Small and Medium Businesses
Small- and medium-sized businesses are key to vibrant communities, a strong economy, and often play critical roles in the supply chain. CISA offers free information and tools to help small businesses protect their people, customers, intellectual property, and other sensitive data cyber and physical threats.
Featured Content
Active Shooter Preparedness
Active shooter incidents are often unpredictable and evolve quickly. Amid the chaos, anyone can play an integral role in mitigating the impacts of an active shooter incident.
Bombing Prevention
Explore resources that protect life and critical infrastructure and build capabilities to prevent, protect against, respond to, and mitigate bombing incidents.
Cross-Sector Cybersecurity Performance Goals
The CPGs are voluntary practices that outline the highest-priority baseline measures businesses and critical infrastructure owners of all sizes can take to protect themselves against cyber threats.
Cyber Guidance for Small Businesses
Cyber incidents have surged among small businesses that often do not have the resources to defend against devastating attacks like ransomware. The security landscape has changed, and our advice needs to evolve with it.
Secure by Design
Every technology provider must take ownership at the executive level to ensure their products are both secure by design and secure by default.
Stop Ransomware
StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively.
The Power of Hello
Industries face a variety of threats, both internal and external, from hostile governments, terrorist groups, disgruntled employees and malicious introducers. Alert employees can spot suspicious activity and report it.
Shields Ready
CISA’s Shields Ready campaign is about making resilience during incidents a reality by taking action before incidents occur.
Small Business Week
CISA proudly celebrates the nation’s entrepreneurs and small businesses and their contributions to the economy during National Small Business Week!
ChemLock
CISA's ChemLock program is a voluntary program that provides facilities that possess dangerous chemicals with no-cost services and tools to help them better understand the risks they face and improve their chemical security posture in a way that work
Alerts, Advisories and Directives
CISA Insights: Guidance for MSPs and Small- and Mid-sized Businesses
Many small- and mid-sized businesses use MSPs to manage IT systems, store data, or support sensitive processes, making MSPs valuable targets for malicious cyber actors.
CISA Cybersecurity Advisory: Protecting Against Cyber Threats to Managed Service Providers and their Customers
This joint Cybersecurity Advisory provides actions managed service providers and their customers can take to reduce their risk of falling victim to a cyber intrusion.
CISA Insights on Risk Considerations for Managed Service Provider Customers
This CISA Insights provides Managed Service Provider customers a framework for reducing risk.
Contact Your Regional Office
Within each CISA Region are local and regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs). These field personnel assess, advise, and assist and provide a variety of risk management and response services to help business, government and other organizations become more resilient to cyber and physical threats and to form partnerships.
Services
CISA has compiled a list of free tools and services to help small and medium businesses further advance their security capabilities. This living repository includes services provided by CISA, widely used open-source tools, and other free tools and services offered by private and public sector organizations.
Infrastructure Survey Tool (IST)
