The U.S. Federal Communications Commission (FCC) has released an online tool to assist small businesses with cybersecurity planning. The vast majority of small businesses reportedly do not have a formal plan to protect themselves from cyber threats, nor do they have a recovery plan in the event of a security breach. Such breaches can result in massive losses, sometimes in the hundreds of thousands of dollars. The FCC’s program helps small business owners understand the types of risks that exist online, available methods of protection against such threats, and the availability of cyber insurance to help businesses avoid interruptions in their activities.
The FCC launched the Small Biz Cyber Planner in October 2011. One year later, on October 17, 2012, it introduced the Small Biz Cyber Planner 2.0 (SBCP) in a public-private partnership between government agencies and IT and IT security companies like the Department of Homeland Security, Symantec, McAfee, HP, and Microsoft. According to the FCC, eighty-three percent of small businesses have not enacted cybersecurity plans, giving them no infrastructure to protect against hackers and other threats, and no contingency for cyberattacks and security breaches. The government has made cybersecurity a priority, as it becomes clear that the security of businesses’ computer systems affects national security.
Small Biz Cyber Planner 2.0
The SBCP enables small businesses to create customized plans to protect against cyber threats and to respond to attacks. The program can advise small business owners on a wide array of cybersecurity issues, including both the nature and structure of a company’s network and how best to prevent or respond to breaches. It includes tips on avoiding spyware, viruses, and other forms of malicious software, both by regulating employees’ internet access and securing wifi networks against intrusion. Businesses no longer simply use a server with networked workstations, as smartphone and tablets have also become indispensable business tools.
The result is a cybersecurity plan based on the parameters set by the user, but it is still a template-based document using boilerplate language. The plan is useful in educating business owners and managers about cyber risks and ways to approach cybersecurity, but most businesses should seek personalized assistance from a risk management consultant.
Cyber Insurance
The SBCP addresses the availability of cyber risk insurance, a growing field in protecting businesses from threats and losses. Many of the losses that may result from cyber attacks do not fall under the protection of a typical business liability policy. Ordinary liability policies might cover physical damage to inventory, equipment, or facilities, including physical damage to computer systems. They might not, however, cover the loss of the data contained on those machines. This is particularly true when a business stores data off-site in the “cloud.” Understanding these risks is critical to developing an effective cybersecurity plan.
Prism Risk Management provides businesses and organizations with risk and loss prevention consulting and offers services in loss control planning. To learn how our team can help your organization, contact us today online or at (512) 901-0070.
Web Resources:
FCC Small Biz Cyber Planner 2.0, Federal Communications Commission
Ten Cybersecurity Tips for Small Businesses (PDF file), Federal Communications Commission
More Blog Posts:
Banks Face Possible Threat from Coordinated Cyberattack, According to Security Firm, Prism Risk Management Blog, November 12, 2012
Distributed Denial-of-Service Attacks Pose Risks for Schools and Businesses, Prism Risk Management Blog, October 23, 2012
Insurer Must Cover a Retailer’s Losses Due to a Cyberattack Under Its Blanket Crime Insurance Policy, Prism Risk Management Blog, October 8, 2012
Photo credit: ‘Router led lights’ by Cylonka on stock.xchng.
Prism Risk Management, LLC 