Small and Medium Businesses
Small- and medium-sized businesses are key to vibrant communities, a strong economy, and often play critical roles in the supply chain. CISA offers free information and tools to help small businesses protect their people, customers, intellectual property, and other sensitive data cyber and physical threats.
Cyber Guidance for Small Businesses
Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware. The security landscape has changed, and our advice needs to evolve with it.
Cross-Sector Cybersecurity Performance Goals
The CPGs are a prioritized subset of IT and operational technology cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.
Secure by Design
Every technology provider must take ownership at the executive level to ensure their products are both secure by design and secure by default.
StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.
Explore resources that protect life and critical infrastructure and build capabilities to prevent, protect against, respond to, and mitigate bombing incidents.
Active Shooter Preparedness
Active shooter incidents are often unpredictable and evolve quickly. Amid the chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident.
The Power of Hello
Industries face a variety of threats, both internal and external, from hostile governments, terrorist groups, disgruntled employees and malicious introducers. Alert employees can spot suspicious activity and report it.
Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
Alerts and Directives
CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses
Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors.
Contact Your Regional Office
Within each CISA Region are local and regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs). These field personnel assess, advise, and assist and provide a variety of risk management and response services to help business, government and other organizations become more resilient to cyber and physical threats and to form partnerships.
CISA has compiled a list of free tools and services to help small and medium businesses further advance their security capabilities. This living repository includes services provided by CISA, widely used open-source tools, and other free tools and services offered by private and public sector organizations.