An Introduction to Cybersecurity for Small Businesses


Ed Miles

A flawed but  prevailing assumption among many is that Small to Medium Sized Enterprises (SMEs) are unlikely to attract cyber criminals due to their small size. Yet the reality is that as more SMEs rush to adopt e-commerce and other cyber enabled activities, they grapple with the same cybersecurity threats and challenges that large organizations confront.

headshot of Khole Gwebu

A recent study conducted by Hiscox revealed that approximately 47% of small businesses with less than 50 employees and 63% medium sized firms with between 50 and 249 employees have reported one or more data security incidents. These numbers are quite alarming. Unfortunately, SMEs report a disturbing lack of awareness, preparedness, and capability to manage information security.  According to another study by Accenture, 43% of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves.

Due to the liability of their size, cybersecurity breaches often have devastating effects on SMEs, threatening the livelihood of not only their employees and owners but also their communities. This course focuses on helping you understand 4 important issues related to cyber security for SMEs. These topics include cyber security preparedness, migrating cyber risk, incident handling, and home security.

Cyber Security Preparedness: As an SME you need to determine your level of  preparedness for a cyber incident. But where do you begin?  To help you navigate through  the cyber security landscape, we outline some concrete steps that you can take to improve your cyber security posture. We do this through a Cyber Security Preparedness Checklist based on the National Institute of Standards and Technology (NIST) framework. The overall goal of the checklist is to help you identify sources of cyber risk, protect yourself against the identified risks,  and monitor and detect  threats and vulnerabilities using a variety of resources.

Mitigating Cyber Risk: All companies are susceptible to cyber breaches; however, some companies are less susceptible than others.  How are the less susceptible companies able to prevent or mitigate cyber risk and is in these companies' toolboxes that you can use to help reduce the risk to your company? In the course we discuss some important steps to help secure your cyber assets and infrastructure including your hardware and software, networks, and employees.

Incident Handling: A survey jointly conducted by the National Cyber Security Alliance and Symantec revealed that 69% of SMEs do not have any form of (neither formal or informal) internet security policies and procedures for employees, and 59% do not have a contingency plan on how to respond to or report a data breach. This course outlines incident handling approaches including  pre-incident planning, incident containment, eradication, and investigation, as well as post-incident response strategies. The goal of each of these approaches is to help you  quickly and effectively resume operations following a cyber incident.

Home Security: Allowing employees to work from home presents cyber security challenges for SMEs. The final section of the course  covers the actions that you can take to reduce your vulnerability to cyber incidents when allowing employees to work from home. We explain the importance of developing clear work-from home policies and procedures, training employees on such policies and procedures, implementing controls to secure employees’  home networks, devices and applications,  and monitoring  employee compliance with the policies and procedures.

- Khole Gwebu, UNH Paul College, Associate Professor of Decision Sciences

Want to learn more?

  • Check out SBDC's Cybersecurity Initiative, which offers a Cybersecurity Workbook and other resources, along with a live webinar series.