The Cybersecurity and Infrastructure Security Agency (CISA) published a cybersecurity action plan and resource guide for small organizations that may not have the maturity or financial resources of larger firms. In the guide, CISA lays out an action plan informed by the way cyber attacks actually happen. According to CISA, “we break the tasks down by role, starting with the CEO. We then detail tasks for a Security Program Manager, and the Information Technology (IT) team. While following this advice is not a guarantee you will never have a security incident, it does lay the groundwork for building an effective security program.” To achieve the highest security posture, the action plan discusses the merits of on-premises IT infrastructure versus in the cloud, how to secure endpoints, and implementing multi-factor authentication. Finally, additional free resources such as CISA’s StopRansomware.gov are provided. Read more at CISA.