April 10, 2018 – The Federal Trade Commission is launching a national education campaign to help small businesses strengthen their cyber defenses and protect sensitive data that they store.
As outlined in a new Staff Perspective report, the FTC will develop and distribute reader-friendly educational materials with information about cybersecurity that small businesses need. The effort grew out of the Small Business & Cybersecurity Roundtables that the FTC hosted last year with small business owners and non-profit organizations, employees, and managers to learn about the challenges they face when dealing with cyber threats and security and ideas for how the government can help them.
“Small businesses understand the importance of cybersecurity and the need to protect their networks and data, but many feel overwhelmed about how to address the myriad of cyber threats they face,” said Tom Pahl, Acting Director of the FTC’s Bureau of Consumer Protection. “Our new campaign aims to help these small businesses with targeted, plain-language advice on everything from protecting against phishing scams to tips on what to look for when choosing a cybersecurity vendor.”
The campaign will build on the work the FTC has already done under Acting FTC Chairman Maureen K. Ohlhausen. This includes the small business cybersecurity roundtable discussions and the launch of a website in 2017 aimed at helping small businesses avoid scams and protect their networks and data. The FTC also has developed several cybersecurity publications aimed at businesses of all sizes including our business guides Start with Security, Data Breach Response and Protecting Personal Information and our Stick with Security blog series.
Among the issues that small business owners identified during the roundtable discussions are how to avoid phishing schemes, ransomware attacks and tech support scams, as well as cybersecurity basics. Small business owners also wanted information about how to protect company mobile devices, and a list of questions they should ask vendors to ensure their systems are secure.
To address these concerns, the FTC is creating up to a dozen sets of information on issues of importance to small business owners that will include training modules and videos. Potential topics include phishing, ransomware, email authentication, cloud security, tech support scams, vendor security, how to compare offers of web hosting services, understanding the National Institute of Standards and Technology cybersecurity framework, and others.
In addition, the FTC will work with other government agencies to help develop more consistent messaging about cybersecurity and expand its work with the private and non-profit sectors to help get the materials developed by the FTC to more small businesses.