Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. How Can We Help?
  3. Small and Medium Businesses
Share:
SOW Small and Medium Businesses

Small and Medium Businesses

Small businesses have valuable information that cyber criminals seek and often have fewer resources dedicated to cybersecurity.

Small- and medium-sized businesses are key to vibrant communities, a strong economy, and often play critical roles in the supply chain. CISA offers free information and tools to help small businesses protect their people, customers, intellectual property, and other sensitive data cyber and physical threats.  

Featured Content

A "DO NOT CROSS" Police banner located at a crime scene

Active Shooter Preparedness

Active shooter incidents are often unpredictable and evolve quickly. Amid the chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident.

A person walking away from a suspicious bag

Bombing Prevention

Explore resources that protect life and critical infrastructure and build capabilities to prevent, protect against, respond to, and mitigate bombing incidents.

A graphic that says "Cybersecurity Performance Goals"

Cross-Sector Cybersecurity Performance Goals

The CPGs are voluntary practices that outline the highest-priority baseline measures businesses and critical infrastructure owners of all sizes can take to protect themselves against cyber threats.

An image of a coffee shop owner and patrons sitting at a table.

Cyber Guidance for Small Businesses

Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware. The security landscape has changed, and our advice needs to evolve with it.

Text of Secure by Design on grid background in a colorful isometric design

Secure by Design

Every technology provider must take ownership at the executive level to ensure their products are both secure by design and secure by default.

Stop Ransomware

Stop Ransomware

StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.

Mobile apps concept on a mobile device

The Power of Hello

Industries face a variety of threats, both internal and external, from hostile governments, terrorist groups, disgruntled employees and malicious introducers. Alert employees can spot suspicious activity and report it. 

Shields Ready

Shields Ready

CISA’s Shields Ready campaign is about making resilience during incidents a reality by taking action before incidents occur.

Small Business Week

Small Business Week

CISA proudly celebrates the nation’s entrepreneurs and small businesses and their contributions to the economy during National Small Business Week! 

Open Source CISA Tabletop Exercise Package Cover

Supply Chain Risk Management Resources

Explore resources developed by the ICT SCRM Task Force that can assist small and medium businesses with their establishment and conduct of supply chain risk management programs and policies.

ChemLock wordmark

ChemLock

CISA's ChemLock program is a voluntary program that provides facilities that possess dangerous chemicals with no-cost services and tools to help them better understand the risks they face and improve their chemical security posture in a way that work

Alerts & Directives

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications

JAN 22, 2025 | CYBERSECURITY ADVISORY | AA25-022A
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory in response to exploitation in September 2024 of vulnerabilities in Ivanti Cloud Service Appliances (CSA).

CISA and Partners Release Call to Action to Close the National Software Understanding Gap

JAN 16, 2025 | ALERT
This report further explores the opportunity for enhanced coordination to strengthen technical foundations and progress towards a more vigorous understanding of software on a national scale.

CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook

JAN 15, 2025 | ALERT

Services

CISA has compiled a list of free tools and services to help small and medium businesses further advance their security capabilities. This living repository includes services provided by CISA, widely used open-source tools, and other free tools and services offered by private and public sector organizations. 

View Services

Infrastructure Survey Tool (IST)

INCREASE YOUR RESILIENCE, ASSESS YOUR RISK LEVEL
The Infrastructure Survey Tool (IST) is a voluntary, web-based assessment to identify and document the overall security and resilience of a facility.
Foundational
cyber city

Cyber Resilience Review (CRR)

Contact: iodregionaloperations@cisa.dhs.gov
An assessment that evaluates an organization's operational resilience and cybersecurity practices.
View Services

Helpful Resources

Use CISA's resources to gain important best practices, knowledge, and skills related to Small and Medium Businesses.

Guidance and Strategies to Protect Network Edge Devices

FEB 04, 2025 | EXTERNAL, PUBLICATION
View Files

CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook

JAN 15, 2025 | ALERT

National Cyber Incident Response Plan Update Public Comment Draft

DEC 16, 2024 | PUBLICATION
The National Cyber Incident Response Plan (NCIRP) Update Public Comment Draft offers the public an opportunity to provide their knowledge and experiences on the NCIRP. The public comment period begins today and concludes on January 15, 2025.
Download File (PDF, 1.31 MB)

Enhanced Visibility and Hardening Guidance for Communications Infrastructure

DEC 04, 2024 | PUBLICATION
This guide provides network engineers and defenders of communications infrastructure with best practices to strengthen their visibility and harden their network devices against successful exploitation carried out by PRC-affiliated and other malicious cyber actors.
Download File (PDF, 777.17 KB)

Within each CISA Region are local and regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs). These field personnel assess, advise, and assist and provide a variety of risk management and response services to help business, government and other organizations become more resilient to cyber and physical threats and to form partnerships. 

Contact Your Regional Office

CISA Region 1

Region 1

CISA Region 2

Region 2

CISA Region 3

Region 3

CISA Region 4

Region 4

CISA Region 5

Region 5

CISA Region 6

Region 6

CISA Region 7

Region 7

CISA Region 8

Region 8

CISA Region 9

Region 9

CISA Region 10

Region 10

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback