Skip to main content

When it came to designing the FTC’s Cybersecurity for Small Business campaign, you called the shots. We hosted round tables across the country and listened to what business owners had to say. You told us you wanted: 1) No-nonsense advice that’s easy to implement; and 2) Consistent guidance from the different federal agencies that deal with cyber threats and data security.

Our every-Friday Business Blog series has covered fundamentals like physical security and cybersecurity basics, as well as tech-centric topics like email authentication and NIST’s Cybersecurity Framework. But it’s time for us to turn things back to you. We asked small businesses how they have incorporated the campaign in their offices and here are four ways you’ve told us you’re using the new materials.

1.  Incorporate resources into in-house training

Whether it’s a sales person who connects to your network remotely or someone in the warehouse who processes shipments, every employee is a link in your cybersecurity chain. That’s why savvy businesses build cybersecurity into new employee training and hold periodic refreshers and updates for experienced staff. There’s no need to create a curriculum from scratch. You’ve told us many of the Cybersecurity for Small Business modules coordinate with the topics you cover. We also have fact sheets, videos and quizzes to help keep your staff engaged – and we’re adding to the inventory.

2.  Share them with your social networks

We’re glad that business owners are sharing cybersecurity resources on their company and personal social networks. In addition, every blog post in this series has buttons at the top so you can share them on popular platforms. You’ll never be at a loss for relevant content. (Soon you’ll be able to share the website and fact sheets in Spanish, too.)

3.  Spread the cybersecurity word within your industry

Cybersecurity for Small Business cover“May I publish one of your fact sheets in the newsletter of our downtown business group?” “Is it OK if I hand out your brochure at an industry event?” When requests like that come in, we have two responses: 1) Yes; and 2) Thank you. FTC materials are in the public domain, which means you’re free to republish, link, cite, quote, etc., with no clearance required. We’re grateful for what you’re doing to let other businesses know about the importance of cybersecurity. (By the way, did you know you can order multiple copies of our 28-page Cybersecurity for Small Business brochure and related titles at no charge from

4.  Multiply the impact in your community

Cybersecurity isn’t an issue just for businesses. Keeping client, volunteer, and donor data secure is an important consideration for the nonprofit sector, too. We’ve heard from business owners who have used the materials to introduce safer data practices to local service organizations, places of worship, charities, and other groups where they volunteer their time.

Those are just some of the ways companies are using Cybersecurity for Small Business. How are you using the resources? What can we do to help your company’s cybersecurity efforts? Post a comment and let us know.

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Stanley Thompson
March 09, 2019
As a victim of cybersecurity (Still Suffering) I greatly appreciate these valuable and informative publications.
June 24, 2019
Cyber security has been a big issue and this article was really helpful with the more nitty-gritty details.
July 26, 2019
This great information. What should small business owners do if their websites have been under heavy DDOS attacks? Who can they be reported to and what happens when they get reported? Is there any kind of investigations? We have had this happen to us thousands of times over the past year alone. Sometimes resulting in our web site functioning or crashing the server. .

Get Business Blog updates