It’s National Small Business Week, a time when we celebrate the businesses that make our communities thrive. For the FTC, it’s an opportunity to let business owners know that when it comes to protecting your business from cyber threats, you’re not alone. The federal government has resources to help you address common cyber threats and create a culture of cybersecurity at your company. The materials at FTC.gov/Cybersecurity were introduced last year in cooperation with DHS, NIST, and the SBA.
Blog Posts Tagged with Small Business
Whether you’re starting a business or trying to grow one, there’s one thing you need to take it to the next level: capital. Entrepreneurs look to traditional lenders, of course, but they’re also turning to the online marketplace to find small business financing. What types of products are available? What are the benefits and the consumer protection considerations?
The FTC just announced developments in the ongoing fight against illegal robocalls. “But my company would never place illegal robocalls,” you say. Glad to hear it, but there are four reasons why reputable businesses should still take note when the FTC brings actions against robocallers.
When it comes to getting the working capital your company needs, you’re strictly business. Yes, you confer with traditional financial institutions, but like many small businesses, you also may look into online loans and other newer options. Financing for smaller enterprises is the topic of an upcoming FTC workshop. Mark May 8, 2019, on your calendar for Strictly Business: An FTC Forum on Small Business Financing.
When it came to designing the FTC’s Cybersecurity for Small Business campaign, you called the shots. We hosted round tables across the country and listened to what business owners had to say. You told us you wanted: 1) No-nonsense advice that’s easy to implement; and 2) Consistent guidance from the different federal agencies that deal with cyber threats and data security.
Punching a time clock in and out isn’t how small businesses run these days. Employees are on the road, others are working from home, vendors are accessing your data at off hours – and you’re generating ideas 24/7. How do you maintain high security standards when employees and others may need to connect to your network remotely from a variety of devices? When we met with small business owners across the country, that question came up a lot.
Your website is the online face of your business. Some companies have the in-house capability to manage their web presence. Others hire a web host to handle it for them. When launching a new business or upgrading their site, savvy business owners comparison shop for web hosting services. At the top of your shopping list should be the security features built into what you’re buying.
As a business person, you know about phishing, of course. At first glance, the email looks like it comes from a recognized company, complete with a familiar logo, slogan, and URL. But it’s really from a cyber crook trying to con consumers out of account numbers, passwords, or cash. In addition to the serious injury these scams inflict on consumers, there’s another victim of phishing: the reputable business whose good name was stolen by the scammer.
Steely Dan may be one of the best duos of the rock era. (Sorry, Donnie and Marie fans.) Their song “Hey Nineteen” reminds us to mention some FTC consumer protection developments that could be of interest to your company or clients in 2019. As “Any Major Dude Will Tell You,” when you’re “Reelin’ in the Years” – or at least recapping the past one – consider this non-exhaustive and in-no-particular-order case compilation.
Not many small businesses do business these days without the services of third-party vendors, some of whom have access to your company’s sensitive information. Even if you run a tight cybersecurity ship, what happens if your accountant loses a laptop or the payroll company that connects to your network experiences a security breach? Your business could be in jeopardy, of course, but that’s not all.
An employee gets a phone call, pop-up, or email warning about a problem with the office computer. In an effort to be helpful – or perhaps concerned they clicked on something that caused the glitch – the employee follows instructions to send money, turn over personal information, or provide access to your system. As a small business owner, you know it’s a tech support scam, but are you sure every member of your team has the savvy to spot it?
When cyber crooks send messages trying to trick people into disclosing passwords or account information, they often mimic a recognizable email address to make it look like it’s coming from a trusted source – for example, from your company. It’s a practice called spoofing and it packs a double wallop. Not only does it put consumers at risk for identity theft, but spoofing can unfairly damage the reputation for trust you’ve worked hard to earn.
Phishing scammers have gotten more sophisticated. They still send out mass emails asking consumers for credit card numbers or bank account information. But they’re also targeting small businesses by imitating the look of messages your employees routinely receive.
Mention the word “ransomware” at a meeting of small business owners and you’ll feel the temperature in the room drop by 20 degrees. A ransomware attack is a chilling prospect that could freeze you out of the files you need to run your business. When FTC staff met with business owners across the country, you cited ransomware as a particular concern. New resources from the FTC can help protect your company from this threat.
An employee catches up on some work while visiting the local coffee shop. She grabs her Double Mocha to go, but accidentally leaves behind a flash drive with hundreds of Social Security numbers on it. When she returns, the flash drive is gone. Then there’s the staff member who needs to free up file room space. After he tosses a stack of old company bank records into the garbage, a dumpster diver spots the trash and walks away with a windfall.
The FTC hosted roundtables across the country asking small business owners how we can help you address the challenges of cybersecurity. Based on your feedback, we designed to-the-point tips now available at ftc.gov/cybersecurity. Last week we kicked off a 12-part every-Friday Business Blog series with cybersecurity basics.
One of the Utah-based defendants’ corporate names was Vision Solution Marketing, but you need to hear their sales pitch to get a sense of how they peddled their big-money “business coaching” services to consumers. In addition to imposing multi-million dollar judgments, FTC settlements ban the defendants for life from selling business coaching or development services. But you really should listen to these phone calls.
As a small business owner, you know that cyber criminals will steal data any place they can find it, whether it’s from a global giant or a Main Street store. So where can you find just-the-facts security advice tailored to your needs? At ftc.gov/cybersecurity. The FTC has boiled it down to a dozen need-to-know topics for small businesses and we’ll address one each week in the Business Blog.
Do you work for a non-profit? Or maybe you’re on the board of a charity or active in a professional or service organization in your community. If so, you know the group collects all sorts of private information, including details about members or people you serve and financial information related to donors. Your own personal information, too, is probably in the group’s records of employees and volunteers. Cyber criminals would love to get their hands on that data.
Small businesses are concerned about ransomware, email imposters, and other common cyber threats. So FTC staff hosted roundtables to ask business owners what we can do to help. You came from different parts of the country and different economic sectors, but your answers were consistent and you didn’t mince words: 1) You want straightforward advice that’s easy to implement; and 2) You want consistent guidance from the different federal agencies that deal with cyber threats and data security.