Getting Started for Small Businesses
The full NIST 800-171 set of controls can be daunting to some small businesses that do not yet have a mature security program. The following resources provide guidance and priorities for basic security controls.
NIST provides a popular report "Small Business Information Security: The Fundamentals" (NIST Interagency Report, NISTIR 7621R1). The report is designed for small business owners with little cybersecurity expertise and provides basic steps needed to help protect their information systems.
For the UK small businesses, the gov.uk site provides “Guidance Cyber Security: Advice for Small Businesses”. This guidance explains the threat from cyber-attack and shows how you can protect your business.