(Getty Images)
FEDERAL GOVERNMENT
Department of Homeland Security
Cybersecurity overview
Strengthening the security and resilience of cyberspace has become an important homeland security mission.
National Cyber Security Awareness Month
The U.S. Department of Homeland Security (DHS) sponsors National Cyber Security Awareness Month and provides a range of cybersecurity resources for businesses of all sizes.
United States Computer Emergency Readiness Team (US-CERT)
US-CERT is the result of a partnership between the Department of Homeland Security and the public and private sectors. US-CERT provides a way for citizens, businesses, and other institutions to communicate and coordinate directly with the United States government regarding cybersecurity. This site is a useful source of high-level cybersecurity information. The US-CERT Cyber Resilience Review (CRR) is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices.
Critical Infrastructure Cyber Community C³ Voluntary Program
The Department of Homeland Security (DHS) launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist in the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework), released in February 2014. The C³ Voluntary Program was created to help improve the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting using the Framework.
National Critical Infrastructure Security & Resilience MonthUnder the Department of Homeland Security (DHS), in partnership with InfraGard of the National Capital Region (InfraGardNCR), November is designated as National Critical Infrastructure Security & Resilience Month (NCISRM). NCISRM builds awareness and appreciation of the importance of critical infrastructure and reaffirms the nationwide commitment to keep our critical infrastructure and our communities safe and secure. Securing the nation's infrastructure, which includes both the physical facilities that supply our communities with goods and services, like water, transportation, and fuel, and the communication and cyber technology that connects people and supports the critical infrastructure systems we rely on daily, is a national priority that requires planning and coordination across the whole community.
InfraGard is a partnership between the FBI and the private sector. It is an association of persons representing businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
For more information on InfraGard of the National Capital Region (InfraGardNCR) visit https://www.infragardncr.org/
For more information on InfraGard and find a local chapter visit https://www.infragard.org/
Getting started for small and midsize businesses
Cybersecurity is critical to any business enterprise, no matter how small. To help small business leaders get started, FTC has provided a list of top resources specially designed to help SMBs recognize and address their cybersecurity risks.
STOP. THINK. CONNECT.™ is the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, non-profits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). The Department of Homeland Security leads the federal engagement in the campaign.
Federal Communications Commission (FCC)
FCC Small Business Cyber Planner 2.0
Online resource to help small businesses create customized cybersecurity plans. Use this tool to create and save a custom cyber security plan for your company, choosing from a menu of expert advice to address your specific business needs and concerns.
Ten cybersecurity tips for small businesses
Federal Trade Commission (FTC)
OnGuard Online (Safety Tips from the Government)
OnGuardOnline is the FTC’s main consumer facing website to educate everyone on staying safe and secure online.
OnGuard Online: Just for Small Businesses
OnGuardOnline.gov provides information for small businesses to protect data, networks, and IT systems.
Protecting Personal Information: A Guide for Business
Practical tips for businesses on creating and implementing a plan for safeguarding personal information.
Start With Security: A Guide for Business
Start With Security summarizes lessons learned from the data security settlements reached by the FTC to date; it offers 10 common-sense lessons that apply to businesses of all sizes and in all sectors.
National Institute of Standards and Technology (NIST)
NIST, an agency of the U.S. Department of Commerce, was founded in 1901 as the nation's first federal physical science research laboratory. Over the years, the scientists and technical staff at NIST have made contributions in areas such as image processing, DNA diagnostic "chips," smoke detectors and automated error-correcting software for machine tools.
U.S. Small Business Administration (SBA)
Cybersecurity for Small Businesses is a self-paced training exercise providing an introduction to securing information in a small business.
Cybersecurity and Infrastructure Security Agency (CISA)
CISA is a part of the Department of Homeland Security (DHS) and provides resources, alerts, and tools to help businesses protect themselves from cyber threats. They offer assessments, risk management advice, and best practices tailored to both small and large businesses.
National Institute of Standards and Technology (NIST)
NIST, under the Department of Commerce, provides the Cybersecurity Framework, which offers voluntary guidance for managing and reducing cybersecurity risks. NIST also publishes standards, guidelines, and best practices related to data security, encryption, and system protection.
United States Secret Service (USSS) – Cyber Fraud Task Forces (CFTF)
The USSS CFTF focuses on cyber-related financial crimes. They offer resources to businesses to prevent and combat cyber fraud, focusing on data protection, digital forensics, and cybersecurity education.
STATE GOVERNMENT
AGENCIES TO CONTACT (not applicable in all states)
State Attorney General’s Office
State Office of Chief Information Officer or Chief Information Security Officer
State FBI Offices
State Police Cyber Division
STATE DATA BREACH LAWS:
National Conference of State Legislatures
Security Breach Notification Laws
Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information.
BakerHostetler Law Firm
Perkins Coie Law Firm
Security Breach Notification Chart
Perkins Coie's Privacy & Security practice maintains a comprehensive chart that summarizes state laws regarding security breach notification.
INDUSTRY AND NON-PROFIT
Anti-Phishing Working Group
The Anti-Phishing Working Group (APWG) is the global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types.
The Center for Internet Security, Inc. (CIS) is a 501c3 nonprofit organization focused on enhancing the cybersecurity readiness and response of public and private sector entities.
Security Tips for Small Businesses on Facebook
Facebook is a widely used tool for many small business owners to connect with their communities, attract and retain their customer base and drive future growth. Facebook has published tips and tricks to protect your Facebook profile and your business’s Facebook Page.
The Official Google Blog's security posts provide insights from Google employees regarding online safety with their products.
ICSA Labs (division of Verizon Business)
ICSA Labs, an independent division of Verizon Business, has been providing credible, independent, third-party product assurance for end users and enterprises since 1989. ICSA Labs has provided vendor-neutral testing and certification for hundreds of security products and solutions for many of the world's top security product developers and service providers. Enterprises worldwide rely on ICSA Labs to set and apply objective testing and certification criteria for measuring product compliance and performance.
Identity Theft Resource Center
The Identity Theft Resource Center® (ITRC) is a nonprofit organization dedicated exclusively to the understanding and prevention of identity theft. The ITRC provides victim and consumer support and public education. The ITRC also advises governmental agencies, legislators, law enforcement and businesses about the evolving and growing problem of identity theft.
ISC2 (International Information Systems Security Certification Consortium)
(ISC)² is ta global, not-for-profit organization that educates and certifies information security professionals.
McAfeeThe Security Advice Center offers information on a variety of online safety topics, including antivirus and antispyware software, children’s safety, online shopping, identity theft, phishing data loss and more.
McAfee Mobile Security offers a free mobile security app and resources to protect mobile devices.
McAfee Blog Central provides blog posts and resources on online safety and security for businesses, consumers and executives.
MicrosoftThe Safety and Security Center offers tools and how tos in order to protect computers from online threats.
The Cyber Trust Blog offers guidance on how to better protect devices from threats such as malware, viruses and spyware. It gives information about identity theft, spam and phishing attacks and alerts readers when Microsoft issues security updates.
Multi-State Information Sharing & Analysis Center (MS-ISAC)
Resources and Publications
The MS-ISAC is a collaborative organization with participation from all 50 states, the District of Columbia, local governments and U.S. territories. The mission of the MS-ISAC, consistent with the objectives of the National Strategy to Secure Cyberspace, is to provide a common mechanism for raising the level of cybersecurity readiness and response in each state and with local governments. The MS-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from the states and providing two-way sharing of information between and among the states and with local government.
National Association of State Chief Information Officers (NASCIO)
NASCIO’s mission is to foster government excellence through quality business practices, information management and technology policy. NASCIO represents state chief information officers and information technology executives and managers from state governments across the United States. Individuals may sign up for NASCIO's email news briefs on enterprise architecture and cybersecurity, and NASCIO also conducts various research and issue brief efforts.
National Cyber Security Alliance (NCSA)
The National Cyber Security Alliance (NCSA) is a nonprofit, public-private partnership focused on helping all digital citizens stay safer and more secure online. NCSA’s mission is to educate and empower a digital society and use the Internet more safely and securely.
Business Safe Online Resources
Protect your business, employees and customers from online attacks, data loss and other threats with these resources.
Many computer security vendors offer free computer security checks for your computer. This is a list of links to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
National Initiative for Cybersecurity Education (NICE)
An initiative of the National Institute of Standards and Technology, the National Initiative for Cybersecurity Education (NICE) extends its scope beyond the federal workplace to include civilians and students in kindergarten through post-graduate school. The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security.
Security and Privacy Enhancing Best Practices
PCI Security Standards Council
The SANS Institute provides intensive, immersion training designed to help businesses master the practical steps necessary for defending systems and networks. They also provide a large collection of information security research documents and whitepapers about various aspects of information security.
Critical Security Controls for Effective Cyber Defense
The Critical Security Controls focus first on prioritizing security functions that are effective against the latest Advanced Targeted Threats, with a strong emphasis on "What Works" - security controls where products, processes, architectures and services are in use that have demonstrated real world effectiveness.
Software Assurance Forum for Excellence in Code (SAFECode)
SAFECode is a nonprofit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.
Securities Industry and Financial Markets Association (SIFMA)
Small Firm Cyber Security Checklist
This resource page is intended to provide information applicable to small firms and supportive of their overall business model to increase their security and ensure the protection of their customers.
TechSoup Global's 12 Tips to Being Safer Online
Tips for nonprofits, charities and NGOs to protect their data and infrastructure.
Internet Security Essentials for Business 2.0
The U.S. Chamber of Commerce's Internet Security Essentials for Business 2.0 guide and other free security resources for business owners, managers, and employees.
VISA
Learn the Facts helps consumers learn about various threats, how to spot them and what you can do to keep your information secure – online and off.
RESOURCES BASED ON THE 5-STEP APPROACH
IDENTIFY:
StaySafeOnline - Assess Your Risk
DHS - Cyber Risk Management Primer for CEOs
PROTECT:
StaySafeOnline – Train Your Employees
StaySafeOnline – Protect Your Customers
StaySafeOnline – Implement A Cybersecurity Plan
Stop.Think.Connect – Two Steps Ahead Campaign
DETECT:
NSS Labs Breach Detection Systems Test Report
NetIQ – Detect and Disrupt Data Breaches Quickly
RESPOND:
Norton – What to do if you’re a victim
StaySafeOnline – Report Cyber Attacks
RECOVER:
Experian – Best Practices for Companies Recovering from a Data Breach
POLICIES
To help businesses create policies addressing cyber security issues, below are links to policy examples and templates. Many of the policies will be the same regardless of being written for public or private sector. Examples can be tailored for a specific business.
Cyber Security and Information Security Policy
SANS
Multi-State Information Sharing and Analysis Center
State Cyber and Information Security Policies
Local Government Cyber and Information Security Policies
U.S. Small Business Administration
White House Bring Your Own Device