Regulations
The following is a list of federal regulations governing data security and consumer privacy, which affect small businesses. This information provided should not be used as a substitute for consultation with a legal advisor. Always consult legal professionals to ensure compliance with federal and state laws and regulations.
The relevant components of the broader regulations are summarized here:
- The Federal Trade Commission Act (FTCA) prohibits unfair or deceptive practices in relation to offline and online privacy and data security. The FTC has authority to charge companies that fail to protect consumer personal data: leaving such data vulnerable to cyberattacks, altering privacy policies without providing notice and/or failing to comply with posted privacy policies.
- The Title V Gramm-Leach Bliley Act (GLB) regulates the collection, use and disclosure of financial information. It requires written notice of privacy procedures, the attainment of consent for utilizing financial information (including opportunities to opt-out), and the implementation of certain security programs. In short, it requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data. This act is also known as the Financial Services Modernization Act.
- The Health Insurance Portability and Accountability Act (HIPAA) sets standards for the collection and use of health information, and for protecting medical data and electronic transmissions. HIPAA requires notice of privacy practices. There regulations protect patient rights through the protection of individually identifiable health information, otherwise known as protected health information (PHI).
Other relevant federal legal regulations include:
- Computer Fraud and Abuse Act
- Electronic Communications Privacy Act
- Fair Credit Reporting Act
- Cybersecurity Information Sharing Act.
For a listing of state cybersecurity legislation, visit:
More on Cybersecurity for Small Businesses
To continue learning about Cybersecurity for Small Businesses, view our next sections:
- Cyber Attacks & Defenses for Small Business
- Cybersecurity Plans & Implementation for Small Business
- Cybersecurity & Government Contracting
- General Cybersecurity Resources & Contacts
Additional Small Business Resources
Already in business or thinking about starting your own small business? Check out our various small business resources:
- View more business reports here: Small Business Snapshots
- View industry-specific research here: Market Research Links
- View small business help topics here: Small Business Information Center
- View business plans samples here: Sample Business Plans
Remember, you can also receive free professional business advice and free or low-cost business training from your local Small Business Development Center!