Small businesses are under cyber and data-breach attacks by nation-states, as well as organized and disorganized criminals, who are stealing intellectual capital, personal and business information, creating havoc in business environments. 

VtSBDC provide small businesses with simple awareness information and a path forward to a more in-depth assessment protection of critical confidential information.

Following is guidance from two sources: America’s SBDC and the Federal Trade Commission (FTC) with links to supporting materials to help you and your staff navigate this process.


From America’s SBDC

Cybersecurity and Data Protection, North Star CMM

America’s SBDC has adopted the Cybersecurity Maturing Model (CMM) as the North Star to guide small businesses on the journey of cybersecurity and data breach protection activities.

Basic cyber and data protection revolve around the simple concept of CIA (Confidentiality, Integrity, Availability).  Confidential information needs to be protected. The information needs to have Integrity. If someone breaks in and alters the data it can cause serious problems and result in data you cannot count on. Information needs to be Available for use. Ransomware and other cyber-attacks prevent us from using our information.

CMM is a collection of standards and practices to protect the confidential information of clients and the business. Using it makes it easier for you to communicate your needs to product and service providers as well as share and learn effective practices with others. 

Learn more about each level of cybersecurity and data protection, including helpful slides on Basic Cyber Hygiene:


From the FTC

Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence. 

The FCC released an updated one-page Cybersecurity Tip Sheet. The quick resource features new tips on creating a mobile device action plan and on payment and credit card security.

The Federal Trade Commission (FTC) along with the Small Business Administration (SBA), the Department of Homeland Security (DHS),  and the National Institute of Standards and Technology (NIST),  launched a national education campaign to help small business owners understand common cyber threats and how they can help protect their businesses. You can access all the educational materials at The new materials include fact sheets, videos and quizzes on these topics: Cybersecurity Basics; Understanding the NIST Cybersecurity Framework; Physical Security; Ransomware; Phishing; Business Email Imposters; Tech Support Scams; Vendor Security; Cyber Insurance (with thanks to the National Association of Insurance Commissioners); Email Authentication; Hiring a Web Host; and Secure Remote Access. The simple format delivers information in a way that will make it easy for business owners to talk about cybersecurity with their employees, vendors, and others involved in their business.

Cybersecurity videos and quizzes.