Small and Medium Businesses

Report a Cyber Issue
Organizations should report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.

Small businesses may not consider themselves targets for cyberattacks due to their small size or the perception that they don't have anything worth stealing. However, small businesses have valuable information cyber criminals seek, such as employee and customer records, bank account information and access to the business's finances, and access to larger networks. In some ways, small businesses are at a higher risk of cyberattacks than larger businesses because they often have fewer resources dedicated to cybersecurity. CISA provides resources and materials to help you keep your small business cyber secure.  If you have questions about CISA partnership opportunities or would like to tell us about your capabilities, please email CISAVendorEngagement@cisa.dhs.gov.     

Featured Content

Cyber Guidance for Small Businesses

Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware. The security landscape has changed, and our advice needs to evolve with it.

Supplementing Passwords

FEB 23, 2023 | BLOG
Passwords are a common form of protecting information, but passwords alone may not provide adequate security. For the best protection, use sites that have additional ways to verify your identity.

Protecting Against Ransomware

APR 11, 2019 | BLOG
Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.

Featured Articles

Celebrating Small Business Week: Cybersecurity Help for Small Businesses

MAY 03, 2022 | BLOG
Small businesses are increasingly under threat by cyber bad actors. They face the challenge of integrating cybersecurity best-practices into their very specialized operations. Read these tips that small businesses can use to strengthen their cyber posture.

CISA Releases Cyber Essentials for Small Businesses and Governments

NOV 06, 2019 | PRESS RELEASE
Developed in collaboration with small businesses and state and local governments, Cyber Essentials aims to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity. 

CISA Releases New Tool to Help Organizations Guard Against Insider Threats

SEP 28, 2021 | PRESS RELEASE
The Cybersecurity and Infrastructure Security Agency (CISA) released the Insider Risk Mitigation Program Evaluation (IRMPE), which assists public and private sector organizations in assessing their vulnerability to an insider threat. 

Alerts & Directives

CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses

JUL 14, 2021 | ALERT
Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors. Compromises of MSPs can have globally cascading effects and introduce significant risk to MSP customers.

Contact Your Regional Office

CISA Region 1

Region 1

Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, Vermont
CISA Region 2

Region 2

New Jersey, New York, Puerto Rico, U.S. Virgin Islands
CISA Region 3

Region 3

Delaware, District of Columbia, Maryland, Pennsylvania, Virginia, West Virginia
CISA Region 4

Region 4

Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, Tennessee
CISA Region 5

Region 5

Illinois, Indiana, Michigan, Minnesota, Ohio, Wisconsin
CISA Region 6

Region 6

Arkansas, Louisiana, New Mexico, Oklahoma, Texas
CISA Region 8

Region 8

Colorado, Montana, North Dakota, South Dakota, Utah, Wyoming
CISA Region 9

Region 9

Arizona, California, Hawaii, Nevada, Guam, American Samoa, Commonwealth of the Northern Mariana Islands

Services

CISA has compiled a list of free tools and services to help small and medium businesses further advance their security capabilities. This living repository includes services provided by CISA, widely used open-source tools, and other free tools and services offered by private and public sector organizations. 

View Services

Infrastructure Survey Tool (IST)

INCREASE YOUR RESILIENCE, ASSESS YOUR RISK LEVEL
The Infrastructure Survey Tool (IST) is a voluntary, web-based assessment to identify and document the overall security and resilience of a facility.
Foundational

Security Assessment at First Entry

ASSESS YOUR RISK LEVEL
Contact: isdassessments@cisa.dhs.gov
Rapid voluntary physical security assessment designed to quickly identify vulnerabilities and evaluate options to mitigate them.
Foundational, Intermediate, Advanced

Cyber Resilience Review (CRR)

Contact: iodregionaloperations@cisa.dhs.gov
An assessment that evaluates an organization's operational resilience and cybersecurity practices.
View Services

Publications

Multifactor authentication (MFA) 

JAN 05, 2022 | PUBLICATION
MFA is a layered approach to securing data and applications which increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement.
Download File (PDF, 207.67 KB)

Capacity Enhancement Guides for Non-Federal Organizations

MAR 25, 2021 | PUBLICATION
Non-Federal Capacity Enhancement Guides provide actionable recommendations, best practices, and operational insights tailored to non-federal government organizations.
View Files

CISA Cybersecurity Awareness Program Small Business Resources

NOV 29, 2021 | PUBLICATION
Small businesses have valuable information cyber criminals seek but often have fewer resources dedicated to cybersecurity.
View Files