Explore a collection of cybersecurity resources to help your business stay secure.
Cybersecurity resources from BBB and beyond
In today's digital world, cybersecurity isn't optional. Cyber threats can disrupt operations, damage reputations, and cost businesses time and money.
To further support your cybersecurity efforts, BBB has compiled a list of resources from federal and state agencies, industry associations, and nonprofit organizations. Whether you want to train your staff on cybersecurity basics, develop a response plan, or stay up to date on the latest threats, these resources can help you protect what you've built.
What you'll find:
- Federal, state, industry, and nonprofit resources for business cybersecurity.
- Where to find additional cybersecurity tips from BBB.
- How these resources can help your business.
- Policy templates that can help your business's cybersecurity efforts.
Federal resources
Resources from the Department of Homeland Security
- The Department of Homeland Security and its components play a role in strengthening cybersecurity resilience across the nation and sectors. Read what DHS is doing, see what resources are available, and stay updated on the latest cybersecurity news.
- National Cybersecurity Awareness Month
The U.S. Department of Homeland Security (DHS) sponsors National Cybersecurity Awareness Month and provides a range of cybersecurity resources for businesses of all sizes. - United States Computer Emergency Readiness Team (US-CERT)
US-CERT is the result of a partnership between the Department of Homeland Security and the public and private sectors. US-CERT provides a way for citizens, businesses, and other institutions to communicate and coordinate directly with the United States government regarding cybersecurity. This site is a useful source of high-level cybersecurity information. The US-CERT Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. - Critical Infrastructure Cyber Community C³ Voluntary Program
The Department of Homeland Security launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist in the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework). The C³ Voluntary Program was created to help improve the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting using the Framework. - National Critical Infrastructure Security & Resilience Month
Under the Department of Homeland Security, in partnership with InfraGard of the National Capital Region (InfraGardNCR), November is designated as National Critical Infrastructure Security & Resilience Month (NCISRM). NCISRM builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure. - InfraGard is a partnership between the FBI and the private sector. It is an association of persons representing businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S. For more information on InfraGard of the National Capital Region (InfraGardNCR) visit https://www.infragardncr.org/
- Cybersecurity and Infrastructure Security Agency (CISA)
CISA is a part of the Department of Homeland Security (DHS) and provides resources, alerts, and tools to help businesses protect themselves from cyber threats. They offer assessments, risk management advice, and best practices tailored to both small and large businesses. - STOP.THINK.CONNECT Campaign
STOP. THINK. CONNECT.™ is the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, non-profits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The Department of Homeland Security leads the federal engagement in the campaign.
Resources from the Federal Communications Commission (FCC)
- The FCC has a list of 10 cybersecurity tips for small businesses.
- Use the FCC Small Business Cyber Planner 2.0 create customized cybersecurity plans for your business.
Resources from the Federal Trade Commission (FTC)
- OnGuard Online (Safety Tips from the Government)
OnGuardOnline is the FTC’s main consumer-facing website to educate everyone on staying safe and secure online. - OnGuard Online: Just for Small Businesses
OnGuardOnline.gov provides information for small businesses to protect data, networks, and IT systems. - Protecting Personal Information: A Guide for Business
Practical tips for businesses on creating and implementing a plan for safeguarding personal information. - Start With Security: A Guide for Business
Start With Security summarizes lessons learned from the data security settlements reached by the FTC to date; it offers 10 common-sense lessons that apply to businesses of all sizes and in all sectors.
Resources from the U.S. Department of Commerce
- National Institute of Standards and Technology (NIST)
NIST, an agency of the U.S. Department of Commerce, was founded in 1901 as the nation's first federal physical science research laboratory. Over the years, the scientists and technical staff at NIST have made contributions in areas such as image processing, DNA diagnostic "chips," smoke detectors and automated error-correcting software for machine tools. - National Institute of Standards and Technology (NIST)
NIST, under the Department of Commerce, provides the Cybersecurity Framework, which offers voluntary guidance for managing and reducing cybersecurity risks. NIST also publishes standards, guidelines, and best practices related to data security, encryption, and system protection.
Resources from the U.S. Chamber of Commerce
- Internet Security Essentials for Business 2.0
The U.S. Chamber of Commerce's Internet Security Essentials for Business 2.0 guide and other free security resources for business owners, managers, and employees.
Resources from the U.S. Small Business Administration (SBA)
- Cybersecurity for Small Businesses is a self-paced training exercise providing an introduction to securing information in a small business.
Resources from the United States Secret Service (USSS)
- Cyber Fraud Task Forces (CFTF)
The USSS CFTF focuses on cyber-related financial crimes. They offer resources to businesses to prevent and combat cyber fraud, focusing on data protection, digital forensics, and cybersecurity education.
State resources
Agencies to contact (not applicable in all states):
- State Attorney General’s Office
- State Office of Chief Information Officer or Chief Information Security Officer
- State FBI Offices
- State Police Cyber Division
State data breach laws:
- National Conference of State Legislatures
- Security Breach Notification Laws
Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information. - State Data Breach Law Summary from BakerHostetler Law Firm
- Security Breach Notification Chart
Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification.
Industry and non-profit resources
- Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.
- Center for Internet Security
The Center for Internet Security, Inc. (CIS) is a 501c3 nonprofit organization focused on enhancing the cybersecurity readiness and response of public and private sector entities.
- Identity Theft Resource Center
The Identity Theft Resource Center® (ITRC) is a nonprofit organization dedicated exclusively to the understanding and prevention of identity theft. The ITRC provides victim and consumer support and public education. The ITRC also advises governmental agencies, legislators, law enforcement and businesses about the evolving and growing problem of identity theft.
- ISC2 (International Information Systems Security Certification Consortium)
(ISC)² is a global, not-for-profit organization that educates and certifies information security professionals.
- Multi-State Information Sharing & Analysis Center (MS-ISAC) Resources and Publications
The MS-ISAC is a collaborative organization with participation from all 50 states, the District of Columbia, local governments and U.S. territories. The mission of the MS-ISAC, consistent with the objectives of the National Strategy to Secure Cyberspace, is to provide a common mechanism for raising the level of cybersecurity readiness and response in each state and with local governments. The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government.
- National Association of State Chief Information Officers (NASCIO)
NASCIO’s mission is to foster government excellence through quality business practices, information management and technology policy. NASCIO represents state chief information officers and information technology executives and managers from state governments across the United States. Individuals may sign up for NASCIO's email news briefs on enterprise architecture and cybersecurity, and NASCIO also conducts various research and issue brief efforts.
- National Cyber Security Alliance (NCSA)
The National Cyber Security Alliance (NCSA) is a nonprofit, public-private partnership focused on helping all digital citizens stay safer and more secure online. NCSA’s mission is to educate and empower a digital society and use the Internet more safely and securely.- Business Safe Online Resources
Protect your business, employees and customers from online attacks, data loss and other threats with these resources. - Free Security Check Ups
Many computer security vendors offer free computer security checks for your computer. This is a list of links to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
- Business Safe Online Resources
- National Initiative for Cybersecurity Education (NICE)
An initiative of the National Institute of Standards and Technology, the National Initiative for Cybersecurity Education (NICE) extends its scope beyond the federal workplace to include civilians and students in kindergarten through post-graduate school. The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security.
- SANS Institute
The SANS Institute provides intensive, immersion training designed to help businesses master the practical steps necessary for defending systems and networks. They also provide a large collection of information security research documents and whitepapers about various aspects of information security.
- Critical Security Controls for Effective Cyber Defense
The Critical Security Controls focus first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness.
- Software Assurance Forum for Excellence in Code (SAFECode)
SAFECode is a nonprofit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.
- Small Firm Cyber Security Checklist
This resource page is intended to provide information applicable to small firms and supportive of their overall business model to increase their security and ensure the protection of their customers.
Resources from Facebook
- Security Tips for Small Businesses on Facebook
Facebook has published tips and tricks to protect your Facebook profile and your business’s Facebook Page.
Resources from Google
- The Official Google Blog's security posts provide insights from Google employees regarding online safety with their products.
Resources from McAfee
- McAfeeThe Security Advice Center offers information on a variety of online safety topics, including antivirus and antispyware software, children’s safety, online shopping, identity theft, phishing data loss and more.
- McAfee Mobile Security offers a free mobile security app and resources to protect mobile devices.
- McAfee Blog Central provides blog posts and resources on online safety and security for businesses, consumers and executives.
Resources from Microsoft
- Microsoft’s Safety and Security Center offers tools and how tos in order to protect computers from online threats.
- The Cyber Trust Blog offers guidance on how to better protect devices from threats such as malware, viruses and spyware. It gives information about identity theft, spam and phishing attacks and alerts readers when Microsoft issues security updates.
Resources from other entities
ICSA Labs (division of Verizon Business)
ICSA Labs, an independent division of Verizon Business, has been providing credible, independent, third-party product assurance for end users and enterprises since 1989. ICSA Labs has provided vendor-neutral testing and certification for hundreds of security products and solutions for many of the world's top security product developers and service providers. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance.
VISA
Learn the Facts helps consumers learn about various threats, how to spot them and what you can do to keep your information secure – online and off.