SMALL BUSINESS CYBERSECURITY CORNER
The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies and their customers.
With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. This NIST Small Business Cybersecurity Corner puts these key resources in one place.
Congress has given NIST responsibility to disseminate consistent, clear, concise, and actionable resources to small businesses. All resources are free and draw from information produced by federal agencies, including NIST and several primary contributors, as well non-profit organizations and several for-profit companies. These resources will be updated and expanded regularly.
The website does not provide operational assistance to individual companies, but it does list federal agency and some non-profit contacts that can offer that assistance. Small businesses should immediately report any threats and incidents to the FBI’s Internet Crime Complaint Center (IC3).
Cybersecurity Basics
In this section, you will find introductory information about cybersecurity, cybersecurity-related risks, and the importance of taking appropriate steps to secure your business.
CYBERSECURITY RISKS
Resources that provide overviews of cybersecurity risks and threats to your business and how to manage those risks
FOR MANAGERS
Resources for small business owners and leaders that convey the business value of strong cybersecurity
Communicating with the Board About Cybersecurity: Making the Business Case – provides guidelines for effective board-level communication about cybersecurity matters
National Cyber Security Alliance and National Association of Corporate Directors
Questions Every CEO Should Ask About Cyber Risks – a guide for CEOs on how to discuss cybersecurity risk management topics with their leadership and implement cybersecurity best practices
Department of Homeland Security
Workforce Management Guidebook: Cybersecurity is Everyone’s Job – provides things to know, and things to do, for everyone in an organization, regardless of its type or size. It is intended for the general audience, which may not otherwise be knowledgeable about, or interested in, cybersecurity.
NICE Working Group
Cybersecurity Workforce Development – The FCC’s Communications Security, Reliability and Interoperability Council’s report on cybersecurity workforce recommendations.
Federal Communications Commission
Planning Guides
PLANNING TOOLS & WORKBOOKS
Guides, online tools, and workbooks to help you evaluate your business’ current approach to cybersecurity and plan for improvements
Cybersecurity Resources Roadmap – helps small and midsize businesses select the most useful cybersecurity resources based on needs
Department of Homeland Security
Cyber Insurance – tips on choosing a cyber insurance policy
Federal Trade Commission
FCC Cyber Planner – The Small Biz Cyber Planner 2.0 is an online resource to help small businesses create customized cybersecurity plans.
Federal Communications Commission
NIST CYBERSECURITY FRAMEWORK
Widely used approach to help determine and address highest priority risks to your business, including standards, guidelines, and best practices
NIST Cybersecurity Framework – links to the framework itself and other resources to help you apply it to your business
National Institute of Standards and Technology
Understanding the NIST Cybersecurity Framework – overview of the framework and how to put it to work in your business
Federal Trade Commission
Cybersecurity Risk Management – The FCC’s Communications Security, Reliability and Interoperability Council’s report on cybersecurity risk management and best practices.
Federal Communications Commission
Cybersecurity Framework for Small Manufacturers
Cybersecurity Framework Steps for Small Manufacturers – helps small manufacturers understand the NIST Cybersecurity Framework and how it can be used to manage their cyber risks. Note: You will be prompted to provide why you need access to the item.
Manufacturing Extension Partnership
NIST Manufacturing Profile – NISTIR 8183 – provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment including a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices
Manufacturing Extension Partnership
Guidance by Topic
In this section, you will find topic-specific guidance on actions to take to address cybersecurity risks and secure your business.
ALL-PURPOSE GUIDES
Guidance that covers multiple cybersecurity topics
Cybersecurity Basics – basic tips for securing your business
Federal Trade Commission
Lock Down Your Login – simple steps to gain peace of mind and more control over your online security
National Cyber Security Alliance
Start with Security: A Guide for Business – lessons learned from Federal Trade Commission cases that touch on vulnerabilities that could affect your company, along with practical guidance on how to reduce the risks they pose
Federal Trade Commission
Interactive Infographic: How Secure is Your Factory Floor? – geared towards small manufacturers; provides a virtual tour of potential cyber vulnerabilities on a shop floor.
Manufacturing Extension Partnership
Good Security Habits – general tips for protecting your business electronic devices from unwanted remote access
Department of Homeland Security
Information Security for Small Business: The Fundamentals – NISTIR 7621– provides guidance on how small business can provide basic security for their information, systems, and networks
Manufacturing Extension Partnership
Small Business Cybersecurity “Quick Wins” – covers “quick wins” small businesses can implement now to better secure their sensitive data
National Cyber Security Alliance
GCA Cybersecurity Toolkit for Small Business – assess your security posture, implement free tools, find practical tips, and use free resources and guides to improve your company’s cybersecurity readiness and response
Global Cyber Alliance
FCC Cyber Tip Sheet – Ten key cybersecurity tips to protect your small business.
Federal Communications Commission
CHOOSING A VENDOR/SERVICE PROVIDER
Tips for choosing hardware and software vendors and service providers
Vendor security – tips to make sure business vendors with access to your sensitive business information are securing their own computers and networks
Federal Trade Commission
Hiring a Webhost – what to look for when hiring a webhost provider
Federal Trade Commission
COMPLIANCE
Guidance to help your business comply with Federal government security requirements
DFARS Cybersecurity Requirements – Information for Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) who must meet the Defense Federal Acquisition Regulation Supplement (DFAR). DFAR provides a set of basic security controls.
Manufacturing Extension Partnership
NIST Handbook 162 – provides a step-by-step guide to assess a manufacturer’s information systems against the security requirement in NIST SP 800-171 rev 1.
National Institute of Standards and Technology
NIST SP 800-171 – provides requirements for protecting the confidentiality of CUI.
National Institute of Standards and Technology
DEVELOPING SECURE PRODUCTS
Tips to help you develop secure software or hardware products
Careful Connections: Building Security in the Internet of Things – advice for businesses about building security into products connected to the Internet of Things, including proper authentication, reasonable security measures, and carefully considered default settings
Federal Trade Commission
EMPLOYEE AWARENESS
Aids and materials to raise your employees’ awareness about the importance of security
The Cybersecurity Awareness Toolkit – resources to help launch your own cybersecurity awareness program
National Cyber Security Alliance, Better Business Bureau, Facebook, and MediaPRO
It’s Everyone’s Job to Ensure Online Safety at Work – infographic that can be used to remind employees of good security practices
National Cyber Security Alliance
Workforce Management Guidebook: Cybersecurity is Everyone’s Job – Provides things to know, and things to do, for everyone in an organization, regardless of its type or size. It is intended for the general audience, which may not otherwise be knowledgeable about, or interested in, cybersecurity.
NICE Working Group
Cybersecurity Workforce Development – The FCC’s Communications Security, Reliability and Interoperability Council’s report on cybersecurity workforce recommendations.
Federal Communications Commission
PROTECTING AGAINST SCAMS
Tips on dealing with tech support scams, business email scams, etc.
Business Email Imposters – an overview of business email imposter scams and tips for protecting your business
Federal Trade Commission
Tech Support Scams – what to do when you get a phone call, pop-up, or email telling you there’s a problem with your computer
Federal Trade Commission
SMB Alert: Beware of 2019 Tax Scams – provides an overview of common cyber scams targeting small and medium businesses during tax season and includes tips for better protecting data
National Cyber Security Alliance
2 Responses
There is just alittle learning curve and once you know easy
methods to do it the sky is the boundaries. But they do not know what
lies in each segment of the SEO service. All 9 of these articles were
taken by 9 separate entities. http://Normsbookclub.com/MyBB/member.php?action=profile&uid=98591
Excellent beat ! I wish to apprentice at the same time as you amend your website, how could i subscribe for a blog web site?
The account helped me a acceptable deal. I have been tiny bit familiar of this your broadcast offered vivid clear concept