Legend has it that King Arthur gathered his knights at a round table. Because the table had no head, it signaled that everyone seated at it was respected, and their contributions were welcome. At the FTC, we love the concept of a round table. It's a way to bring together stakeholders for a mutually beneficial discussion. In fact, we're planning a series of roundtable discussions about the challenges small businesses face dealing with cyber threats and data security, and we'd appreciate your thoughts.
Under Acting Chairman Maureen Ohlhausen's leadership, we are prioritizing outreach and education for small businesses on data security issues. For example, we recently launched a site with resources to help small businesses stay ahead of the latest scams, reduce the risk of cyber threats, and respond in case of a data breach. Tools like these put easy-to-understand, practical tips in businesses' hands.
King Arthur was said to have won his seat by pulling a sword from a stone. No such feat is required to give us your thoughts about small businesses and data security. Just post a comment on this blog. We’re especially interested in hearing from people at very small businesses – like sole proprietors and companies with just a few employees – who generally do not have full-time information technology or human resources staff.
Here are some of our questions:
- What are you most concerned about regarding your business's data security efforts?
- What challenges do businesses like yours face when it comes to protecting data and sensitive information?
- Do you think your business has been targeted by a cyber-attack? What do you do, or who do you turn to if you think you’re under attack?
- Where do you get your data security information?
- How do you recognize cyber threats?
- What kinds of good practices have you found to secure your business's technology? Why do you like them?
- How can the government help you improve your cybersecurity?
- Are there particular industries we should focus our education initiatives on?
- What would help you use and share information with your employees? What format might your employees read, understand, and use? (For example, videos, print, web-based training sessions, online resources, workbooks.)
- Which issues are you most interested in getting information about? (For example, ransomware, email authentication, vendor oversight, encryption, segmentation or authentication.)
We'll talk about these and other questions at our first roundtable event, held July 25th in Portland, Oregon, in partnership with the Small Business Administration (SBA), the National Cyber Security Alliance (NCSA), and other organizations. Next, we're going to Cleveland where we'll host a roundtable discussion with business owners from that city at the offices of the Council of Smaller Enterprises serving Northeastern Ohio, in collaboration with the SBA's district office there. And following Cleveland, we'll be in Des Moines, Iowa. Our theme for these Small Business & Data Security Roundtables is Engage, Connect, Protect.
Of course, we also take our job as the nation's primary data security cop on the beat seriously. We've used our enforcement authority against about 60 businesses that allegedly failed to provide reasonable protections for consumers' personal information. That experience informs our educational materials for businesses.
It would be nice if there were a suit of armor to protect businesses from ransomware, botnets or viruses. But the quest to shield small businesses from cyber threats and data security risks is complex and ongoing. Posting a comment to this blog about the issues you face in your small business is a great first step on our shared journey. If you'd rather email us, please use firstname.lastname@example.org.