Information technology and high-speed Internet are great enablers of small business success, but with the benefits comes the need to guard against growing cyber threats. As larger companies take steps to secure their systems, less secure small businesses are easier targets for cyber criminals. In October 2012, the FCC re-launched Small Biz Cyber Planner 2.0, an online resource to help small businesses create customized cybersecurity plans. Use this tool to create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns. The FCC also released an updated Cybersecurity Tip Sheet.
More about the Small Biz Cyber Planner >

Create your custom planning guide now

Step 1: Provide cover sheet information for your planning guide*

Step 2: Select topics to include in your custom cyber security planning guide

Choose a topic below to decide whether to include it in your plan.

Privacy and Data Security

Include this topic for information about data handling and protection, data privacy, collecting data online, storage and security and lost or stolen data.

Does your business handle or store sensitive data or data that includes personal information about your employees or your customers?

Scams and Fraud

Include this topic for information about phishing, social engineering, online fraud, identity theft, malicious software, telephone scams and more.

All businesses can be susceptible to scams and fraud. Therefore, we recommend this topic be part of any basic cyber security plan. Do you wish to include this section?

Network Security

Include this topic for information about computer networks, password policies, secure wireless connections, encryption, remote access, Internet access and more.

Does your business have an internal network - a group of computers connected together – and/or a Wireless Local Area Network (e.g, a WiFi router)?

Website Security

Include this topic for information about securing a public website, including server security, login and transaction encryption, Web applications, links and redirects.

Does your small business have a public website?

Email

Include this topic for information about filtering, employee training, email retention and management, and creating email policies.

Do you use either a business email account or personal email account to conduct business or interact with customers and/or employees?

Mobile Devices

Include this topic for information about mobile security practices, threats and emergency preparedness planning for small businesses and their employees.

Does your business use any Internet-connected mobile technology, such as smartphones, laptops and tablets?

Employees

Include this topic for information about hiring, background checks, partner companies, access controls and security training.

Does your business have more than one employee?

Facility Security

Include this topic for information about your company’s physical security, including protection pf printed material, mail security and disposal of trash and electronic equipment.

Does your small business have physical assets that need to be protected, including printed material and electronic equipment?

Operational Security

Include this topic for information about developing a plan to secure information and networks critical to business operations.

Does your small business store data that would be valuable to cyber criminals, such as proprietary information valuable to your company's operations or sensitive customer data, such as personally identifiable information?

Payment Cards

Include this topic for information about electronic transactions, secure services, access to payment systems, protecting and storing customer data and more.

Does your business accept credit card payments or other electronic payments?

Incident Response and Reporting

Include this topic for information about phishing, social engineering, online fraud, identity theft, malicious software, telephone scams and more.

All businesses should include an understanding of how to respond to a cyber attack as part of any basic cyber security plan, and thus we recommend you include this section. Do you wish to include?

Policy Development, Management

Include this topic for information about developing security policies, roles and responsibilities, employee behavior and protecting your company’s reputation.

All business with employees can benefit from having written security policies and procedures. Do you wish to include this section?

Step 3: Click below to finish

Or click here to download all sections of guidance.

This guide is not a substitute for consulting trained cyber security professionals.

*This information is used exclusively to populate the report cover sheet and is not retained by the FCC.