Using both the NSF article “The Impact of Cyber Security on Small Businesses, and the NIST publication “Small Business Information Security: The fundamentals, as a basis, examine & discuss the costs and benefits of developing cyber security programs in small businesses, starting with understanding where to start. By their very nature, small businesses have limited funds to spend on cyber security related activities. So, start with how would you determine where and how to spend these limited dollars.

To start off figuring out how to spend the money in a business, I believe best practice would examine all of the protections needed based on inventory. Certain protections do not need to be purchased if that type of product will not be used. A thorough list of risks is used throughout daily life to rule out unpredictabilities such as rain. Even though all risks can not be examined labeling priorities is a good place to start. After determining the vulnerabilities and risks an in-depth look into how much the inventory is worth is a very important assessment. Many businesses do not see the need to invest in cyber protection as they do not want to spend the money involved. However, waiting to find out an accident occurred on your way to work instead of looking at the GPS is the same instance. Waiting for an attack or threat to attack first before applying these first steps is an accident waiting to happen. The UK can be a great example of this because they had not invested in cyber protection or they did the bare minimum and have been subject to thousands of attacks. They are now starting to build on the protections, but it started affecting matching companies’ production efforts and customer information before they could. Companies should examine do they want to spend thousands or more dollars in damages or settlements or the protections in place to prevent that. At first glance, it may seem like a waste or a lot of money, but one has to imagine the risk of not doing so and how much the cost will be then.