NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:

Small Business Corner (SBC)

What do a business's invoices have in common with e-mail? If both are done on the same computer, the business owner may want to think more about computer security. Information-payroll records, proprietary information, client or employee data-is essential to a business's success. A computer failure or other system breach could cost a business anything from its reputation to damages and recovery costs. The small business owner who recognizes the threat of computer crime and takes steps to deter inappropriate activities is less likely to become a victim. The vulnerability of any one small business may not seem significant to many other than the owner and employees of that business. However, over 27 million U.S. businesses-over 95 percent of all U.S. businesses-are small and medium-size businesses (SMBs) of 500 employees or less. Therefore, a vulnerability common to a large percentage of all SMBs could pose a threat to the Nation's economic base. In the special arena of information security, vulnerable SMBs also run the risk of being compromised for use in crimes against governmental or large industrial systems upon which everyone relies. SMBs frequently cannot justify an extensive security program or a full-time expert. Nonetheless, they confront serious security challenges and must address security requirements based on identified needs.

The difficulty for these businesses is to identify needed security mechanisms and training that are practical and cost-effective. Such businesses also need to become more educated in terms of security so that limited resources are well applied to meet the most obvious and serious threats. To address this need, NIST, the Small Business Administration (SBA), and the Federal Bureau of Investigation (FBI) entered into a co-sponsorship agreement for the purpose of conducting a series of training meetings on computer security for small businesses. The purpose of the meetings is to have individuals knowledgeable in computer security provide an overview of information security threats, vulnerabilities, and corresponding protective tools and techniques with a special emphasis on providing useful information that small business personnel can apply directly or use to task contractor personnel.

In 2007, twenty-one SMB workshops were held across the country. While NIST, the SBA, and the FBI recognized the quality and effectiveness of these workshops, there are limits to our outreach capabilities. The National Cyber Security Alliance (NCSA), funded primarily by the Department of Homeland Security, began a pilot project "Train the Trainers" which would address this limitation. The pilot project recruited six volunteer presenters. We hosted a training day on September 20, 2006, for the volunteer presenters to be trained in scheduling and providing the information security workshop presentation. With this training completed, the volunteer presenters are able to provide SMB information security workshops in their home areas. In 2008, the SMB outreach effort will focus on expanding opportunities to reach more small businesses. Further development of our Web site is planned.

In 2008, half-day workshops will be held in Milwaukee, WI; Springfield, IL; Chicago, IL; St Louis, MO; Buffalo, NY; Houston, TX; Kansas City, MO; Sacramento, CA; and Honolulul, HI.