Business Resources

FEDERAL GOVERNMENT

Department of Homeland Security
Cybersecurity Overview
Strengthening the security and resilience of cyberspace has become an important homeland security mission.

National Cyber Security Awareness Month
The U.S. Department of Homeland Security (DHS) sponsors National Cyber Security Awareness Month and provides a range of cyber security resources for businesses of all sizes.

United States Computer Emergency Readiness Team (US-CERT) 
US-CERT is the result of a partnership between the Department of Homeland Security and the public and private sectors.  US-CERT provides a way for citizens, businesses and other institutions to communicate and coordinate directly with the United States government about cyber security. This site is a useful source of high-level cybersecurity information.  The US-CERT Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices

Critical Infrastructure Cyber Community C³ Voluntary Program
The Department of Homeland Security (DHS) launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework), released in February 2014. The C³ Voluntary Program was created to help improve the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting the use of the Framework.

National Critical Infrastructure Security & Resilience Month
Under the Department of Homeland Security (DHS) in partnership with InfraGard of the National Capital Region (InfraGardNCR), November is designated as National Critical Infrastructure Security & Resilience Month (NCISRM).  NCISRM builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure. Securing the nation's infrastructure, which includes both the physical facilities that supply our communities with goods and services, like water, transportation, and fuel, and the communication and cyber technology that connects people and supports the critical infrastructure systems we rely on daily, is a national priority that requires planning and coordination across the whole community.​

For more information on NCISRM visit http://www.ncisrm.org/

InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

For more information on InfraGard of the National Capital Region (InfraGardNCR) visit http://www.infragardncr.org/

For more information on InfraGard and find a local chapter visit https://www.infragard.org/

Getting Started for Small and Midsize Businesses
Cybersecurity is critical to any business enterprise, no matter how small.   To help small business leaders get started, DHS has provided a list of top resources specially designed to help SMBs recognize and address their cybersecurity risks.

STOP.THINK.CONNECT Campaign

STOP. THINK. CONNECT.™ is the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online.  The message was created by an unprecedented coalition of private companies, non-profits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG).  The Department of Homeland Security leads the federal engagement in the campaign.

Federal Communications Commission (FCC)

FCC Small Business Cyber Planner 2.0

Online resource to help small businesses create customized cybersecurity plans. Use this tool to create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.

Ten Cybersecurity Tips for Small Businesses

Federal Trade Commission (FTC)

OnGuard Online (Safety Tips from the Government)
OnGuardOnline is the FTC’s main consumer facing website to educate everyone on staying safe and secure online.

OnGuard Online: Just for Small Businesses

OnGuardOnline.gov provides information for small businesses to protect data, networks, and IT systems.

Protecting Personal Information: A Guide for Business

Practical tips for businesses on creating and implementing a plan for safeguarding personal information.


Start With Security: A Guide for Business
Start With Security summarizes lessons learned from the data security settlements reached by the FTC to date; it offers 10 common-sense lessons that apply to businesses of all sizes and in all sectors.

National Institute of Standards and Technology (NIST)
NIST, an agency of the U.S. Department of Commerce, was founded in 1901 as the nation's first federal physical science research laboratory. Over the years, the scientists and technical staff at NIST have made contributions in areas such as image processing, DNA diagnostic "chips," smoke detectors and automated error-correcting software for machine tools.

U.S. Small Business Administration (SBA)

Cybersecurity for Small Businesses is a self-paced training exercise providing an introduction to securing information in a small business.

STATE GOVERNMENT

AGENCIES TO CONTACT (not applicable in all states)

State Attorney General’s Office

State Office of Chief Information Officer or Chief Information Security Officer

State FBI Offices

State Police Cyber Division

STATE DATA BREACH LAWS:

National Conference of State Legislatures

Security Breach Notification Laws

Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information.

BakerHostetler Law Firm

State Data Breach Law Summary

Perkins Coie Law Firm

Security Breach Notification Chart

Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. 

INDUSTRY AND NON-PROFIT

Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

Center for Internet Security

The Center for Internet Security, Inc. (CIS) is a 501c3 nonprofit organization focused on enhancing the cybersecurity readiness and response of public and private sector entities.

Facebook

Security Tips for Small Businesses on Facebook

Facebook is a widely used tool for many small business owners to connect with their communities, attract and retain their customer base and drive future growth.  Facebook has published tips and tricks to protect your Facebook profile and your business’s Facebook Page.

Enhancing Security with a Quick Checkup

 A new took called Security Checkup that makes it easier to find and use the security controls for your account.

Google

The Official Google Blog's security posts provide insights from Google employees regarding online safety with their products.

ICSA Labs (division of Verizon Business)  
ICSA Labs, an independent division of Verizon Business, has been providing credible, independent, third-party product assurance for end users and enterprises since 1989. ICSA Labs has provided vendor-neutral testing and certification for hundreds of security products and solutions for many of the world's top security product developers and service providers. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance.

Identity Theft Resource Center
The Identity Theft Resource Center® (ITRC) is a nonprofit organization dedicated exclusively to the understanding and prevention of identity theft. The ITRC provides victim and consumer support and public education. The ITRC also advises governmental agencies, legislators, law enforcement and businesses about the evolving and growing problem of identity theft.

ISC2 (International Information Systems Security Certification Consortium)
(ISC)² is ta global, not-for-profit  organization  that educates and certifies information security professionals. 

JustAskGemalto.com
JustAskGemalto.com is run by Gemalto, a company that provides products and services for telecommunications, financial services, e-government, identity and access management, multimedia content, digital rights management, IT security and many other applications. JustAskGemalto.com is devoted to answering questions about digital services and security technologies and provides the latest technology news, how-to videos and links to related sites.

McAfeeThe Security Advice Center offers information on a variety of online safety topics, including antivirus and antispyware software, children’s safety, online shopping, identity theft, phishing data loss and more.
McAfee Mobile Security offers a free mobile security app and resources to protect mobile devices.
McAfee Blog Central provides blog posts and resources on online safety and security for businesses, consumers and executives.

MicrosoftThe Safety and Security Center offers tools and how tos in order to protect computers from online threats.
Safer Online  offers the latest online safety tips and resources.
The Cyber Trust Blog offers guidance on how to better protect devices from threats such as malware, viruses and spyware. It gives information about identity theft, spam and phishing attacks and alerts readers when Microsoft issues security updates. 
The Security Intelligence Report provides an in-depth perspective on the changing threat landscape, including software vulnerability disclosures and exploits, malicious software (malware) and potentially unwanted software.
The Worldwide Computer Security Information page lets individuals choose a country of residence and then presents online safety tips in the local language.

Multi-State Information Sharing & Analysis Center (MS-ISAC)
Resources and Publications
The MS-ISAC is a collaborative organization with participation from all 50 states, the District of Columbia, local governments and U.S. territories. The mission of the MS-ISAC, consistent with the objectives of the National Strategy to Secure Cyberspace, is to provide a common mechanism for raising the level of cybersecurity readiness and response in each state and with local governments. The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government.

MySecureCyberspace
MySecureCyberspace is a free educational resource created by Carnegie Mellon University to empower digital citizens to secure their part of cyberspace.

National Association of State Chief Information Officers (NASCIO)
NASCIO’s mission is to foster government excellence through quality business practices, information management and technology policy. NASCIO represents state chief information officers and information technology executives and managers from state governments across the United States. Individuals may sign up for NASCIO's email news briefs on enterprise architecture and cybersecurity, and NASCIO also conducts various research and issue brief efforts.

National Cyber Security Alliance (NCSA)

The National Cyber Security Alliance (NCSA) is a nonprofit, public-private partnership focused on helping all digital citizens stay safer and more secure online.  NCSA’s mission is to educate and empower a digital society and use the Internet more safely and securely.

Business Safe Online Resources

Protect your business, employees and customers from online attacks, data loss and other threats with these resources.

Free Security Check Ups

Many computer security vendors offer free computer security checks for your computer.  This is a list of links to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.

National Initiative for Cybersecurity Education (NICE)

An initiative of the National Institute of Standards and Technology, the National Initiative for Cybersecurity Education (NICE) extends its scope beyond the federal workplace to include civilians and students in kindergarten through post-graduate school. The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security.

National Security Agency (NSA) Security Configuration Guides
NSA develops and distributes configuration guidance for a wide variety of both open source and proprietary software. NSA strives to provide its customers and the software development community the best possible security options for the most widely used products.

New York State Division of Homeland Security and Emergency Services’ Office of Cyber Security
The Enterprise Information Security Office is dedicated to the protection of the state's cybersecurity infrastructure through identifying and mitigating vulnerabilities, deterring and responding to cyber events and promoting cybersecurity awareness within the state.

Online Trust Alliance (OTA)

Industry Best Practices

OTA provides the following best practices, resources and guidance to help enhance online safety, data security, privacy and brand protection.  

2015 Data Protection & Breach Readiness Guide

Security and Privacy Enhancing Best Practices

PCI Security Standards Council

PCI for Small Merchants

The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards.  Learn how the PCI Data Security Standards can mitigate data breaches and prevent payment cardholder data fraud.

SANS Institute

The SANS Institute provides intensive, immersion training designed to help businesses master the practical steps necessary for defending systems and networks.  They also provide a large collection of information security research documents and whitepapers about various aspects of information security.

Critical Security Controls for Effective Cyber Defense

The Critical Security Controls focus first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness.

SiteLock: 10 Ways to Keep Hackers Away From Your Data

Software Assurance Forum for Excellence in Code (SAFECode)
SAFECode is a nonprofit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.

Securities Industry and Financial Markets Association (SIFMA)

Small Firm Cyber Security Checklist

This resource page is intended to provide information applicable to small firms and supportive of their overall business model to increase their security and ensure the protection of their customers.

TechSoup Global's 12 Tips to Being Safer Online
Tips for nonprofits, charities and NGOs to protect their data and infrastructure.

Twitter Safety & Security
Safety & Security pages discuss Twitter's safety philosophy, explain settings and how to control your experience on Twitter, handle issues online and access other useful resources. 

U.S. Chamber of Commerce

Internet Security Essentials for Business 2.0

 The U.S. Chamber of Commerce's Internet Security Essentials for Business 2.0 guide and other free security resources for business owners, managers, and employees.

Verizon

2015 Data Breach Investigations Report

Prepare your enterprise to conduct individualized self-assessments of risk, so you can make realistic decisions on how to avoid cyber threats. This 2015 DBIR expands its investigation into nine common threat patterns and sizes up the effects of all types of data breaches, from small data disclosures to events that hit the headlines.

VISA
 Learn the Facts helps consumers learn about various threats, how to spot them and what you can do to keep your information secure – online and off.

RESOURCES BASED ON THE 5-STEP APPROACH

IDENTIFY:

StaySafeOnline  - Assess Your Risk

DHS - Cyber Risk Management Primer for CEOs

PROTECT:

StaySafeOnline – Train Your Employees

StaySafeOnline – Protect Your Customers

StaySafeOnline – Implement A Cybersecurity Plan

FEMA – Before A Cyber Attack

Stop.Think.Connect – Two Steps Ahead Campaign

TurnOn2FA Campaign

DETECT:

NSS Labs Breach Detection Systems Test Report

NetIQ – Detect and Disrupt Data Breaches Quickly

RESPOND:

FEMA – During A Cyber Attack

Norton – What to do if you’re a victim

StaySafeOnline – Report Cyber Attacks

RECOVER:

FEMA – After A Cyber Attack

Experian – Best Practices for Companies Recovering from a Data Breach

WIRED – Five Actions to Take Immediately After a Cyberattack

IntraLinks – 6 Steps for Data Breach Recovery and Prevention

 

POLICIES

To help businesses create policies addressing cyber security issues, below are links to policy examples and templates.  Many of the policies will be the same regardless of being written for public or private sector. Examples can be tailored for a specific business.

Cyber Security and Information Security Policy

SANS

Free policy templates

Multi-State Information Sharing and Analysis Center

State Cyber and Information Security Policies

Local Government Cyber and Information Security Policies

Social Media Policy

U.S. Small Business Administration

Best Buy

King County, WA

Mobile Device Policy

White House Bring Your Own Device