September 27, 2021

Volume XI, Number 270


September 27, 2021

Subscribe to Latest Legal News and Analysis

CISA Releases “Cyber Essentials” to Assist Small Businesses Updated

On November 6, 2019, the Department of Homeland Security (“DHS”), Cybersecurity & Infrastructure Security Agency (“CISA”) released its Cyber Essentials guide. Consistent with the NIST Cybersecurity Framework, these Cyber Essentials provide “a starting point to cyber readiness,” and are specifically aimed at small businesses and local government agencies that may have fewer resources to dedicate to cybersecurity.

The guide suggests a holistic approach for managing cyber risks, and is broken down into six “Essential Elements of a Culture of Cyber Readiness,” specifically:

  • Yourself – driving awareness, strategy, and investment to build and sustain a culture of cybersecurity.

  • Your Staff – developing awareness and vigilance because your staff is often the first line of defense.

  • Your Systems – protecting your information and critical assets and applications.

  • Your Surroundings – limiting access to your digital environment.

  • Your Data – having a contingency plan to recover systems, networks, and data from trusted backups.

  • Your Actions Under Stress – planning and conducting drills for cyberattacks to bolster readiness to respond, limit damage, and restore operations in the event of an attack.

The final section of the guide provides a list of steps that small businesses can take immediately to increase organizational preparedness against cyber risks. These include backing up data (automatically and continuously), implementing multi-factor authentication (particularly for privileged, administrative, and remote access users), enabling automatic updates, and deploying patches quickly.

CISA’s Cyber Essentials guide is just the most recent example of a user-friendly resource aimed at assisting small businesses seeking lower-cost cybersecurity solutions. Recognizing that investing in cybersecurity may be difficult for some small businesses, Government agencies are making an effort to help small businesses understand the importance of cybersecurity.

For example, the U.S. Small Business Administration (“SBA”) has a page dedicated to providing information and resources for small business cybersecurity. It outlines common threats, risk assessment, and cybersecurity best practices. It also provides a list of upcoming training and events related to small business cybersecurity. Other entities, including the National Institute of Standards and Technology, the Federal Trade Commission, and the Federal Communications Commission also provide similar resources specifically tailored to small businesses.

The main takeaway here is that all organizations – regardless of size or resources – should take basic steps to improve their cybersecurity resilience

Co-author Nikole Snyder is a Law Clerk in the firm’s Washington, D.C. office.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume IX, Number 329

About this Author

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...

Townsend Bourne, Government Affairs Attorney, Sheppard Mullin Law FIrm

Ms. Bourne's practice focuses on Government Contracts law and litigation. Her experience includes complex litigation in connection with the False Claims Act, bid protest actions both challenging and defending agency decisions on contract awards before the Government Accountability Office and Court of Federal Claims, claims litigation before the Armed Services Board of Contract Appeals and the Civilian Board of Contract Appeals, investigating and preparing contractor claims, and conducting internal investigations. 

Ms. Bourne advises clients on a...