The vast majority of smaller businesses rely on information technology to run their businesses and to store, process, and transmit information. Protecting this information from unauthorized disclosure, modification, use, or deletion is essential for those companies and their customers.
With limited resources and budgets, these companies need cybersecurity guidance, solutions, and training that is practical, actionable, and enables them to cost-effectively address and manage their cybersecurity risks. This NIST Small Business Cybersecurity Corner puts these key resources in one place.
Congress has given NIST responsibility to disseminate consistent, clear, concise, and actionable resources to small businesses. All resources are free and draw from information produced by federal agencies, including NIST and several primary contributors, as well non-profit organizations and several for-profit companies. These resources will be updated and expanded regularly.
NIST has been working on behalf of SMBs for many years together with the FBI and the Small Business Administration. More recently the NIST Small Business Cybersecurity Act, which became law on August 14, 2018, directed NIST to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
The website does not provide operational assistance to individual companies, but it does list federal agency and some non-profit contacts that can offer that assistance. Small businesses should immediately report any threats and incidents to the FBI’s Internet Crime Complaint Center (IC3).
Currently, resources from government agencies and non-profit organizations that are publicly available on the Internet, accurate and comprehensive for a given type of cybersecurity risk or risk-reducing measure, and freely available for others to use meet the basic criteria for potential inclusion in the Small Business Cybersecurity Corner Web site. To see all the contributors, go to the Contributors Directory.
This section includes information and links to our main contributors’ websites for small business cybersecurity.
Cybersecurity & Infrastructure Security Agency (CISA)
Department of Homeland Security (DHS)
Federal Bureau of Investigation (FBI)
Federal Communications Commission (FCC)
Federal Trade Commission (FTC)
Health and Human Services (HHS)
Healthcare and Public Health Sector Coordinating Council (HSCC)
Manufacturing Extension Partnership (MEP)
National Cybersecurity Alliance
National Initiative for Cybersecurity Education (NICE)
Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR)
U.S. Small Business Administration (SBA)
U.S. Department of Defense Office of Small Business Programs (OSBP)