According to the proverbs of Solomon, “Plans fail for lack of counsel, but with many advisers they succeed.” Of course, there’s no one-size-fits-all plan to guarantee the security of personal information in your company’s possession. But one effective strategy is to consider what experts at different agencies and organizations are saying. They offer a variety of tips and techniques, but the foundational principles of sound security remain the same. Just in time for Privacy Awareness Week – an initiative of the Asia Pacific Privacy Authorities, of which the FTC is a member – here are sites that some FTC staffers have bookmarked for reference:
- The National Institute of Standards and Technology’s brochure Small Business Information Security: The Fundamentals has tips about protecting your information, systems, and networks.
- US-CERT, the United States Computer Emergency Readiness Team, offers resources for small businesses and advice on securing your home computer.
- The SANS Institute, a research and educational organization, coordinates Critical Security Controls, a “what works” site with practical advice on addressing threats.
- OWASP, the Open Web Application Security Project, is a not-for-profit group focused on improving the security of software, an important resource for businesses.
- The Better Business Bureau’s Data Security – Made Simpler site has tip sheets and checklists aimed at busy small business owners.
States have helpful resources, too. For example, the California Attorney General’s Cybersecurity in the Golden State outlines practical steps for reducing the risk of cyberthreats. Check the website of your state AG or small business office for more guidance.
Can we officially endorse everything other groups suggest? Of course not. But if you scroll through resources from different agencies, nonprofits, and industry groups, you’ll see remarkable consistency in bedrock security principles for small businesses.
We also hope you consult the FTC’s data security resources. For starters, there’s Protecting Personal Information: A Guide for Business; the accompanying 20-minute online tutorial; our Privacy & Security portal for business, which links to the latest cases and guidance; and more than 200 Business Blog posts on privacy- and security-related topics.