During National Small Business Week, Take Steps to Secure Your Business


By Alaina Clark, Assistant Director for Stakeholder Engagement, CISA

This year, during National Small Business Week, we celebrate the more than 32 million small businesses that are the backbone of our economy and so often the heart of our communities. Whether these businesses are found in small towns, big cities, or places in between, there are practical steps you can take to secure them against cyberattacks. As many of us have seen in the news or witnessed firsthand, cyberattacks like ransomware can abruptly shut down a small business--utterly devastating its owners, employees, and customers; sometimes even impacting the larger community.

They are the target of cyber criminals because small businesses don’t always have the resources to invest in cybersecurity. So, during this year’s National Small Business Week (April 28-May 4), I am personally inviting you to use the many free resources offered by the Cybersecurity and Infrastructure Security Agency (CISA) to create cyber safety habits that will help you Secure Your Business

To get started, implement these four simple cybersecurity steps:

  1. Train staff to recognize phishing. Emphasize the harm phishing emails can cause while educating employees on what to look for in a phishing email and encouraging everyone to think before they click on any links or attachments.  
  2. Require strong passwords. As the first line of defense in stopping criminals from accessing accounts, passwords should be random, unique, and at least 16 characters long. Avoid using the same password for multiple accounts and enable an enterprise-level password manager so that the only password you need to remember is the one for the password manager.  
  3. Require multifactor authentication (MFA). MFA requires more than a password to access your accounts, such as a texted code, biometric scan, or access card. With more than 310 million smartphone users in the U.S., it’s easy to use a smartphone or tablet to implement MFA. 
  4. Update any software used for business. Out-of-date software is easily exploited to steal business, employee, and customer data. Enable automatic software updates on connected devices used for business so they automatically get the latest security patches. It is also incredibly important to be aware of any outdated or unsupported software or hardware, so make sure to inventory and update them.

You can find additional online resources by visiting Secure Our World Secure Our World, CISA’s enduring, year-round cybersecurity awareness program that uses creative campaigns to teach the American public easy ways to stay safe online. We continually release new content so bookmark the page, revisit it often, and share the messaging with your employees, your friends and family, and throughout your business community. 

If you’re looking for CISA resources closer to home, CISA has regional offices throughout the U.S. where our field personnel provide a variety of risk management and response services to help businesses become more resilient to cyber and physical threats.

In addition to these perennial resources, this year, CISA is also hosting a virtual booth at the National Small Business Week Virtual Summit where registered attendees can access resources to boost their cyber resiliency. Hosted by the U.S. Small Business Administration and SCORE, the April 30 – May 1 summit recognizes America’s small businesses for their hard work, ingenuity, and dedication and will feature educational workshops, networking opportunities, and access to other federal resources. If you’re attending, be sure to check out the CISA booth.

Additionally, every year in October, we work with our voluntary partners—who are critical to our mission and our shared success—to lead the nation in celebrating Cybersecurity Awareness Month. Want to become a Cybersecurity Awareness Month Partner? Email us at Awareness Campaigns

As you consider which combination of resources will best help you start or expand your small businesses’ cybersecurity practices, I also encourage you to make it a point to talk about cybersecurity to your entire organization, no matter the size. Having these conversations helps establish a culture of security—making cybersecurity the everyday activity it needs to be to Secure Your Business and Secure Our World.

Alaina R. Clark is Assistant Director for Stakeholder Engagement at CISA.