NIST to Small Businesses: Protect Your Networks

Andrea Danti/

Small businesses could provide hackers with an entry into larger ones.

Small businesses with weak cyber defense could give hackers a way into larger organizations, a new report suggests.

The National Institute of Standards and Technology published a report this week aimed at helping small businesses beef up their cybersecurity, with recommendations such as installing "uninterruptible power supplies" so employees can save data and work through power outages.

Small businesses could be "easy targets to get into bigger businesses through the supply chain or payment portals,” Pat Toth, a lead author on the report, said in a statement. Often, small business owners feel "cybersecurity is too expensive or difficult" and fail to invest resources in network security.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

About 60 percent of small businesses shut down within six months of a cyberattack, according to data from the National Cybersecurity Alliance, a network of public-private partnerships spreading cyber awareness. Compared to larger organizations, small businesses "may have more to lose ... because cybersecurity events can be costly and threaten their survival."

Specifically, small businesses might have money or information criminals find valuable, the report said. 

"Some may attack your business out of revenge (e.g. for firing them or somebody they know), or for the thrill of causing havoc," according to the report. 

And environmental factors including fires or floods could also impact a business' information security if its computer networks are physically damaged. NIST suggested using a cloud-service provider or a "removable hard drive and keeping the backup away from your office, so if there is a fire, your data will be safe,” Toth said.

The guide is designed to show business owners how to prevent employees from accessing too much information, encrypt data, and patch operating systems, among other skills.

NIST already works with the Small Business Administration and the FBI to offer cybersecurity workshops to small businesses.