Skip to main content

Cookies on BBB.org

We use cookies to give users the best content and online experience. By clicking “Accept All Cookies”, you agree to allow us to use all cookies. Visit our Privacy Policy to learn more.

Cookie Preferences

Many websites use cookies or similar tools to store information on your browser or device. We use cookies on BBB websites to remember your preferences, improve website performance and enhance user experience, and to recommend content we believe will be most relevant to you. Most cookies collect anonymous information such as how users arrive at and use the website. Some cookies are necessary to allow the website to function properly, but you may choose to not allow other types of cookies below.

Necessary Cookies

What are necessary cookies?
These cookies are necessary for the site to function and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not work. These cookies do not store any personally identifiable information.

Necessary cookies must always be enabled.

Functional Cookies

What are functional cookies?
These cookies enable the site to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies, some or all of these services may not function properly.

Performance Cookies

What are performance cookies?
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Marketing Cookies

What are marketing cookies?
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant content on other sites. They do not store personal information directly, but are based on uniquely identifying your browser or device. If you do not allow these cookies, you will experience less targeted advertising.
      Country
          Country
          Latest News

          BBB Business Tip: Cybersecurity business resources

          By Better Business Bureau. October 2, 2020.

          (Getty Images)

          FEDERAL GOVERNMENT

          Department of Homeland Security
          Cybersecurity overview
          Strengthening the security and resilience of cyberspace has become an important homeland security mission.

          National Cyber Security Awareness Month
          The U.S. Department of Homeland Security (DHS) sponsors National Cyber Security Awareness Month and provides a range of cyber security resources for businesses of all sizes.

          United States Computer Emergency Readiness Team (US-CERT) 
          US-CERT is the result of a partnership between the Department of Homeland Security and the public and private sectors.  US-CERT provides a way for citizens, businesses and other institutions to communicate and coordinate directly with the United States government about cyber security. This site is a useful source of high-level cybersecurity information.  The US-CERT Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.

          Critical Infrastructure Cyber Community C³ Voluntary Program
          The Department of Homeland Security (DHS) launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework), released in February 2014. The C³ Voluntary Program was created to help improve the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting the use of the Framework..

          National Critical Infrastructure Security & Resilience Month
          Under the Department of Homeland Security (DHS) in partnership with InfraGard of the National Capital Region (InfraGardNCR), November is designated as National Critical Infrastructure Security & Resilience Month (NCISRM).  NCISRM builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure. Securing the nation's infrastructure, which includes both the physical facilities that supply our communities with goods and services, like water, transportation, and fuel, and the communication and cyber technology that connects people and supports the critical infrastructure systems we rely on daily, is a national priority that requires planning and coordination across the whole community.​

          For more information on NCISRM visit http://www.ncisrm.org/

          InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.

          For more information on InfraGard of the National Capital Region (InfraGardNCR) visit http://www.infragardncr.org/

          For more information on InfraGard and find a local chapter visit https://www.infragard.org/

          Getting started for small and midsize businesses
          Cybersecurity is critical to any business enterprise, no matter how small.   To help small business leaders get started, FTC has provided a list of top resources specially designed to help SMBs recognize and address their cybersecurity risks.

          STOP.THINK.CONNECT Campaign

          STOP. THINK. CONNECT.™ is the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online.  The message was created by an unprecedented coalition of private companies, non-profits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG).  The Department of Homeland Security leads the federal engagement in the campaign.

          Federal Communications Commission (FCC)

          FCC Small Business Cyber Planner 2.0

          Online resource to help small businesses create customized cybersecurity plans. Use this tool to create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.

          Ten cybersecurity tips for small businesses

          Federal Trade Commission (FTC)

          OnGuard Online (Safety Tips from the Government)
          OnGuardOnline is the FTC’s main consumer facing website to educate everyone on staying safe and secure online.

          OnGuard Online: Just for Small Businesses

          OnGuardOnline.gov provides information for small businesses to protect data, networks, and IT systems.

          Protecting Personal Information: A Guide for Business

          Practical tips for businesses on creating and implementing a plan for safeguarding personal information.


          Start With Security: A Guide for Business
          Start With Security summarizes lessons learned from the data security settlements reached by the FTC to date; it offers 10 common-sense lessons that apply to businesses of all sizes and in all sectors.

          National Institute of Standards and Technology (NIST)
          NIST, an agency of the U.S. Department of Commerce, was founded in 1901 as the nation's first federal physical science research laboratory. Over the years, the scientists and technical staff at NIST have made contributions in areas such as image processing, DNA diagnostic "chips," smoke detectors and automated error-correcting software for machine tools.

          U.S. Small Business Administration (SBA)

          Cybersecurity for Small Businesses is a self-paced training exercise providing an introduction to securing information in a small business.

          STATE GOVERNMENT

          AGENCIES TO CONTACT (not applicable in all states)

          State Attorney General’s Office

          State Office of Chief Information Officer or Chief Information Security Officer

          State FBI Offices

          State Police Cyber Division

          STATE DATA BREACH LAWS:

          National Conference of State Legislatures

          Security Breach Notification Laws

          Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information.

          BakerHostetler Law Firm

          State Data Breach Law Summary

          Perkins Coie Law Firm

          Security Breach Notification Chart

          Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification. 

          INDUSTRY AND NON-PROFIT

          Anti-Phishing Working Group
          The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.

          Center for Internet Security

          The Center for Internet Security, Inc. (CIS) is a 501c3 nonprofit organization focused on enhancing the cybersecurity readiness and response of public and private sector entities.

          Facebook

          Security Tips for Small Businesses on Facebook

          Facebook is a widely used tool for many small business owners to connect with their communities, attract and retain their customer base and drive future growth.  Facebook has published tips and tricks to protect your Facebook profile and your business’s Facebook Page.

          Enhancing Security with a Quick Checkup

           A new took called Security Checkup that makes it easier to find and use the security controls for your account.

          Google

          The Official Google Blog's security posts provide insights from Google employees regarding online safety with their products.

          ICSA Labs (division of Verizon Business)  
          ICSA Labs, an independent division of Verizon Business, has been providing credible, independent, third-party product assurance for end users and enterprises since 1989. ICSA Labs has provided vendor-neutral testing and certification for hundreds of security products and solutions for many of the world's top security product developers and service providers. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance.

          Identity Theft Resource Center
          The Identity Theft Resource Center® (ITRC) is a nonprofit organization dedicated exclusively to the understanding and prevention of identity theft. The ITRC provides victim and consumer support and public education. The ITRC also advises governmental agencies, legislators, law enforcement and businesses about the evolving and growing problem of identity theft.

          ISC2 (International Information Systems Security Certification Consortium)
          (ISC)² is ta global, not-for-profit  organization  that educates and certifies information security professionals. 

          McAfeeThe Security Advice Center offers information on a variety of online safety topics, including antivirus and antispyware software, children’s safety, online shopping, identity theft, phishing data loss and more.
          McAfee Mobile Security offers a free mobile security app and resources to protect mobile devices.
          McAfee Blog Central provides blog posts and resources on online safety and security for businesses, consumers and executives.

          MicrosoftThe Safety and Security Center offers tools and how tos in order to protect computers from online threats.
          The Cyber Trust Blog offers guidance on how to better protect devices from threats such as malware, viruses and spyware. It gives information about identity theft, spam and phishing attacks and alerts readers when Microsoft issues security updates. 

          Multi-State Information Sharing & Analysis Center (MS-ISAC)
          Resources and Publications
          The MS-ISAC is a collaborative organization with participation from all 50 states, the District of Columbia, local governments and U.S. territories. The mission of the MS-ISAC, consistent with the objectives of the National Strategy to Secure Cyberspace, is to provide a common mechanism for raising the level of cybersecurity readiness and response in each state and with local governments. The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government.

          National Association of State Chief Information Officers (NASCIO)
          NASCIO’s mission is to foster government excellence through quality business practices, information management and technology policy. NASCIO represents state chief information officers and information technology executives and managers from state governments across the United States. Individuals may sign up for NASCIO's email news briefs on enterprise architecture and cybersecurity, and NASCIO also conducts various research and issue brief efforts.

          National Cyber Security Alliance (NCSA)

          The National Cyber Security Alliance (NCSA) is a nonprofit, public-private partnership focused on helping all digital citizens stay safer and more secure online.  NCSA’s mission is to educate and empower a digital society and use the Internet more safely and securely.

          Business Safe Online Resources

          Protect your business, employees and customers from online attacks, data loss and other threats with these resources.

          Free Security Check Ups

          Many computer security vendors offer free computer security checks for your computer.  This is a list of links to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
          National Initiative for Cybersecurity Education (NICE)
          An initiative of the National Institute of Standards and Technology, the National Initiative for Cybersecurity Education (NICE) extends its scope beyond the federal workplace to include civilians and students in kindergarten through post-graduate school. The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security.

          Security and Privacy Enhancing Best Practices

          PCI Security Standards Council

          SANS Institute

          The SANS Institute provides intensive, immersion training designed to help businesses master the practical steps necessary for defending systems and networks.  They also provide a large collection of information security research documents and whitepapers about various aspects of information security.

          Critical Security Controls for Effective Cyber Defense

          The Critical Security Controls focus first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness.

          Software Assurance Forum for Excellence in Code (SAFECode)
          SAFECode is a nonprofit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.

          Securities Industry and Financial Markets Association (SIFMA)

          Small Firm Cyber Security Checklist

          This resource page is intended to provide information applicable to small firms and supportive of their overall business model to increase their security and ensure the protection of their customers.

          TechSoup Global's 12 Tips to Being Safer Online
          Tips for nonprofits, charities and NGOs to protect their data and infrastructure.

          U.S. Chamber of Commerce

          Internet Security Essentials for Business 2.0

           The U.S. Chamber of Commerce's Internet Security Essentials for Business 2.0 guide and other free security resources for business owners, managers, and employees.

          VISA
           Learn the Facts helps consumers learn about various threats, how to spot them and what you can do to keep your information secure – online and off.

          RESOURCES BASED ON THE 5-STEP APPROACH

          IDENTIFY:

          StaySafeOnline  - Assess Your Risk

          DHS - Cyber Risk Management Primer for CEOs

          PROTECT:

          StaySafeOnline – Train Your Employees

          StaySafeOnline – Protect Your Customers

          StaySafeOnline – Implement A Cybersecurity Plan

          FEMA – Before A Cyber Attack

          Stop.Think.Connect – Two Steps Ahead Campaign

          TurnOn2FA Campaign

          DETECT:

          NSS Labs Breach Detection Systems Test Report

          NetIQ – Detect and Disrupt Data Breaches Quickly

          RESPOND:

          FEMA – During A Cyber Attack

          Norton – What to do if you’re a victim

          StaySafeOnline – Report Cyber Attacks

          RECOVER:

          FEMA – After A Cyber Attack

          Experian – Best Practices for Companies Recovering from a Data Breach

           

          POLICIES

          To help businesses create policies addressing cyber security issues, below are links to policy examples and templates.  Many of the policies will be the same regardless of being written for public or private sector. Examples can be tailored for a specific business.

          Cyber Security and Information Security Policy

          SANS

          Free policy templates

          Multi-State Information Sharing and Analysis Center

          State Cyber and Information Security Policies

          Local Government Cyber and Information Security Policies

          U.S. Small Business Administration

          Best Buy

          White House Bring Your Own Device 

          DOWNLOADS

          5 STEPS TO BETTER BUSINESS CYBERSECURITY GUIDE