To help businesses who don’t have the resources of large companies, we present three books created specifically for small businesses. The first book, by Gary Hayslip, is divided into six sections and provides advice across a wide variety of topics. Included are checklists, action plans and advice from a security executive with decades of experience. Gary maintains a narrative in each chapter that doesn’t lose track of the reality that small businesses have both many of the same cybersecurity problems as their larger counterpart but a host of additional challenges, including the maturity of the organization and the difficulty of focusing the management team on issues that aren’t immediate operational imperatives.

The second book, by Alan B. Watkins, provides a roadmap for small businesses who need to create a formal program and has been updated for CIS Controls (R) version 8. Whether the program is required by insurers, regulators, investors or as a blueprint for addressing risks to which the company is exposed, Alan walks through the process of creating the plan assuming a non-technical team approach accessible to all.

The third book, by Bill Bonney, is designed specifically for the smallest of companies. Very small companies, of 20 employees or less, rarely have a dedicated individual to handle security issues. It is the owner who needs to put in place the protections needed to keep the company safe. This book is jargon free and assumes there is a desire to do only what is absolutely necessary and prudent to avoid fraud and steer clear of regulatory issues.