On November 6, 2019, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) announced the release of its Cyber Essentials document, which contains a list of six actionable items for leaders and IT professionals to take to reduce cyber risk. These are:
- Drive cybersecurity strategy, investment, and culture;
- Develop heightened level of security awareness and vigilance;
- Protect critical assets and applications;
- Ensure only those who belong on your digital workplace have access;
- Make backups and avoid loss of info critical to operations; and
- Limit damage and restore normal operations quickly.
These actions are intended to be a starting point for anyone to understand and address cybersecurity risk as they do other risks. They were developed in collaboration with small businesses and state and local governments and aim to equip smaller organizations that historically have not been a part of the national dialogue on cybersecurity with basic steps and resources to improve their cybersecurity.
“When it comes to collective defense, we are only as strong as our weakest link, which is why CISA is committed to raising the bar in cybersecurity across all companies and government, regardless of their size,” said CISA Director Christopher Krebs. “Cyber Essentials are designed for those small businesses and local governments who don’t have abundant resources – where the CEO is also the chief information officer, head of marketing and HR – who are looking for where to start. This is a set of cybersecurity practices that are easy to adopt and understand and together constitute ‘the basics.’”