Small Business Cyber Resources

Useful information and links to help your business.

Federal Communications Commission: 

• Cyberplanner – helps you create a plan  https://www.fcc.gov/cyberplanner
• For those who may already be at a mature state, you can choose which control families to include in your plan.
• Families include privacy, data security, scans and fraud, network security, website security, email, mobile devices, employees, facility, operational risk, payment cards, incident response, incident reporting, policy development

Cybersecurity & Infrastructure Security Agency

• We really like this resource, and it has a risk assessment:
  • https://www.cisa.gov/uscert/resources/assessments
• Meanwhile, you can assess technical maturity with NCATS:  https://www.cisa.gov/uscert/resources/ncats
• Allows you to sign-up for FREE resiliency testing including
  • Vulnerability Scanning
  • Phishing Campaign Assessment
  • Risk and Vulnerability Assessment
  • Validated Architecture Design Review
• All you do is email vulnerability_info@cisa.dhs.gov

Global Cyber Alliance:

• The GCA Small Business Toolkit:  https://gcatoolkit.org/smallbusiness/
• Measurement (Know What You Have)
• Response:
  • (Update your defenses, beyond simple passwords, prevent phishing and malware, backup and recover, protect your email, protect your reputation)

NIST Publication

• We can’t do anything without sending somebody to NIST!  (joking)
• Unlike many NIST documents, written in plain English
• While this may be dry for small business owners, it’s NIST – always worth the read
• Require at least one person in your organization to understand the whole thing.
• Small Business Fundamentals:  Identify, Protect, Detect, Respond, Recover
• https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.7621r1.pdf

Tabletop Exercises:

• Not to seem like we love CISA, but they do have decent resources for tabletop exercises.
• https://www.cisa.gov/cybersecurity-training-exercises

Infotex Resources for Small Businesses:

• We have a “madlib” (boilerplate) Acceptable Use Policy and Threat-based Risk Assessment
• https://my.infotex.com/sb will have a convenient link to all of the resources
• https://my.infotex.com/sb/sb-aup for a boilerplate of our Acceptable Use Policy
  • https://my.infotex.com/sb-aup-movie a movie showing how to use the Acceptable Use Policy Boillerplate
• https://my.infotex.com/sb/ra for a boilerplate of our Small Business Threat-based Risk Assessment
  • https://my.infotex.com/sb-risk-assessment-movie for a movie on how to use the Threat-based Risk Assessment
• Fun Zip: there is also a zip of fun posters, puzzles, etc.  (https://my.infotex.com/sb)

Copy of presentation slides:

Cybersanity While Watching for Sick Birds with Infotex

Information Security with Virtual Innovation

Useful Resource Summary Page