Skip to main content
Human ActuallyCyber basics

Learning materials

How this training was built

Small Business Cyber Starter Kit, a free Human Actually educational project, translates public cybersecurity guidance into plain-language scenarios and source-informed recommendations for small organizations. It is designed for educational training and practical next steps, not compliance certification, legal advice, or a guarantee of security.

How sources were used

Public sources are grouped by purpose (not as one long bibliography) to show how guidance translates into practical small-business scenarios and recommendations.

Risk management structure

  • NIST

    Cybersecurity Framework 2.0 Small Business Quick-Start Guide

    View source ↗

Role/action framing

  • CISA

    Cyber Essentials and Cyber Guidance for Small Businesses

    View source ↗

Practical small business safeguards

  • U.S. Federal Trade Commission

    Cybersecurity for Small Business

    View source ↗

  • Center for Internet Security

    CIS Controls v8 Implementation Group 1

    View source ↗

Payment and email compromise

International small organization guidance

  • UK National Cyber Security Centre

    Small Organisations Guide to Cyber Security

    View source ↗

  • ENISA

    Cybersecurity Guide for SMEs

    View source ↗

  • Canadian Centre for Cyber Security

    Baseline Cyber Security Controls for Small and Medium Organizations

    View source ↗

  • Australian Cyber Security Centre

    Small Business Cyber Security Guide

    View source ↗

Sector/regional caution layers

  • Internal Revenue Service

    Publication 4557: Safeguarding Taxpayer Data

    View source ↗

  • U.S. Department of Health & Human Services

    Security Rule Guidance Material

    View source ↗

  • European Data Protection Board

    Data Protection Guide for Small Business

    View source ↗

What this is

  • Educational training
  • Plain-language cyber basics
  • Source-informed scenarios
  • Role-based checklist
  • Certificate of completion

What this is not

  • Not legal advice
  • Not proof of regulatory or contractual requirements
  • Not professional cybersecurity consulting
  • Not a security audit
  • Not insurance guidance
  • Not a guarantee of security
  • Not affiliated with Microsoft or any employer

Privacy posture

This training does not require an account. Your selections, quiz answers, and certificate name are stored locally in your browser. It does not use confidential employer, customer, partner, or product information. Do not enter sensitive business, customer, client, patient, donor, employee, or financial information.

Limitations

This is educational training and cannot replace a full technical assessment, legal advice, or professional incident response. It is an independent Human Actually project and is not affiliated with Microsoft or any employer.