With hackers increasingly setting their sights on small businesses, the U.S. Federal Communications Commission said Monday it will provide an online tool to help those businesses develop a cybersecurity strategy.
The Small Biz Cyber Planner will ask a series of questions such as "Does your business use credit cards?" and "Does your business have a public website?" Based on the responses, it will generate a planning guide to help companies put in place basic policies to protect against cyberthreats.
"With larger companies increasing their protections, small businesses are now the low-hanging fruit for cybercriminals," FCC Chairman Julius Genachowski said an event to launch the tool, according to his prepared remarks posted online.
The tool is being developed by the Department of Homeland Security, The National Cyber Security Alliance, the U.S. Chamber of Commerce, The Chertoff Group, Symantec, Sophos, Visa, The Identity Theft Council, the FCC and payroll provider ADP. It will be available at the FCC website in November and will be free to use.
The FCC didn't say what kinds of policies the tool might recommend, but it referred to a Cybersecurity Tip Sheet for small businesses that it released earlier this year. It includes basic advice such as how to make sure Wi-Fi routers are secure, encrypt data on computers, install anti-virus software and train employees not to click on links in email from people they don't know.
Small businesses should be wary of cyberattacks, according to a survey by Symantec and NCSA that was also released Monday. The average cost of a cyberattack for a small business in 2009 and 2010 was more than US$188,000, according to the survey. It also found that about three-quarters of small and midsized businesses reported being affected by cyberattacks during that period.
Even so, only 52 percent of small businesses have a cybersecurity plan in place, the study found.
"This tool will be of particular value for businesses that lack the resources to hire a dedicated staff member to protect themselves from cyberthreats," Genachowski said. "Even a business with one computer or one credit card swiper can benefit from this important guidance."