CISA Releases “Cyber Essentials” to Assist Small Businesses
The Department of Homeland Security Cybersecurity & Infrastructure Security Agency recently released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate to cybersecurity. The guide suggests a holistic approach for managing cyber risks, and is broken down into six “Essential Elements of a Culture of Cyber Readiness:” (1) Yourself; (2) Your Staff; (3) Your Systems; (4) Your Surroundings; (5) Your Data; and (6) Your Actions Under Stress. The final section of the guide provides a list of steps that can be taken immediately to increase organizational preparedness against cyber risks. These include backing up data, implementing multi-factor authentication, enabling automatic updates, and deploying patches quickly.
CISA’s Cyber Essentials guide is just the latest government resource for small businesses on cybersecurity. The U.S. Small Business Administration has a page dedicated to providing information and resources for small business cybersecurity. Also, the National Institute of Standards and Technology, the Federal Trade Commission, and the Federal Communications Commission provide cybersecurity resources specifically tailored to small businesses.
Putting it into Practice: Companies can look to CISA’s Cyber Essentials guide and other government resources to take basic steps to improve their cybersecurity resilience.
*Nikole Snyder is a law clerk in Sheppard Mullin’s Washington, D.C. office.