NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Small Business Corner (SBC)

What do a business's invoices have in common with e-mail? If both are done on the same computer, the business owner may want to think more about computer security. Information-payroll records, proprietary information, client or employee data-is essential to a business's success. A computer failure or other system breach could cost a business anything from its reputation to damages and recovery costs. The small business owner who recognizes the threat of computer crime and takes steps to deter inappropriate activities is less likely to become a victim. The vulnerability of any one small business may not seem significant to many other than the owner and employees of that business. However, over 27 million U.S. businesses-over 99 percent of all U.S. businesses-are small and medium-size businesses (SMBs) of 500 employees or less. Therefore, a vulnerability common to a large percentage of all SMBs could pose a threat to the Nation's economic base. In the special arena of information security, vulnerable SMBs also run the risk of being compromised for use in crimes against governmental or large industrial systems upon which everyone relies. SMBs frequently cannot justify an extensive security program or a full-time expert. Nonetheless, they confront serious security challenges and must address security requirements based on identified needs.

The difficulty for these businesses is to identify needed security mechanisms and training that are practical and cost-effective. Such businesses also need to become more educated in terms of security so that limited resources are well applied to meet the most obvious and serious threats. To address this need, NIST, the Small Business Administration (SBA), and the Federal Bureau of Investigation (FBI) entered into a co-sponsorship agreement for the purpose of conducting a series of training meetings on computer security for small businesses. The purpose of the meetings is to have individuals knowledgeable in computer security provide an overview of information security threats, vulnerabilities, and corresponding protective tools and techniques with a special emphasis on providing useful information that small business personnel can apply directly or use to task contractor personnel.

In FY13, we scheduled and presented small business information security workshops in the following cities: June 6, Toledo, OH; June 25, Burlington, VT; June 26, Portland, ME; and June 28, Providence, FI; July 22, Lexington, KY; July 23, Louisville, KY.  Anticipated workshops:  Week of August 5th – Pittsburgh, PA; Cleveland, OH; Detroit, MI;  Week of August 26 – 8/28 – Portland, OR.  Week of September 16 – 9/16 – Little Rock, AR; 9/17 – Shreveport, LA;  9/18 – Alexandria, LA; 9/19 – Ruston, LA;  9/20 – Monroe, LA.

Planning for FY14 small business cyber security workshops is underway. Please check back in a few weeks to see where FY14 workshops will be held.