Cybersecurity Guidance for Small Firms


Cybersecurity Guidance for Small Firms

As small businesses become increasingly dependent on services and applications that connect to the internet, they also become a larger target for cybercriminals looking to exploit vulnerabilities to steal money and information as well possibly destroy data and disrupt operations.  As a result, it is crucial for small financial firms to take proper cybersecurity measures – to protect their customers, their firm, their partners and the markets they operate within.  This resource page is intended to provide information applicable to small firms and supportive of their overall business model to increase their security and ensure the protection of their customers.

View SIFMA’s Guidance for Small Firms: How Small Firms Can Protect Their Business

NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has created a method called the Cybersecurity Framework for firms of all sizes to improve their cyber protections. This framework was the result of a collaborative effort between NIST and leading industry professionals and companies, including SIFMA. The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk.

Drawing upon the cybersecurity framework, as well as other industry and government resources, SIFMA has composed a guidebook and checklist tailored to small firms. While the NIST Cybersecurity Framework organizes existing standards and provides an excellent holistic approach, this guidebook and checklist provide actionable and prescriptive guidance for small businesses seeking to implement or improve their cybersecurity.

Small Firm Cybersecurity Checklist

small firms action list

Additional Resources

Future Releases

Cybersecurity is an area of active risk management both for firms and the sector.  SIFMA will continue to research and explore the topic as it relates to small firms.  Please look for upcoming releases on the following topics.

  • Establishing a Cyber Incident Response Plan
  • Consuming and Analyzing Cyber Threat Information
  • Getting more familiar with the NIST-Cybersecurity Framework
  • Small Firms Cyber Table Top Exercise (Tentative Fall 2014)

SIFMA welcomes input on additional discussion topics that you feel will help improve cybersecurity of your firm or the sector more generally. Please submit requests to Thomas Wagner.