small business from
losses, disruption of
activities and damage
to your reputation
by AMANDA HOROWITZ
s a small-business owner, it’s up
to you to avoid scams, protect
your computers and networks,
and keep data safe.
The Federal Trade Commission’s
(FTC) Stick with Security blog series,
based on its Start with Security guide,
distills lessons from ;; or so data security
cases the agency has settled since ;;;;.
The following highlights can help your
business improve its cyber and data security practices.
• Use widely accepted industry-tested
methods for securing data.
• Collect and store only the customer
or user information that your business
legitimately uses. Securely dispose of
information once it is no longer necessary; make it unreadable by using available technology to wipe devices; and
• Tailor administrative access. If
workers don’t need to use sensitive information as part of their job, don’t give
them access to it. Help protect sensitive
data by housing it in a separate, secure
place on your network.
• Implement robust authentication
procedures (including password standards) to ensure only authorized individuals can access information.
• Require employees to choose complex passwords and don’t allow use of similar passwords for different accounts.
Require two-factor authentication. Protect
your network from hackers by implementing a policy to suspend or disable user credentials after a certain number of
unsuccessful password login attempts.
• If you’re developing new products
like software or an app, adequately train
employees in secure coding practices.
Assess products for commonly known
vulnerabilities before they are in consum-
The National Institute of
Standards and Technology’s
Cybersecurity Framework can
help you identify and manage
cybersecurity risks to your
business ( nist.gov/cyberframe
work). For more information on
how your business can use the
framework and the FTC’s Start
with Security guidance to iden-
tify, implement and improve
data security practices, visit ftc.
gov/startwithsecurity. For information on sensitive data and
the law, visit business.ftc.gov/
ers’ hands. When offering privacy and
security features, make sure your product
lives up to its advertising claims.
• Take steps to ensure that any service
provider you hire to process collected
information or to help with product
development implements appropriate
measures to keep data secure throughout
its life cycle. Include contract provisions
that require service providers to adopt
reasonable security precautions and oversee their practices on an ongoing basis.
• Use tools to monitor activity on your
network. Place limits on third-party access
and ensure that computers with remote
access have appropriate endpoint security.
• Have an effective process in place
to receive reports about security vulnerabilities and have a plan to respond to
security incidents. Move quickly to fix
vulnerabilities that come to your attention before a problem grows.
• Don’t leave items such as paper
files, laptops, external hard drives or
flash drives with information in an open
or easily accessible area. Train staff not to
leave information in files, on computers
or on devices unprotected, unattended
or exposed to the public when traveling
The FTC can provide
information to help small
businesses avoid phishing
schemes, ransomware attacks
and tech-support scams.
is a writer, businesswoman and owner
of Fight Back! She is
the daughter of Fight
Back!’s founder, David
Horowitz. Fight Back!
has received multiple
Emmy Awards and
over 400 awards
from government and
citizen groups and
has helped to draft
over 50 pieces of
legislation in America.
Please include “
in the subject line.