U.S. SMALL BUSINESS ADMINISTRATION PRESS RELEASE
“As part of the Cybersecurity for Small Business Pilot Program, through the Office of Entrepreneurial Development, state governments are eligible to compete for grants that will help deliver cybersecurity assistance to nascent and start-up business owners. Applications will be accepted from January 26, 2022, through March 3, 2022.
Start by learning about common cyber threats, understanding where your business is vulnerable, and taking steps to improve your cybersecurity.”
___________________________________________________________________________
“Throughout the COVID-19 pandemic, small businesses have adopted technology at high rates to survive, operate, and grow their businesses. As a result, cybersecurity has become increasingly important as now, more than ever before, small business owners face cyber risks and challenges that could disrupt their operations and competitive advantages. As we seek to build a stronger and more inclusive entrepreneurial ecosystem, we must innovate and provide resources to meet the evolving needs of the growing number of small businesses. With this new funding opportunity, the SBA intends on leveraging the strengths across our state governments, territories, and tribal governments to provide services to help small businesses get cyber ready and, in the process, fortify our nation’s supply chains,” said SBA Administrator Isabella Casillas Guzman.
“The bottom line is we must do more to help small businesses combat cybersecurity threats, which continue to increase, evolve and inhibit,” said SBA Associate Administrator for the Office of Entrepreneurial Development Mark Madrid. “This pilot program will empower state governments to expand existing services, innovate, adapt to current environments, develop new resources, and scale solutions to assist more small businesses. Additionally, expanding access to underserved and underrepresented small business ecosystems will be a critical marker of success.”
About the Cybersecurity for Small Business Pilot Program
Eligible applicants are comprised of state governments that seek to provide training, counseling, remediation, and other tailored cybersecurity services for emerging small firms in multiple industries. Grantees will be awarded up to $1 million to assist small businesses.
Funding details and requirements are available at Grants.gov under “Cybersecurity for Small Business Pilot” (Funding Opportunity Number SB-OEDCS-22-001/CDFA 59.079) offered by the SBA. Applications must be submitted by the stated deadline on the official grant application portal as stated in the funding announcement.
To learn more about SBA’s programs and services related to cybersecurity, visit www.sba.gov/cybersecurity.
To find additional SBA local resources, visit www.sba.gov/local-assistance.
Cyber-attacks are a growing threat for small businesses and the U.S. economy. According to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2020 alone.
Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.
According to a recent SBA survey, 88% of small business owners felt their business was vulnerable to a cyber-attack. Yet many businesses can’t afford professional IT solutions, have limited time to devote to cybersecurity, or they don’t know where to begin.
Start by learning about common cyber threats, understanding where your business is vulnerable, and taking steps to improve your cybersecurity.
Common threats
Cyber-attacks are constantly evolving, but business owners should at least be aware of the most common types.
Malware
Malware (malicious software) is an umbrella term that refers to software intentionally designed to cause damage to a computer, server, client, or computer network. Malware can include viruses and ransomware.
Viruses
Viruses are harmful programs intended to spread from computer to computer (and other connected devices). Viruses are intended to give cybercriminals access to your system.
Ransomware
Ransomware is a specific type of malware that infects and restricts access to a computer until a ransom is paid. Ransomware is usually delivered through phishing emails and exploits unpatched vulnerabilities in software.
Phishing
Phishing is a type of cyber-attack that uses email or a malicious website to infect your machine with malware or collect your sensitive information. Phishing emails appear as though they’ve been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
Assess your business risk
The first step in improving your cybersecurity is understanding your risk of an attack, and where you can make the biggest improvements.
A cybersecurity risk assessment can identify where a business is vulnerable, and help you create a plan of action—which should include user training, guidance on securing email platforms, and advice on protecting the business’s information assets.
Planning and assessment tools
There’s no substitute for dedicated IT support—whether an employee or external consultant—but businesses of more limited means can still take measures to improve their cybersecurity.
FCC Planning Tool The Federal Communications Commission offers a cybersecurity planning tool to help you build a strategy based on your unique business needs.
Cyber Resilience Review The Department of Homeland Security’s (DHS) Cyber Resilience Review (CRR) is a non-technical assessment to evaluate operational resilience and cybersecurity practices. You can either do the assessment yourself, or request a facilitated assessment by DHS cybersecurity professionals.
Cyber Hygiene Vulnerability Scanning DHS also offers free cyber hygiene vulnerability scanning for small businesses. This service can help secure your internet-facing systems from weak configuration and known vulnerabilities. You will receive a weekly report for your action.
Supply Chain Risk Management
Use the Supply Chain Risk Management Toolkit to help shield your business information and communications technology from sophisticated supply chain attacks. Developed by the DHS Cybersecurity and Infrastructure Agency (CISA), this toolkit will help you raise awareness and reduce the impacts of supply chain risks.
Cybersecurity best practices
Train your employees
Employees and emails are a leading cause of data breaches for small businesses because they are a direct path into your systems. Training employees on basic internet best practices can go a long way in preventing cyber-attacks. The Department of Homeland Security’s “Stop.Think.Connect” campaign offers training and other materials.
Training topics to cover include:
Spotting a phishing email
Using good browsing practices
Avoiding suspicious downloads
Creating strong passwords
Protecting sensitive customer and vendor information
Maintaining good cyber hygiene
Use antivirus software and keep it updated Make sure each of your business’s computers is equipped with antivirus software and antispyware and updated regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
Secure your networks Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password-protect access to the router.
Use strong passwords Using strong passwords is an easy way to improve your cybersecurity. Be sure to use different passwords for your different accounts. A strong password includes:
10 characters or more
At least one uppercase letter
At least one lowercase letter
At least one number
At least one special character
Multifactor authentication Multifactor authentication requires additional information (e.g., a security code sent to your phone) to log in. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
Protect sensitive data and back up the rest
Back up your data Regularly back up the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Back up data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
Secure payment processing Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.
Control physical access Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
Training and events
SBA training
SBA and its resource partners host in-person and virtual events regularly.
Check out upcoming cybersecurity events hosted by SBA and our Resource Partners.
Other training
The National Cybersecurity Alliance, a public-private partnership, provides virtual and in-person cybersecurity events to help small business owners stay secure.
Funding opportunity for state governments
State governments seeking to assist small businesses by providing training, counseling, remediation, and other tailored cybersecurity services can apply at grants.gov for the Cybersecurity for Small Business Pilot (Funding Opportunity Number SB-OEDCS-22-001/CDFA 59.079). Grantees will be awarded up to $1 million. Applications must be received by March 3, 2022.”
Comments