The six-year-old North Star Cybersecurity Certification Program, created by the Delaware Small Business Development Center (SBDC), is a comprehensive training program designed to equip SBDC business advisers and partners with the tools to help small businesses improve their cybersecurity awareness, co-founder Jake Blacksten said.
The SBDC is housed in the University of Delaware and supported by state and federal funding, but the certification program is now delivered through the national SBDC network, comprised of 1,200 centers nationwide. It is a no-cost training that has trained more than 235 advisers so far.
Blacksten said the hope is that the advisers go into their communities and have "genuine conversations" with small businesses there about protecting their systems. Many businesses seem to know the importance of cyber and have specific questions they'd like to ask experts.
Advisers also face practical constraints. With limited time to collaborate with clients, many have been hesitant to introduce complex topics like cybersecurity, which can take up an entire session. By basing the training on the National Institute of Standards and Technology Cybersecurity Framework, North Star provides a common language to approach cybersecurity while giving businesses actionable steps.
Small businesses, embedded in local communities, face growing cyber risks — including ransomware, credential theft and phishing — but lack the resources of larger firms. Their sheer numbers, and the fact that many are sole proprietorships, make them frequent targets.
In addition, cybersecurity is increasingly tied to practical requirements like insurance, Blacksten said. Insurers now often require businesses to assess their cyber practices before issuing coverage, making basic protections a business necessity. A cyber incident affecting a small business also has broader impacts, disrupting customers and employees. In some cases, it also draws on public-sector resources.
The U.S. Small Business Administration defines small businesses as those with up to 499 employees, but Blacksten said firms on the larger end of that range have dedicated cybersecurity support. It’s the smaller, “mom-and-pop” operations that are turning to small business advisers for help. If there are issues or more technical questions, consultants can reach out to other cyber specialists.
The capability to take this program national is in part due to a 2024 $350,000 cyber prize from the U.S. Small Business Administration as well as current in-kind support and endorsement.
The program advanced quickly. Advisers from 38 states and territories completed it in 2023. And this year, each of the nation’s SBDCs must have at least one person on their team certified through North Star. Many opt to train more, such as West Virginia’s 17 coaches who completed certifications in late 2025. There are more than 118,045 small businesses employing almost half of the workforce there.
“Cybersecurity is one of the many no-cost coaching service areas that [we] can assist our small business clients with throughout the life cycle of their business,” said Will Miller, West Virginia SBDC director, in a statement. “We felt it was important to give our coaches this opportunity ... because small businesses often face cybersecurity threats to their customers’ data, and we want our coaches to be properly equipped to offer support.”
