Small and Medium Businesses
Small- and medium-sized businesses are key to vibrant communities, a strong economy, and often play critical roles in the supply chain. CISA offers free information and tools to help small businesses protect their people, customers, intellectual property, and other sensitive data cyber and physical threats.
Featured Content

Cyber Guidance for Small Businesses
Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware. The security landscape has changed, and our advice needs to evolve with it.

Cross-Sector Cybersecurity Performance Goals
The CPGs are a prioritized subset of IT and operational technology cybersecurity practices that critical infrastructure owners and operators can implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.

Secure by Design
Every technology provider must take ownership at the executive level to ensure their products are both secure by design and secure by default.

Stop Ransomware
StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.

Bombing Prevention
Explore resources that protect life and critical infrastructure and build capabilities to prevent, protect against, respond to, and mitigate bombing incidents.

Active Shooter Preparedness
Active shooter incidents are often unpredictable and evolve quickly. Amid the chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident.

The Power of Hello
Industries face a variety of threats, both internal and external, from hostile governments, terrorist groups, disgruntled employees and malicious introducers. Alert employees can spot suspicious activity and report it.
Featured Articles
Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
Alerts and Directives
CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses
Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors.
Contact Your Regional Office
Within each CISA Region are local and regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs). These field personnel assess, advise, and assist and provide a variety of risk management and response services to help business, government and other organizations become more resilient to cyber and physical threats and to form partnerships.
Services
CISA has compiled a list of free tools and services to help small and medium businesses further advance their security capabilities. This living repository includes services provided by CISA, widely used open-source tools, and other free tools and services offered by private and public sector organizations.
Infrastructure Survey Tool (IST)
Security Assessment at First Entry
Cyber Resilience Review (CRR)
Publications
Multifactor authentication (MFA)
Capacity Enhancement Guides for Non-Federal Organizations
CISA Cybersecurity Awareness Program Small Business Resources
Operationalizing Vendor Supply Chain Risk Management Template for Small and Medium-Sized Businesses and Excel
Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks
