About Lifelong Learning - Contact Us - DonateFree-Ed.Net Home   Bookmark and Share

Cybersecurity is the comprehensive effort to protect computers, programs, networks, and data from attack, damage, or unauthorized access through technologies, processes, and best practices. Large businesses have been working to secure their information and systems, so small businesses are becoming more common targets because they have fewer resources than large companies have. Do you have information that needs to be secure? Consider:

Information needs to be secured in your systems. This means the information that should be kept confidential should be available when needed, and should be kept as accurate as possible. Your website also needs to be secure in order to prevent putting current or potential customers at risk.


  1. Aspects of Information Security
  2. Types of Threats
  3. Risk Management
  4. Best Practices
  5. Protecting Your Systems
  6. Summary

Aspects of Information Security

There are several different aspects of information security, including confidentiality, integrity, and availability. Some considerations for confidentiality include: only those who need accessto information, and have been properly trained on cyber security, should have it, especially when the information is sensitive. Training people in cyber security prevents security breaches when those who are authorized accidentally disclose information. Your goal should be to ensure information is not disclosed to non-authorized people. Considerations for integrity include making sure your information is not improperly modified or destroyed. If you maintain information integrity, no one will be able to claim your information is inaccurate. Last is availability. Your information should always be available to you quickly and reliably.

Security Costs

It is important to remember that there are costs for protecting information; there are also costs for not protecting information, which will be covered later in the risk topic. The costs for not protecting information can be much higher than those associated with protecting it. These costs could be associated with notifying victims that their information has been released, which can be very costly, both in terms of perception and litigation. You can lose customers who have lost confidence in your business after a security breach. Depending upon the type of business you have, you may have to pay fines for not maintaining information security compliance. You may also have to reconfigure or replace hardware and/or software.

Threat Origins

While there are multiple threats to information security including natural disasters and systems failure, most threats have a human at their origin. We will focus on the threats with human origins. Threats can be internal and external. Examples of external threats include experimenters and vandals, who are Amateur hackers, hactivists who have personal or political agendas, cybercriminals who are trying to make money, and information warriors who are professionals working for nation-states. Despite the broad range of external threats, internal threats account for 80% of security problems according to the National Institute of Standards and Technology, or NIST. Internal threats can be intentional or unintentional and can include issues such as non-business use of computers which can allow threats in.

Back to Contents


Types of Threats

There are a broad range of information security threats. Some of the most common threats include website tampering, theft of data, denial-of-service attacks, and malicious code and viruses.

Website Tampering

Website tampering can be a very big problem for your business. Website tampering can take many forms, including defacing your website, hacking your system, and compromising web pages to allow invisible code, which will attempt to download spyware to your computer. Select each item to learn more.

Theft of Data

Data theft also comes in several forms and the problems that come with data theft depend upon the kind of data that is stolen. Some examples of data theft include:

Denial of Service Attacks

A denial-of-service attack is an attack on a computer or website which locks the computer and/or crashes the system and results in stopped or slowed workflow, prevented communication, and halted e-Commerce. Some common ways that attackers achieve denial-of-service attacks include:

The ultimate goal of these attacks is always to prevent you from conducting business of any kind with your internet connected systems.

Malicious Code and Viruses

Malicious code and viruses may be some of the better-known threats. These threats send themselves over the internet to find and send your files, find and delete critical data, or lock up the computer or system. They can hide in programs or documents, make copies of themselves, and install themselves on your system to record keystrokes to send to collection point.

Reasons for Vulnerabilities

All of the threats we have discussed can be very scary. Before we can address how to prevent attacks, we must first investigate the reasons that small businesses are vulnerable to these kinds of attacks.

Back to Contents


Risk Management

Let’s talk for a moment about risk management, beginning with risk assessment. Risk assessment is the technique of assessing, minimizing, and preventing accidental loss to a business through the use of safety measures, insurance, etc. Removing all of the risk factors associated with attacks can be costly, but you need to ask yourself, “How much risk can I live with?” Remember that no risk can be completely eliminated. If the consequence and probability of a breach is high, then your tolerance for risk is low. If the consequence is minor, more risk may be acceptable to you. If the risk is still too high after all protection efforts have been made, use commercial cyber insurance to “share” the risk/exposure. Contact your insurance provider to find out what options are available.

Protecting Yourself from Human Vulnerabilities

The first step to protecting the information in your business is to establish security policies. It’s very important that your security policies are comprehensive and up to date. You may have to revise your policies periodically as threats change. The second step to protecting information is ensuring that your employees both know and adhere to your security policies. Remember, most vulnerabilities have a human at their root!

Who Needs Training?

Determine who will need to know the procedures. Consider:

Training Basics

You should train employees in basic security principles, and training should begin the first day at work. Include security policies and procedures, security threats and cautions, and basic security dos and don’ts in your training.

Continuing Education

Training should continue with reminders and tools, including pamphlets, posters, newsletters, videos, rewards for good security, and periodic re-training - because people forget! Lack of training is one of the most significant information security weaknesses in most organizations.

Back to Contents


Best Practices

What should you actually train your employees on? How can you keep you information safe? You should address:

Internet Practices

Some best practices to keep in mind when it comes to the internet include:

Email Practices

Some best practices to keep in mind when it comes to email include:

Desktop Practices

Some desktop best practices include:

Back to Contents


Protecting Your Systems

Now let’s discuss some ways to protect your information. There are several different areas you must consider in order to fully protect yourself.

Viruses, Spyware, Trojans, and Malware

In order to protect yourself against viruses, spyware, trojans, and malware:

21st century computers are complex and include mobile technology, tablets, and personal computers made by many different companies. These various systems tend to have different threats and often require different software in order to adequately protect against viruses, spyware, trojans, and malware. A basic understanding of your computer may help you protect it. Try searching for information about your particular system.

Hardware and Software

Hardware and software protections require:

Backup Procedures

Some people don’t consider how important backup procedures are for information security. Your goal should be the ability to restore systems and data to what existed before any threat is realized. Make back-up copies of important information and restore weekly. Store a backup copy offsite for safe keeping. You should also test your backups to make sure that they actually work. Also keep in mind the importance of disposing of old computers and media securely. Just because you’re finished with it doesn’t mean someone else can’t use it to get important information about you, your business, or your customers.

Back to Contents



In this short course you have:


What Next?

Now what should you do? Follow these steps to begin securing your business from cyber threats.

Step 1. Conduct an analysis of information security needs

Step 2. Assess the cost of losing your information

Step 3. Create a plan to protect your information

Step 4. Implement your plan through policies, training, and hardware and software controls

Back to Contents


A Note from the Editor

The content of this short course is derived from a source provided by the U.S. Small Business Administration. The facts and suggestions are thus very reliable. It is, however, a plain-vanilla presentation that omits the difficult realities of starting and building a successful small business. Take the information at face value, but bear in mind that mere itemized procedures aren't sufficient.

David L. Heiserman, Editor

Copyright ©  SweetHaven Publishing Services
All Rights Reserved

Revised: June 06, 2015