Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Basics

Cybersecurity is a continuous process. Because your business, technologies, regulations/laws, and cybersecurity threats continue to change, your goal should be to always strive for continuous improvement in your cybersecurity risk management.

There are many ways you can improve your business’ cybersecurity. Here are a few basic steps to get you started:

  • Understand that cyber threats are a business risk, and having strong cybersecurity is a competitive advantage.
  • Enable multi-factor authentication on all accounts that offer it.
  • Require strong passwords and consider using a password manager.
  • Change default manufacturer passwords to ones that are unique to you.
  • Install and maintain updated antivirus software.
  • Update and patch all software when new versions are available.
  • Learn how to protect your business from phishing.
  • Train employees on basic cybersecurity hygiene.

Additional Resources:

Cybersecurity Framework Quick Start Guide - Getting Started with the NIST Cybersecurity Framework: A Quick Start Guide provides activities for each Function of the Cybersecurity Framework that may be good starting points for small businesses. 

Cybersecurity Essentials Toolkit - The Cyber Essentials Toolkit is a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. 
Cybersecurity and Infrastructure Security Agency

Questions Every CEO Should Ask About Cyber Risks – a guide for CEOs on how to discuss cybersecurity risk management topics with their leadership and implement cybersecurity best practices
Department of Homeland Security

Content outlined on the Small Business Cybersecurity Corner webpages contains documents and resources from our contributors. These resources were identified by our contributors as information they deemed most relevant and timely—and were chosen based on the current needs of the small business community.  Certain commercial entities may be identified in this Web site or linked Web sites. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Created February 7, 2019, Updated January 4, 2024