Resource Hub

A central federal hub for small-business cybersecurity guidance, services, and practical next steps.

Use this as the first stop when you want plain-language guidance and free government resources.

A short, actionable checklist-style guide covering passwords, updates, backups, encryption, and response planning.

Good for turning cybersecurity from a vague concern into a simple punch list.

NIST resources built for small organizations that need cybersecurity guidance without enterprise complexity.

Best when you want a trusted framework, but need it translated into small-business terms.

Business-focused guidance on phishing, ransomware, email security, vendors, physical security, and breach response.

Helpful for owners because it connects cybersecurity to real business risk, customer data, and compliance.

Small Business Administration guidance on basic cyber hygiene, training, risk assessment, and response planning.

A useful owner-level overview before choosing tools or paying for services.

The FBI portal for reporting cybercrime, business email compromise, ransomware, and online fraud.

Bookmark this before there is an incident. Reporting is easier when the link is already in the response plan.

A federal reporting path for cyber incidents, vulnerabilities, phishing, malware, and other suspicious activity.

Use this alongside internal notes, screenshots, timestamps, and affected systems during an incident.

Business-focused steps for securing operations, fixing vulnerabilities, and communicating after a data breach.

Good reference for the first 24-48 hours after a suspected exposure of customer or employee data.

Free training, exercises, and awareness resources for building better security habits.

Use these materials for short staff refreshers instead of trying to create training from scratch.

Microsoft security documentation for accounts, identity, devices, Microsoft 365, and cloud services.

Most useful if the business already runs Microsoft 365 and needs help finding built-in security settings.

A free service for checking whether an email address appears in known breach data.

Check owner, admin, bookkeeping, and shared inboxes. If one appears, change the password and turn on MFA.

Security information and admin features for businesses using Google Workspace.

Use this to review built-in protections before buying extra tools.

Microsoft 365 security features for email, identities, devices, and cloud apps.

Useful for understanding what protection may already be included in a business subscription.

A federal catalog of vulnerabilities that attackers are actively known to exploit.

Use this to prioritize urgent updates when everything feels important.

Microsoft security update guidance, advisories, and vulnerability information.

Important for businesses that rely on Windows, Microsoft 365, Office, or Azure.

Apple security update notes for macOS, iOS, iPadOS, Safari, and related products.

Bookmark this if Macs, iPhones, or iPads are used for business email or customer data.

Official Chrome release notes, including security fixes and emergency browser updates.

Browser updates matter because many attacks start with links, downloads, and web apps.

Network monitoring software with a free tier that can help watch availability and device health.

Useful once a business has more than a few network devices and needs basic visibility.

Open-source infrastructure monitoring for systems, services, and network checks.

Powerful but more technical. Best when someone is comfortable maintaining it.

A local inventory tool that reports installed software, missing updates, and system details.

Good for a small one-time inventory when a business does not know what is installed.

Open-source firewall software for routing, firewall rules, VPN, and network segmentation.

Strong option for technical teams or managed setups, but it needs the right hardware and care.

Small-business-friendly networking gear for Wi-Fi, switches, gateways, and management.

Useful when a small office needs cleaner Wi-Fi, guest networks, and basic segmentation.

A planning tool for building a basic cybersecurity plan around business needs.

Helpful for owners who need a written plan but do not know where to start.

A free scanner that grades SSL/TLS configuration for a public website.

Run it after launching a site or changing hosting. Aim for an A grade and fix certificate warnings quickly.

A free website security scanner focused on headers, HTTPS, and browser-facing protections.

Good for spotting missing security headers that many small-business sites never check.

A free external scan for known malware, blocklist status, and common website security issues.

Helpful for WordPress and brochure sites, especially after suspicious redirects or strange search results.

A tool for finding mixed-content problems that stop a page from showing as fully secure.

Use this when a site has HTTPS but the browser still shows a warning or broken lock indicator.

Free, automated SSL/TLS certificates for websites and web services.

A practical option for basic sites when the hosting provider supports automatic renewal.