Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Small Business Information Security: the Fundamentals

Published

Author(s)

Richard L. Kissel

Abstract

[Superseded by NISTIR 7621 Rev. 1 (November 2016): https://www.nist.gov/node/1111801 ] For some small businesses, the security of their information, systems, and networks might not be a high priority, but for their customers, employees, and trading partners it is very important. The term Small Enterprise (or Small Organization) is sometimes used for this same category of business or organization. A small enterprise/organization may also be a nonprofit organization. The size of a small business varies by type of business, but typically is a business or organization with up to 500 employees. In the United States, the number of small businesses totals to over 95% of all businesses. The small business community produces around 50% of our nation s Gross National Product (GNP) and creates around 50% of all new jobs in our country. Small businesses, therefore, are a very important part of our nation s economy. They are a significant part of our nation s critical economic and cyber infrastructure. Larger businesses in the United States have been actively pursuing information security with significant resources including technology, people, and budgets for some years now. As a result, they have become a much more difficult target for hackers and cyber criminals. Consequently, the hackers and cyber criminals are now focusing their unwanted attention on less secure small businesses. Therefore, it is important that each small business appropriately secure their information, systems, and networks. This Interagency Report (IR) will assist small business management to understand how to provide basic security for their information, systems, and networks.
Citation
NIST Interagency/Internal Report (NISTIR) - 7621
Report Number
7621

Keywords

information security, small business
Created October 1, 2009, Updated November 10, 2018