ACSC's cybersecurity guide for small businesses offers insights into the most common types of cyber attacks and how small businesses can combat these attacks. The guide helps small businesses prepare for the following types of cyber attacks:
- Malicious software (malware).
- Scam emails (phishing).
In addition, ACSC's cybersecurity guide includes the following software, people and processes recommendations to help small businesses minimize cyber risk:
- Activate automatic operating system and software application updates and set up a convenient time for these updates to occur.
- Create backups that are disconnected from everyday devices and test these backups regularly.
- Use multi-factor authentication whenever possible.
- Establish an access control system to ensure that only authorized users can leverage business systems.
- Require strong passwords; these passwords should be long, complex, unique and easy to remember.
- Establish cybersecurity training programs for employees and update these programs regularly.
- Develop a cybersecurity incident response plan.
- Offer rewards to employees who identify cyber threats.
- Encourage employees to discuss cybersecurity concerns and questions.
- Be cautious with emails that contain requests for money, attachments and requests to confirm login information.
Small businesses often lack the time and resources to understand and assess cyber threats, according to ACSC. However, ACSC's cybersecurity guide enables small businesses to address cyber risks and grow, innovate and find new ways to create value for their customers.
NCCoE Unveils MSP Cybersecurity Project
ACSC's cybersecurity guide for small businesses announcement comes after the National Cybersecurity Center of Excellence (NCCoE), part of NIST, this week unveiled the “Improving Cybersecurity of Managed Service Providers” project.
NCCoE's project helps MSPs reduce security vulnerabilities, and it provides insights into cybersecurity technologies and techniques that enable MSPs to protect themselves and their small and medium-sized business (SMB) customers against cyber attacks. Meanwhile, NCCoE is requesting comments to help refine the challenge and scope of its project, and it will accept project feedback until Nov. 8.