Top Tools and Resources for Small Business Owners

Toolkit for Small and Midsize Businesses - C3 Voluntary Program
The Department of Homeland Security (DHS) and its partners have established a Critical Infrastructure Cyber Community (C3) Voluntary Program to help educate business owners about cybersecurity.  The C3 Voluntary Program Toolkit for Small and Midsize Businesses contains resources to help your business recognize and address cybersecurity risks, including Fact Sheets for Startups and Leadership and a Hands-On Resources Guide.  Learn more at https://www.us-cert.gov/ccubedvp/getting-started-smb.  For additional tools and resources for small employers, visit http://www.dhs.gov/publication/stopthinkconnect-small-business-resources

Small Biz Cyber Planner
The Federal Communications Commission (FCC), in collaboration with other government agencies and industry leaders, created the Small Biz Cyber Planner  - an easy-to-use, free online tool that will help you create a customized planning guide to protect your business from cybersecurity threats. Learn more at www.fcc.gov/cyberplanner.

SBA Online Course: Cyber Security for Small Businesses
Cyber Security for Small Businesses will help you learn more about the security principles you should keep in mind when online, as well as the ways you can protect your information and networks in case of a cyberattack.  For in-person assistance, visit your local SBA office or mentor

Cyber Resilience Review (CRR) assessment tool
Developed by DHS, this no-cost, voluntary CRR assessment tool helps businesses assess their information technology resilience.  The CRR evaluates ten domains including risk management, incident management, service continuity, and may be conducted as a self-assessment or as an in-person, facilitated assessment.  For more information, visit https://www.us-cert.gov/ccubedvp/self-service-crr.

FTC’s Start with Security: A Guide for Business
This guide developed by the Federal Trade Commission offers10 practical lessons businesses can learn from the FTC's 50+ data security settlements.  Visit https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business to download the guide, access videos, and more.

Cybersecurity Advisors (CSAs)
CSAs are regionally-located DHS personnel who offer immediate and sustained cybersecurity assistance to prepare and protect organizations, including small and mid-sized businesses. Services include on-site meetings to answer questions, exchange information and address concerns about cybersecurity; educational and awareness briefings; and assessments, including a full-day, expert-led a Cyber Resilience Review (CRR) evaluation that assess cybersecurity management practices.  For more information about CSAs, please email cyberadvisor@hq.dhs.gov.   

Local Resources
This collection of resources from various levels of government can help small and midsize businesses recognize and address their cybersecurity risks.  Access resources in your area.

Events and Webinars

  • Small Business Workshops
    SBA has teamed up with the Department of Commerce’s National Institute of Standards and Technology (NIST) and the FBI to conduct workshops on information security threats and solutions.  These workshops are especially designed for small businesses and not-for-profit organizations. Attendees will have the opportunity to explore practical tools and techniques that can help them to assess, enhance, and maintain the security of their systems and information.

  • 10 Cybersecurity Mistakes You Cannot Afford to Make - Tips from the Federal Trade Commission (webinar)
    The consequences of a data breach can be disastrous for a small business. The good news is there are steps you can take to protect your company’s data. Using the Federal Trade Commission's Start with Security guide and drawing on lessons from more than 50 FTC data security cases, this webinar lays out ten key steps to effective data security for small businesses. The training is aimed at small business owners who have basic familiarity with their company’s information technology. Topics covered include:

    • Password policies

    • Access Control

    • Network segmentation

    • Securing physical media

You can download a copy of the presentation here.