Some of the organizations most essential to daily economic life – rural hospitals, schools, municipalities, local utilities and small businesses – are also the least equipped to defend themselves against cyberattacks, even as they hold troves of sensitive data. When these “target-rich, resource-poor” organizations are knocked offline, the disruption ripples outward to the businesses, workers and communities that rely on them. A growing “whole-of-state” movement is beginning to address these organizations’ weaknesses through community cyber defense programs that pair local cybersecurity talent with the entities that need it most. In this guest article, Grace Menna, senior fellow of public interest cybersecurity at UC Berkeley Center for Long-Term Cybersecurity, explains how these programs work, why the resilience of smaller organizations is a business-continuity issue for the private sector, and the concrete, often low-cost, ways legal and compliance professionals can help, through pro bono counsel, technical volunteering, advocacy and funding, to strengthen the infrastructure on which their own operations depend. See “CISA and Chamber of Commerce Officials Discuss Cyber Essentials’ Six Pillars for Small Businesses” (Aug. 4, 2021).