Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
  1. Home
  2. How can we help?
Share:

Small and Medium Businesses

Small- and medium-sized businesses are key to vibrant communities, a strong economy, and often play critical roles in the supply chain. CISA offers free information and tools to help small businesses protect their people, customers, intellectual property, and other sensitive data cyber and physical threats.  

Featured Content

A photograph of a small town center with businesses

Cyber Guidance for Small Businesses

Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware. The security landscape has changed, and our advice needs to evolve with it.

An abstract of cyber lines

Cross-Sector Cybersecurity Performance Goals

The CPGs are a prioritized subset of IT and operational technology cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.

Secure by Design, Secure by Default

Secure by Design

Every technology provider must take ownership at the executive level to ensure their products are both secure by design and secure by default.

Stop Ransomware

Stop Ransomware

StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.

A person walking away from a suspicious bag

Bombing Prevention

Explore resources that protect life and critical infrastructure and build capabilities to prevent, protect against, respond to, and mitigate bombing incidents.

A "DO NOT CROSS" Police banner located at a crime scene

Active Shooter Preparedness

Active shooter incidents are often unpredictable and evolve quickly. Amid the chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident.

Mobile apps concept on a mobile device

The Power of Hello

Industries face a variety of threats, both internal and external, from hostile governments, terrorist groups, disgruntled employees and malicious introducers. Alert employees can spot suspicious activity and report it. 

Featured Articles

Celebrating Small Business Week: Cybersecurity Help for Small Businesses

MAY 03, 2022 | BLOG
Small businesses are increasingly under threat by cyber bad actors. They face the challenge of integrating cybersecurity best-practices into their very specialized operations. Read these tips that small businesses can use to strengthen their cyber posture.

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks

JAN 26, 2023 | PUBLICATION
This handbook provides an overview of the highest supply chain risk categories commonly faced by ICT small and medium-sized businesses (SMBs), including cyber risks, and resources that can assist SMBs.
Download File (PDF, 580.12 KB)

Alerts and Directives

CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses

Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors.

Contact Your Regional Office

CISA Region 1

Region 1

Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island, Vermont
CISA Region 2

Region 2

New Jersey, New York, Puerto Rico, U.S. Virgin Islands
CISA Region 3

Region 3

Delaware, District of Columbia, Maryland, Pennsylvania, Virginia, West Virginia
CISA Region 4

Region 4

Alabama, Florida, Georgia, Kentucky, Mississippi, North Carolina, South Carolina, Tennessee
CISA Region 5

Region 5

Illinois, Indiana, Michigan, Minnesota, Ohio, Wisconsin
CISA Region 6

Region 6

Arkansas, Louisiana, New Mexico, Oklahoma, Texas
CISA Region 7

Region 7

Iowa, Kansas, Missouri, Nebraska
CISA Region 8

Region 8

Colorado, Montana, North Dakota, South Dakota, Utah, Wyoming
CISA Region 9

Region 9

Arizona, California, Hawaii, Nevada, Guam, American Samoa, Commonwealth of the Northern Mariana Islands
CISA Region 10

Region 10

Alaska, Idaho, Oregon, Washington

Within each CISA Region are local and regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs). These field personnel assess, advise, and assist and provide a variety of risk management and response services to help business, government and other organizations become more resilient to cyber and physical threats and to form partnerships. 

Services

CISA has compiled a list of free tools and services to help small and medium businesses further advance their security capabilities. This living repository includes services provided by CISA, widely used open-source tools, and other free tools and services offered by private and public sector organizations. 

View Services

Infrastructure Survey Tool (IST)

INCREASE YOUR RESILIENCE, ASSESS YOUR RISK LEVEL
The Infrastructure Survey Tool (IST) is a voluntary, web-based assessment to identify and document the overall security and resilience of a facility.
Foundational

Security Assessment at First Entry

ASSESS YOUR RISK LEVEL
Contact: isdassessments@cisa.dhs.gov
Rapid voluntary physical security assessment designed to quickly identify vulnerabilities and evaluate options to mitigate them.
Foundational, Intermediate, Advanced

Cyber Resilience Review (CRR)

Contact: iodregionaloperations@cisa.dhs.gov
An assessment that evaluates an organization's operational resilience and cybersecurity practices.
View Services

Publications

Multifactor authentication (MFA) 

JAN 05, 2022 | PUBLICATION
MFA is a layered approach to securing data and applications which increases security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement.
Download File (PDF, 207.67 KB)

Capacity Enhancement Guides for Non-Federal Organizations

MAR 25, 2021 | PUBLICATION
Non-Federal Capacity Enhancement Guides provide actionable recommendations, best practices, and operational insights tailored to non-federal government organizations.
View Files

CISA Cybersecurity Awareness Program Small Business Resources

NOV 29, 2021 | PUBLICATION
Small businesses have valuable information cyber criminals seek but often have fewer resources dedicated to cybersecurity.
View Files

Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel

OCT 26, 2021 | PUBLICATION
Provides a set of questions regarding an ICT supplier/provider’s implementation and application of industry standards and best practices that can help small and medium-sized businesses guide supply chain risk planning in a standardized way.
View Files

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks

JAN 26, 2023 | PUBLICATION
This handbook provides an overview of the highest supply chain risk categories commonly faced by ICT small and medium-sized businesses (SMBs), including cyber risks, and resources that can assist SMBs.
Download File (PDF, 580.12 KB)
A photo that says CYBER ESSENTIALS

Cyber Essentials

WEBINAR
A guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.

Insider Risk Mitigation Program Evaluation (IRMPE)

PUBLICATION
This tool pulls from insider threat planning and preparedness resources to allow users to evaluate the maturity of their insider threat program in one convenient and easy-to-navigate fillable PDF.
View Files
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback