USEUTTC Cybersecurity

Security is a need in the digital, as much as in the physical world. Protecting critical capacities should not only be a concern for large companies, but it requires the attention of Small- and Medium-sized Enterprises (SMEs), too. The backbone of the European and American economies, SMEs are increasingly exposed to cyber-crimes with significant repercussions on both the EU and the U.S. markets. Of the European SMEs that the EU Agency for Cybersecurity (ENISA) surveyed in 2021, 90% stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening, with 57% of them likely to become bankrupt or go out of business. In 2019, in the U.S. successful cyber breaches cost victimized companies $200,000 on average.

SMEs across the Atlantic need to be prepared against the risk of malicious cyber incidents. Based on the learnings from the EU-U.S. Trade and Technology Council (TTC) Working Group 9 webinar on cybersecurity, the following points serve as high-level guidance for SMEs to become more cyber-secure.

For more insights on cybersecurity for SMEs, do not miss the recording of the webinar of the EU-U.S. Trade and Technology Council Working Group 9 on promoting access to and use of digital tools for SMEs!

Copy Link

SMEs should not hesitate to ask for support when needed, and we strongly encourage SMEs to check first with their national cybersecurity authorities—each of which has free resources that are available. In the European Union, SMEs can contact the network of European Digital Innovation Hubs, the Cybersecurity Coordination Centres (one in each Member State) under the Cybersecurity Competence Centre. In the United States, SMEs can contact the National Institute of Standards and Technology (NIST) through its Small Business Cybersecurity Corner; the Cybersecurity and Infrastructure Security Agency through its Cyber Essentials for SME resources; and the U.S. Small Business Administration’s Cybersecurity Resources. In case of malicious cyber incidents, SMEs should also not hesitate to reach out to the relevant national, local authorities, service providers, and, where applicable, a computer emergency response team (also known as a cybersecurity incident response team).

In addition, SMEs should consider the following helpful hints, which is not an exhaustive list of best practices, to become more cyber-secure.

End of tab panel

Copy Link

To effectively address cyber risks, a change of mind-set is needed. Awareness around cybersecurity should be raised and security must become an enterprise-wide issue, involving everyone in fulfilling security responsibilities. The guide Cybersecurity is Everyone’s Job represents a good point of departure as it outlines the role of each employee in protecting an organisation from cyber threats, based on the types of work performed by the individual.

End of tab panel

Copy Link

As new technologies emerge, cyber threats also become more complex and difficult to predict. Therefore, it is important to timely identify businesses’ weak points by mapping out all critical assets: people, physical infrastructures, information systems, business processes, corporate image, as well as available technologies. Several organizations offer services that can help map and analyze a company’s digital footprint and third-party risks, as well as provide continuous data security scans and tailored data security advice.

End of tab panel

Copy Link

Understanding security, why it is needed, and how to most effectively implement it is key. This calls for a global approach, which includes establishing a security plan, relying on a security manual, putting in place procedures and protocols based on certified policies and technologies, and conducting regular cybersecurity audits. A comprehensive cybersecurity strategy does not necessarily have to be costly for SMEs to implement and maintain. With SecureSME, ENISA suggests practical tips on measures that can be adopted without investing a large amount of money. The Quick Start Guide for NIST’s Cybersecurity Framework also may be a good starting point for small businesses to better manage cybersecurity risk.

End of tab panel

Copy Link

Implementing cybersecurity measures does not only imply the installation of certain technical measures, but it also requires educating employees on how to use technologies and providing them with the skills to work in a secure way. It is essential to start from the basics, such as how to best secure devices via e-ID and passwords or to encrypt sensitive e-mails, as well as consider immersive trainings and simulations. Different organisations can be found that test the effectiveness and resilience of enterprise assets, identify and exploit weaknesses in controls, and simulate malicious cyber incidents.

End of tab panel

Copy Link

Understanding one’s cyber-risks and appropriately conceiving a security strategy also requires building trust. This trust is needed in the company to better manage the business and raise credibility with customers, but it is also needed with respect to external partners. Sharing information with other SMEs on the causes of malicious cyber incidents and the solutions developed to tackle them is extremely important to become more cyber resilient. Collaborations with peers, as well as with expert institutions, have to be nurtured and fostered.

End of tab panel

Copy Link

Cybersecurity is a multifaceted issue that should be approached step-by-step. For example, ENISA developed a Cybersecurity guide for SMEs with 12 high level steps on how SMEs can better secure their systems and their business, including developing a good cybersecurity culture and develop an incident response plan.

End of tab panel

Global Business Navigator Chatbot ^Beta

Welcome to the Global Business Navigator, an artificial intelligence (AI) Chatbot from the International Trade Administration (ITA). This tool, currently in beta version testing, is designed to provide general information on the exporting process and the resources available to assist new and experienced U.S. exporters. The Chatbot, developed using Microsoft’s Azure AI services, is trained on ITA’s export-related content and aims to quickly get users the information they need. The Chatbot is intended to make the benefits of exporting more accessible by understanding non-expert language, idiomatic expressions, and foreign languages.

Limitations

As a beta product, the Chatbot is currently being tested and its responses may occasionally produce inaccurate or incomplete information. The Chatbot is trained to decline out of scope or inappropriate requests. The Chatbot’s knowledge is limited to the public information on the Export Solutions web pages of Trade.gov, which covers a wide range of topics on exporting. While it cannot provide responses specific to a company’s product or a specific foreign market, its reference pages will guide you to other relevant government resources and market research. Always double-check the Chatbot’s responses using the provided references or by visiting the Export Solutions web pages on Trade.gov. Do not use its responses as legal or professional advice. Inaccurate advice from the Chatbot would not be a defense to violating any export rules or regulations.

Privacy

The Chatbot does not collect information about users and does not use the contents of users’ chat history to learn new information. All feedback is anonymous. Please do not enter personally identifiable information (PII), sensitive, or proprietary information into the Chatbot. Your conversations will not be connected to other interactions or accounts with ITA. Conversations with the Chatbot may be reviewed to help ITA improve the tool and address harmful, illegal, or otherwise inappropriate questions.

Translation

The Chatbot supports a wide range of languages. Because the Chatbot is trained in English and responses are translated, you should verify the translation. For example, the Chatbot may have difficulty with acronyms, abbreviations, and nuances in a language other than English.

Privacy Program | Information Quality Guidelines | Accessibility

USEUTTC Cybersecurity

Global Business Navigator Chatbot Beta

Limitations

Privacy

Translation

Global Business Navigator Chatbot Beta

Limitations

Privacy

Translation

Global Business Navigator Chatbot ^Beta

Global Business Navigator Chatbot ^Beta