Cyber Resources for SMBs

Small Business Administration (SBA)

• Cyber Safety Tips for Small Business Owners | U.S. Small Business Administration
• Strengthen your cybersecurity | U.S. Small Business Administration
• 3 Simple Things to Protect Against Cyberattacks | U.S. Small Business Administration

Federal Trade Commission (FTC)

• Cybersecurity for Small Business
• Scams and Your Small Business: A Guide for Business

Federal Bureau of Investigation (FBI)

• What Businesses Should Know
• How we can help you - Ransomware
• How we can help you - Business Email Compromise (BEC)
• How we can help you - Spoofing and Phishing
• Industry Alerts - Internet Crime Complaint Center

Cybersecurity & Infrastructure Security Agency (CISA)

Achieving the Highest Security Posture

When security experts give cybersecurity advice, they usually assume you are only willing to make small changes to your IT infrastructure. But what would you do if you could reshape your IT infrastructure? Some organizations have made more aggressive changes to their IT systems to reduce their “attack surface.” In some cases, they have been able to all but eliminate (YES, WE SAID ELIMINATE!) the possibility of falling victim to phishing attacks. Sound interesting? Keep reading!

On premises vs cloud

One major improvement you can make is to eliminate all services that are hosted in your offices. We call these services “on premises” or “on-prem” services. Examples of on-prem services are mail and file storage in your office space. These systems require a great deal of skill to secure. They also require time to patch, to monitor, and to respond to potential security events. Few small businesses have the time and expertise to keep them secure.

While it’s not possible to categorically state that “the cloud is more secure,” we have seen repeatedly that organizations of all sizes cannot continuously handle the security and time commitments of running on-prem mail and file storage services. The solution is to migrate those services to secure cloud versions, such as Google Workspace or Microsoft 365 for enterprise email. These services are built and maintained using world-class engineering and security talent at an attractive price point. We urge all businesses with on-prem systems to migrate to secure cloud-based alternatives as soon as possible.

Secure endpoints

While all operating system vendors work to continuously improve the security of their products, two stand out as being “secure by design,” specifically, Chromebooks and iOS devices like iPads.

Some organizations have migrated some or all of their staff to use Chromebooks and iPads. As a result, they have removed a great deal of “attack surface,” which in turn makes it much harder for attackers to get a foothold. Even if an attacker were able to find a foothold on those systems as part of a ransomware attack, the data primarily lives in a secure cloud service, reducing the severity of the attack.

See Cyber Guidance for Small Businesses | CISA

• Cyber Essentials | CISA
• Small and Medium Businesses | CISA
  "Small businesses have valuable information that cyber criminals seek and often have fewer resources dedicated to cybersecurity."
• No Cost Cybersecurity Services & Tools | CISA

Payment Card Industry Data Security Standard (PCI-DSS)

• Merchant Resources | PCI Security Standards Council
• Data Security Essentials for Small Merchants: Guide to Safe Payments | PCI Security Standards Council
• Data Security Essentials Evaluation Tool | PCI Security Standards Council
• PCI Compliance for Small Businesses | fitsmallbusiness.com

Microsoft

• Zero Trust guidance for small businesses
• Cybersecurity for small and medium business | Microsoft Security
• https://www.microsoft.com/en-us/security/blog/topic/small-and-medium-business/?msockid=3971d31e18976a9123e2c53719116b28
• https://windowsforum.com/threads/essential-microsoft-365-security-strategies-for-small-businesses-in-2025.371777/

Apple

• If you believe that your Apple Account has been compromised, change your password immediately.

• Get help with security issues - Apple Support

• Apple security releases - Apple Support

• Recognize and avoid social engineering schemes including phishing messages, phony support calls, and other scams - Apple Support

• Protect your small business: A ‘how to’ guide for Apple | Australian Signals Directorate
• Personal Safety User Guide

Google

• Security checklist for small businesses (1-100 users) - Google Workspace Admin Help
• Tips to Help You Stay Safe Online - Google Safety Center
• Security best practices - Google payments center help
• Security best practices for administrator accounts - Google Workspace Admin Help

Facebook

• Tips to Keep Facebook and Instagram Business Accounts Secure | Facebook
• Using Security Checkup to add security to your Facebook account | Facebook
• Spam, Scams, and Phishing | Facebook
• Report Content on Facebook | Facebook

Passwords, Passphrases, Passkeys, and Multi-Factor Authentication

• How Passkeys Work | Passkey Central
• Password Bits
• Password Cracking Calculator
• Password Vs. Passphrase - When & What To Use?