Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Guidance by Topic

In this section, you will find topic-specific guidance on actions to take to address cybersecurity risks and secure your business.

All-purpose Guides

Guidance that covers multiple cybersecurity topics

Cybersecurity Basics – basic tips for securing your business
Federal Trade Commission

Lock Down Your Login - simple steps to gain peace of mind and more control over your online security
National Cyber Security Alliance

Start with Security: A Guide for Business – lessons learned from Federal Trade Commission cases that touch on vulnerabilities that could affect your company, along with practical guidance on how to reduce the risks they pose
Federal Trade Commission

Interactive Infographic: How Secure is Your Factory Floor? -  geared towards small manufacturers; provides a virtual tour of potential cyber vulnerabilities on a shop floor.
Manufacturing Extension Partnership

Good Security Habits – general tips for protecting your business electronic devices from unwanted remote access
Department of Homeland Security

Information Security for Small Business: The Fundamentals – NISTIR 7621- provides guidance on how small business can provide basic security for their information, systems, and networks
National Institute of Standards and Technology

Small Business Cybersecurity “Quick Wins” - covers "quick wins" small businesses can implement now to better secure their sensitive data
National Cyber Security Alliance

GCA Cybersecurity Toolkit for Small Business - assess your security posture, implement free tools, find practical tips, and use free resources and guides to improve your company’s cybersecurity readiness and response
Global Cyber Alliance

FCC Cyber Tip Sheet - Ten key cybersecurity tips to protect your small business.
Federal Communications Commission

MEP National Network Cybersecurity Assessment Tool - The purpose of this tool is to allow U.S. small manufacturers to self-evaluate the level of cyber risk to your business

FraudSupport - guidance for reporting and recovering after a cybercrime incident.
Cybercrime Support Network

Small Business Cyber Security Guide - This guide has been specifically designed for small businesses to understand, take action, and increase their cyber security resilience against ever-evolving cyber security threats. The language is clear, the actions are simple, and the guidance is tailored for small businesses.
Australian Cyber Security Centre

Manufacturers Guide to Cybersecurity for Small and Medium-Sized Manufacturers - Outlines common cybersecurity practices for small and medium-sized manufactures.  The activities are grouped according to the 5 Functions of the Cybersecurity Framework
Manufacturing Extension Partnership

Cybersecurity Practices for Small Health Care Organizations - The Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients aids healthcare and public health organizations develop meaningful cybersecurity objectives and outcomes. Technical Volume 1 discusses ten Cybersecurity Practices along with Sub-Practices for small health care organizations.  
Department of Health and Human Services (HHS)

Protecting Your Data From Ransomware and Other Data Loss Events - Many small and medium sized businesses rely on managed service providers (MSPs) to remotely manage their organization’s IT infrastructure, cybersecurity, and related business operations. The National Cybersecurity Center of Excellence at NIST has developed a set of recommendations to help MSPs improve their cybersecurity through a standards-based approach that reduces vulnerabilities to attacks such as ransomware.
National Cybersecurity Center of Excellence

Choosing a Vendor/Service Provider

Tips for choosing hardware and software vendors and service providers

Vendor security – tips to make sure business vendors with access to your sensitive business information are securing their own computers and networks
Federal Trade Commission

Hiring a Webhost – what to look for when hiring a webhost provider
Federal Trade Commission


Guidance to help your business comply with Federal government security requirements

DFARS Cybersecurity Requirements - Information for Department of Defense (DoD) contractors that process, store or transmit Controlled Unclassified Information (CUI) who must meet the Defense Federal Acquisition Regulation Supplement (DFAR). DFAR provides a set of basic security controls.
Manufacturing Extension Partnership

NIST Handbook 162 – provides a step-by-step guide to assess a manufacturer’s information systems against the security requirement in NIST SP 800-171 rev 1.
National Institute of Standards and Technology

NIST SP 800-171 – provides requirements for protecting the confidentiality of CUI.
National Institute of Standards and Technology

800-171 Handbook Webinar - Presented by Patricia Toth, MEP, NIST
National Institute of Standards and Technology

Developing Secure Products

Tips to help you develop secure software or hardware products

Careful Connections: Building Security in the Internet of Things - advice for businesses about building security into products connected to the Internet of Things, including proper authentication, reasonable security measures, and carefully considered default settings
Federal Trade Commission

Employee Awareness

Aids and materials to raise your employees’ awareness about the importance of security

Cyber Essentials: Building a Culture of Cyber Readiness – a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices.
Department of Homeland Security

Common Cybersecurity Misconceptions for Small and Medium-Sized Organizations – One focus of employee online safety education should include debunking commonly nist-quoted cybersecurity misconceptions. This list – assembled by the National Cyber Security Alliance, in collaboration with public and private partners – is based on the experiences of business leaders and employees from across the United States.
National Cyber Security Alliance

The Cybersecurity Awareness Toolkit – resources to help launch your own cybersecurity awareness program
National Cyber Security Alliance, Better Business Bureau, Facebook, and MediaPRO

It's Everyone's Job to Ensure Online Safety at Work – infographic that can be used to remind employees of good security practices
National Cyber Security Alliance

Workforce Management Guidebook: Cybersecurity is Everyone’s Job - Provides things to know, and things to do, for everyone in an organization, regardless of its type or size. It is intended for the general audience, which may not otherwise be knowledgeable about, or interested in, cybersecurity.
NICE Working Group

Cybersecurity Workforce Development - The FCC's Communications Security, Reliability and Interoperability Council's report on cybersecurity workforce recommendations.
Federal Communications Commission

Protecting Against Scams

Tips on dealing with tech support scams, business email scams, etc.

Business Email Imposters – an overview of business email imposter scams and tips for protecting your business
Federal Trade Commission

Tech Support Scams – what to do when you get a phone call, pop-up, or email telling you there’s a problem with your computer
Federal Trade Commission

SMB Alert: Beware of 2019 Tax Scams - provides an overview of common cyber scams targeting small and medium businesses during tax season and includes tips for better protecting data
National Cyber Security Alliance

FraudSupport - links to popular scam alert newsletters to help you stay informed.
Cybercrime Support Network

Guidance to help you protect the security of your business information and devices (like cell phones and laptops). 

Securing Network Connections

Guidance to help you secure your business’ network connections, including wireless and remote access

Securing Network Infrastructure Devicesdescription of threats to network infrastructure devices and tips for protecting those devices
Department of Homeland Security

Understanding Firewalls for Home and Small Office Use – overview of firewall usage and configuration
Department of Homeland Security

Secure Remote Access – tips for securely allowing employees and vendors to remotely access your business network
Federal Trade Commission

Securing Wireless Networks – summary of risks to your wireless network and how to protect against those risks
Department of Homeland Security

Understanding Bluetooth Technology – overview of Bluetooth wireless technology, security concerns, and tips to protect your Bluetooth-enabled devices
Department of Homeland Security

Telework and Small Office Network Security Guide - This guide provides recommendations for basic network setup and securing of home routers and modems against cyber threats. Securing these network devices is critical as they act as an on-ramp for internal networks to access the internet.
Center for Internet Security


Telework  Cybersecurity Resources

Telework Security Basics

Telework Security Overview & Tip Guide

Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

Tips for Securing Conference Calls

Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions

Content outlined on the Small Business Cybersecurity Corner webpages contain documents and resources submitted directly to us from our contributors. These resources were identified by our contributors as information they deemed most relevant and timely—and were chosen based on the current needs of the small business community.  Certain commercial entities may be identified in this Web site or linked Web sites. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Created February 7, 2019, Updated April 24, 2020