Resource Roundup: US Government Cybersecurity Resources for Private and Public Organizations

What tools and resources does the government provide to help small businesses, local governments, and nonprofits combat cybercrime?

The US Federal Government has become increasingly proactive in its approach to cybersecurity. As a result, an increasing number of helpful programs, trainings, self-audit tools, and other resources are becoming available to the general public. 

Small businesses, organizations, and local government institutions are all prime targets for hackers. Though these entities often lack the financial and human resources to fully protect their digital assets, they still move sums of money that are large enough to entice hackers. 

As a follow-up to our overview of the US Federal Government’s cybersecurity policy and structure, today we are going to round up some of the resources that it is making available to private and public institutions across the US. 

Cybersecurity Resources for Small Businesses

A variety of government departments offer cybersecurity resources, and several of them maintain a corner of their websites explicitly for small businesses. Below we share some of the most helpful and relevant sites that specifically address small business cybersecurity concerns. 

1. CISA’s Cyber Guidance and Tools for Small Businesses

The Cybersecurity and Infrastructure Security Agency (CISA) is the United States’s premiere cybersecurity institution. CISA’s Cyber Guidance for Small Businesses page contains a wealth of information and tools for small businesses. Its guidance and tools are first rate. 

The first section of the SMB webpage explains how executive leadership in small businesses can maximize cybersecurity through intentional structure, roles, and responsibilities within the organization. This explanation is complemented by CISA’s Cyber Essentials program. 

In addition to these leadership resources, CISA makes several explicit recommendations to help you immediately improve your cybersecurity posture. The webpage also contains links to some of CISA’s most valuable tools and resources such as how to respond to stop or respond to a ransomware attack, contact info for your CISA Regional Office (Missouri is a part of CISA Region 7), a cybersecurity Evaluation Tool for your endpoint device, and a comprehensive list of links to CISA’s free tools and resources. 

2. NIST’s Small Business Cybersecurity Corner 

As the nation’s administrator of best practices, the National Institute of Standards and Technology (NIST) has spent much of the past several years focusing on its cybersecurity guidance. Within this arena, it has created the Small Business Cybersecurity Corner that compiles a large amount of helpful educational resources and practical tools. 

On the page, business leaders can peruse case studies, utilize practical tools, or research the NIST’s guidance for specific topics like phishing, cloud security, choosing a managed service provider (MSP), dealing with ransomware, and many more. The NIST also maintains a library of educational videos to introduce you and your employees to important concepts in cybersecurity. Finally, the NIST offers the Small Business Cybersecurity Community of Interest (COI) for business that want to connect with other like-minded businesses and experts. 

3. SBA’s Cybersecurity Overview 

The Small Business Administration (SBA) hosts a cybersecurity webpage that provides simple explanations of cybersecurity basic concepts as well as a variety of helpful links to tools from other federal programs. This is a great launch pad if you are just beginning to research how cybersecurity can impact your business and need a basic introduction. 

4. FCC’s Cybersecurity Guidance

On its Small Businesses sites, the FCC primarily sticks to its specialty—compliance information. However, it also maintains a dedicated Cybersecurity for Small Businesses webpage that contains some helpful resources. This page offers ten succinct cybersecurity tips for SMBs as well as several links to relevant articles, reports, and tools. 

5. DoD’s Office of Small Business Programs’ Guidance for Suppliers 

If your business is a part of the Department of Defense’s (DoD) supply chain, you need to be intimately familiar with their cybersecurity standards. As a part of the country’s critical infrastructure, suppliers of the DoD are being held to high standards, which will only become more stringent over time. DoD suppliers are subject to new national laws which have mandated the NIST to form high standards for such businesses in addition to the DoD’s own internal certifications and regulations. 

The DoD’s small business cybersecurity webpage introduces suppliers to these standards and provides a list of helpful resources for meeting them. In particular, the DoD has focused much of its attention on its small-business-focused Project Spectrum – a “comprehensive platform to provide the tools and training needed to increase cybersecurity awareness and maintain compliance in accordance with DoD contracting requirements.” 

General Cybersecurity Resources for Public and Private Organizations

The following list of practical and educational resources applies to a wide range of organizations. This list is just a small sample of aid currently offered by the federal government for those entities that are trying to prevent, respond to, or recover from a cyberattack. 

1. FBI IC3 Portal 

Organizations and individuals that believe that they have been the victim of an internet crime can file a complaint with the FBI through its online portal. If you’re not sure that your concern qualifies, read through their FAQs. If you believe that your business is under active attack, you should immediately contact local law enforcement and an IT cybersecurity professional as well. 

2. NIST Guidelines

As the federal institution unambiguously tasked to define best practices and guidance for a wide variety of technical industries, we should not be surprised to find that it possesses a wealth of cybersecurity resources. The NIST Cybersecurity and Privacy Vitals Fact Sheet rounds-up a variety of practical links organized by industry. Organizations that want to learn how to apply NIST standards to their particular corner of the market should visit the NIST Cybersecurity Center of Excellence page for extensive guidance. 

3. CISA’s Resource Page 

As the country’s dedicated cybersecurity agency, CISA provides a large variety of resources to organizations. 

• Tabletop Exercise Packages increase the resilience of organizations by providing useful tools for them to use to conduct planning exercises for different types of cybersecurity threats. 
• Vulnerability Scanning provides organizations with a weekly vulnerability report for their networks. 
• The CISA Gateway is the one-stop shop for Protected Critical Infrastructure Information certified organizations to access extensive tools and training. 

Although not all CISA services are available to all organizations (some are limited only to critical infrastructure), the public can access many of them. 

4. CIO Policy and Priority Page 

To keep tabs on what the top CIOs in the national government have identified as their highest priorities, peruse the CIO Council’s Policy and Priority Catalog. Much of this content is technical or policy-related in nature.   

5. Funding to improve cybersecurity for state, local, tribal, and territorial governments (SLTTs)

Through CISA, a total of $1 billion are being made available from FY 2022 until FY 2025 to SLTTs through the State and Local Cybersecurity Program. Potential applicants can apply for funding through their respective state governments. For those of you operating in Missouri, you can visit this site to see if the opportunity is currently open for this fiscal year. 

Recommended Resources 

If you are interested in taking advantage of the free cybersecurity resources offered by the government, but are not sure where to start—let us recommend the following. 

1. To research a specific topic: NIST Topical Guidance 
2. To learn how to put your house (or business!) in order: CISA’s Small Business Guidance 
3. To walk your team through how to respond to threats: CISA’s Tabletop Exercises 
4. To report a cybercrime to the FBI: IC3 Portal 
5. To determine how to outsource your cybersecurity needs: NIST—Choosing a Cybersecurity Provider 

We sincerely hope that these links are helpful to you and your team as you take on the cybersecurity challenge. As always, feel free to reach out to us if you need any additional recommendations or assistance with your cybersecurity or other IT needs.