Small Business Data/Cyber Protection Awareness
Cybersecurity Guidance For Small Businesses
As consultants, your task is to help small businesses expect the unexpected, and with an increasing number of cyberattacks and data breaches in today's environment cybersecurity is yet another topic we must train on. These daily attacks can have significant financial consequences and disrupt business operations. To empower our fellow consultants and support them in guiding their clients, America's SBDC has created the North Star cybersecurity program.
North Star represents the collective efforts of America's SBDC network to mitigate cyber threats facing small businesses. This initiative aligns with various frameworks, including the DoD Cybersecurity Maturity Model Certification (CMMC 2.0), NIST, CIS, and others, providing both awareness and guidance. Its primary aim is to provide structure to the complex field of cybersecurity, aiding consultants in their efforts to support small businesses.
North Star has developed a wide array of cybersecurity resources that cover various topics, facilitating consultants in navigating this sometimes intricate subject matter with their clients. In addition to our resources, we've collaborated with partner organizations that have created their materials, further expanding the support available to you. Together, we're committed to assisting consultants like you in helping small businesses maintain security against the growing threat of cyberattacks.
How The Program Can Help?
The North Star program has been carefully crafted to lend support to our fellow SBDCs. It offers additional tools and resources for those who already have cybersecurity programs in place, while also providing a turnkey solution for those venturing into the realm of cybersecurity for the first time.
Below is a comprehensive list of resources at your disposal, ready to be utilized by your SBDC in any way that suits your needs. However, we recognize that not all of us are cybersecurity experts, and it's not as simple as grabbing a presentation and delivering it. That's where the North Star Cybersecurity Taskforce comes into play. We are a team of fellow consultants who have contributed to the creation of all the content you find here, and we're eager to offer our assistance to your SBDC.
Our support comes in various forms, including training for both clients and consultants on the materials provided here. We can also organize webinars and rovide expert speakers for events hosted at your SBDC. If at any point you find the cybersecurity requirements overwhelming and need guidance, please don't hesitate to reach out to us. We're here to assist you in any way we can. Your success in enhancing cybersecurity is our shared goal.
North Star Toolkit For SBDCs
Helpful Guides
Presentations
Powerpoints available upon request
- Mobile Device Security
- Basic Cybersecurity Awareness
- You’ve Been Hacked, Now What?
- E-commerce & Data Protection
- Cybersecurity For Digital Growth
- Fraud & Cyber Protection ($500 or less)
- Cyber Hygiene, Tech Check Ups
- Cybersecurity Basics For Consultants
- Password Security
North Star Certification
The North Star program introduces a certification course to align with the new Notice of Funding Opportunity (NOFO) requirement for all SBDCs. This course focuses on fundamental cybersecurity principles, ensuring that consultants are well-prepared to engage in knowledgeable discussions with their clients.
To earn this certification, consultants must complete a total of four (4) hours of training, all of which must be approved by the North Star Program. This can be accomplished through several avenues:
- Attending North Star presentations: Consultants can fulfill part of their training requirements by attending at least two North Star presentations at the annual America's SBDC Conference.
-Watching North Star recorded content: Consultants can also watch a combination of North Star's recorded content.
Participating in the SBA Cyber Summit: Attendance at the SBA Cyber Summit is another way to meet the training requirements.
- Third-party cybersecurity training: Consultants can opt for a four (4) hour or longer cybersecurity training session from a third-party, provided that it is pre-approved by North Star (prior approval is advisable).
In addition to these training requirements, consultants will need to pass an online cybersecurity basics exam. Upon successful completion of the exam, they will receive their certificate of completion, satisfying the NOFO requirement.
The number of certified consultants your state needs depends on your lead center's employee count. However, certification doesn't have to be limited to someone in the lead center; it can be anyone in your network who expresses interest. It's essential to note that this certification is an annual requirement because the cybersecurity landscape evolves rapidly. This year, all content and exams are offered for free, but this may not be the standard in subsequent years.
For those seeking a more challenging certification, exploring third-party options is possible, as long as they meet the same requirements mentioned above. If you have any doubts about whether a third-party certification will be accepted, please don't hesitate to contact us for clarification.
Cyber Video Library
You've Been Hacked, Now What?
Cybersecurity in Plain Language for Very Small and Rural Businesses
Simple Solutions to Common Cyber Threats
eCommerce & Data Protection
Cyber Basics: Updates
Cyber Basics: Antivirus Software
Cyber Basics: Passwords
Cyber Basics: Backups
Cyber Basics: Phishing
North Star Program Leads
Your security and privacy are important to us, and we're committed to providing top-notch support to help you stay protected.
Earl Gregorich
BA, (USAF 1985-1989), Author
Area Manager & Business Consultant
Greenville Area SBDC
Jacob Blacksten
Digital Solutions Manager
Delaware SBDC
Looking for resources for your clients?
Visit our client resources page
Additional Resources
The Small Business Administration (SBA) is a government agency that provides assistance to small businesses in the form of loans, grants, and counseling services. It also helps to navigate the federal contracting process and provides disaster relief assistance. The SBA's mission is to help small businesses start, grow, and succeed in today's competitive marketplace.
The National Cybersecurity Alliance (NCA) is a non-profit organization that aims to promote cybersecurity awareness and education. Collaborates with various stakeholders across government, industry, and civil society to create and implement cybersecurity education and awareness programs. These programs empower users at home, work, and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online.
The Federal Trade Commission (FTC) is a federal agency that enforces antitrust laws and protects consumers from unfair and deceptive conduct by businesses. The agency has the authority to investigate and prosecute companies that engage in unfair or deceptive practices, such as false advertising, pyramid schemes, and identity theft. The agency provides a variety of resources for consumers, including information on how to avoid scams, file complaints, and protect their privacy online.
The Department of Homeland Security (DHS) is a federal executive department of the United States government. It was established in 2002, in response to the September 11 attacks, with the primary mission of preventing terrorist attacks within the United States and reducing the vulnerability of the United States to terrorism. The DHS is responsible for a wide range of activities, including border security, immigration enforcement, cybersecurity, disaster preparedness and response, and counterterrorism.
The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce. Their mission is to promote U.S. innovation and industrial competitiveness by enhancing economic security and improving our quality of life. NIST’s work ranges from supporting the smallest of technologies to the largest and most complex of human-made creations. They provide a portfolio of services for measurements, standards, and legal metrology that ensure measurement traceability, enable quality assurance, and harmonize documentary standards and regulatory practices.