The Cybersecurity and Infrastructure Security Agency (CISA) released its Cyber Essentials, a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks.
Developed in collaboration with small businesses and state and local governments, Cyber Essentials aims to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity. Cyber Essentials includes two parts – guiding principles for leaders to develop a culture of security, and specific actions for leaders and their IT professionals to put that culture into action.
“When it comes to collective defense, we are only as strong as our weakest link, which is why CISA is committed to raising the bar in cybersecurity across all companies and government, regardless of their size,” said CISA Director Christopher Krebs. “Cyber Essentials are designed for those small businesses and local governments who don’t have abundant resources – where the CEO is also the chief information officer, head of marketing and HR – who are looking for where to start. This is a set of cybersecurity practices that are easy to adopt and understand and together constitute ‘the basics.’”
Each of the six Cyber Essentials includes a list of actionable items anyone can take to reduce cyber risks. These are:
- Drive cybersecurity strategy, investment, and culture;
- Develop heightened level of security awareness and vigilance;
- Protect critical assets and applications;
- Ensure only those who belong on your digital workplace have access;
- Make backups and avoid loss of info critical to operations; and
- Limit damage and restore normal operations quickly.