Small businesses are under cyber and data-breach attacks by nation-states, as well as organized and disorganized criminals, who are stealing intellectual capital, personal and business information, creating havoc in business environments. 

VtSBDC provides small businesses with simple awareness information and a path forward to a more in-depth assessment protection of critical confidential information.

How to keep your business safe

  • Expect a cyber attack and monitor regularly.
  • Conduct a risk assessment.
  • Protect customer data from attacks on third-parties.
  • Prevent intrusions via mobile devices.
  • Evaluate Bring Your Own Device (BYOD) policies.
  • Set strong password policies and enforce them.
  • Maintain multiple layers of protection like two factor authentication.
  • Limit user access and delete old users.
  • Secure your Wi-Fi.
  • Backup your data regularly.
  • Train employees on cybersecurity practices.
  • Update software regularly.
  • Scan emails with anti-virus.

Cybersecurity and Data Protection, North Star CMM

America’s SBDC has adopted the Cybersecurity Maturing Model (CMM) as the North Star to guide small businesses on the journey of cybersecurity and data breach protection activities.

Basic cyber and data protection revolve around the simple concept of CIA (Confidentiality, Integrity, Availability).  Confidential information needs to be protected. The information needs to have Integrity. If someone breaks in and alters the data it can cause serious problems and result in data you cannot count on. Information needs to be Available for use. Ransomware and other cyber-attacks prevent us from using our information.

CMM is a collection of standards and practices to protect the confidential information of clients and the business. Using it makes it easier for you to communicate your needs to product and service providers as well as share and learn effective practices with others. 

Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence. 

The FCC released an updated one-page Cybersecurity Tip Sheet. The quick resource features new tips on creating a mobile device action plan and on payment and credit card security.

The Federal Trade Commission (FTC) along with the Small Business Administration (SBA), the Department of Homeland Security (DHS),  and the National Institute of Standards and Technology (NIST),  launched a national education campaign to help small business owners understand common cyber threats and how they can help protect their businesses. You can access all the educational materials at The new materials include fact sheets, videos and quizzes on these topics: Cybersecurity Basics; Understanding the NIST Cybersecurity Framework; Physical Security; Ransomware; Phishing; Business Email Imposters; Tech Support Scams; Vendor Security; Cyber Insurance (with thanks to the National Association of Insurance Commissioners); Email Authentication; Hiring a Web Host; and Secure Remote Access. The simple format delivers information in a way that will make it easy for business owners to talk about cybersecurity with their employees, vendors, and others involved in their business.