Cybersecurity Resources

As a business owner, it's important to understand the risks of operating online and to have a plan in place to protect yourself, your customers, and your data from cyber threats. The Federal Communications Commission (FCC) recognizes the importance of cybersecurity for small businesses and has created resources to help you develop a customized plan. In October 2012, the FCC re-launched the Small Biz Cyber Planner 2.0, an online tool to help small businesses create a plan that works for them. The FCC also released an updated one-page Cybersecurity Tip Sheet with new tips on creating a mobile device action plan and on payment and credit card security.

Below is a summary of helpful cybersecurity advice for SMBs:

• Cybersecurity and Infrastructure Security Agency (CISA): “Level Up Your Defenses — Four Cybersecurity Best Practices for Businesses” — practical, widely accepted advice on logging, backups, encryption, and incident reporting. CISA cybersecurity best practices (covering business defenses)
• CISA: “Four Cybersecurity Essentials for Businesses” — another CISA fact sheet with recommended practices like phishing training, strong passwords, MFA, and software updates. CISA four cybersecurity essentials guide
• Sophos Cybersecurity Best Practices Toolkit — a collection of best practice resources and cheat sheets created by a security vendor. Sophos cybersecurity best practices toolkit
• NIST Special Publication 800-53 (Security and Privacy Controls) — an authoritative catalog of security controls from the U.S. National Institute of Standards and Technology, used across industries. Wikipedia: NIST SP 80053 (controls framework)
• ISO/IEC 27005 (Risk Management Standard) — international guidance on identifying and managing information security risks. Wikipedia: ISO/IEC 27005 risk management guidance
• CIS Reasonable Cybersecurity Guide — a detailed publication from the nonprofit Center for Internet Security (CIS) with practical guidance for building a security program considered “reasonable” by risk and legal standards. CIS reasonable cybersecurity guide

• NIST Cybersecurity Framework 2.0: Small Business Quick-Start Guide — A practical risk management and security planning guide tailored for SMBs using the widely accepted NIST Cybersecurity Framework. NIST Small Business QuickStart Guide (SP 1300)
• CISA — Secure Your Business (Small & Medium Businesses) — The U.S. Cybersecurity and Infrastructure Security Agency offers simple, achievable cybersecurity steps (like MFA, password basics, and phishing training) for SMBs. CISA Secure Your Business Guidance
• “Cybersecurity for SMBs: 10 Best Practices” (WNC Business IT) — A business-oriented list of core actions such as MFA, training, backups, and patching. Cybersecurity for SMBs – 10 Best Practices
• “SMB Cybersecurity: Essential Tips for Protecting Your Business” (XL.Net) — Basic guidance on strong passwords, MFA, and software updates. Essential SMB Cybersecurity Practices
• Best Practices for Password Security (University of Wisconsin) — covers strong, unique passwords, password managers, multi-factor authentication (MFA), compromised password checks, and safe storage practices. Best Practices for Password Security (UW Security)
• Password Security Best Practices for 2025 — highlights unique passwords, changing default credentials, secure sharing, and stronger MFA options (including passkeys). Password Security Best Practices for 2025

By following these tips and utilizing the resources provided by the FCC, you can create a culture of security that will enhance business and consumer confidence and protect your business from cyber threats.

View the complete FCC Cyber Security tip list here.