In our weekly Library Card Series we highlight a selection from our resource library to help introduce the content to our industry partners.
In this week’s Library Card Series we will be going over the Cybersecurity and Infrastructure Security Agency’s (CISA) Cyber Essentials Starter Kit which was published in the Spring of 2021. We will break down each chapter in a brief summary to give you an overview of what is included in the Cyber Essentials Starter Kit.
Preparing for cyber attacks is key. According to this article in MJBizDaily 59% of surveyed readers had not taken steps to prevent ransomware attacks. Ransomware attacks were up 150% from 2019-2020, and the amount victims paid to regain access to their files was up 300%.
The Leader’s Guide-
The opening section of the guide details why cyber readiness is essential for a leader of any organization. The emphasis here is building a culture of cyber readiness. CISA is trying to show how leading the charge in cybersecurity is beneficial for not only yourself, but everyone in your organization.
The IT Professionals Guide-
The section is meant to provide essential action for IT professional to help build and sustain a culture of cyber readiness. IT professionals have an important role in advising and supporting their leadership to understand the most significant cyber threats to the organization.
Toolkit 1: Yourself, The Leader-
In the first chapter of the guide, CISA focuses on the role of the leader. The leader’s essential role is to create a culture of cyber awareness in their business. Some tasks the leader should set out to accomplish are approaching cybersecurity as a business risk, investing in cyber training, and building a strong network.
Toolkit 2: Your Staff, The Users-
In the second section of the guide, CISA speaks on the role of the staff. The staff’s essential role is to be the first line of defense against cyber threats. Having knowledgable staff members means staff members who won’t accidentally compromise your organization to cyber threats. Some tasks of the staff are learning basic cyber training, taking advantage of cyber resources, and maintaining awareness of current cybersecurity threats. With phishing attacks and other threats aiming at all levels of the organization, all staff should be trained in good cybersecurity protocols, particularly those in frontline personnel who have less experience, but also access to company email and other systems.
Toolkit 3: Your Systems-
In the third section of the guide, CISA talks about organizational systems. It is vital to know what systems are a part of your network, what security measures are in place, and who has access to all your systems. System mapping is a huge factor in preparing for cyber threats. If you know who is on your systems all the time, knowing when systems become compromised are easier to spot. Some tasks in preparing systems are removing unsupported hardware/software, leveraging automatic updates, and implement security configurations on everything.
Toolkit 4: Your Surroundings-
In the fourth section of the guide, CISA explains why it is important to be aware of your surroundings. Limiting system access to those who essential personnel who need access is crucial. The access you grant employees, managers, and customers into your digital environment needs limits, just as those set in the physical work environment do (i.e., access to what’s “behind the counter” or business records). Setting approved access privileges and establishing your operational procedures requires knowing who operates on your technology and with what level of authorization and accountability. User and Access Management is a complex activity and there is no one size fits all solution. Adopt a strategy appropriate to your organization and leverage a staged approach. Some tasks in understanding your surroundings are learning who accesses your network, leveraging multi factor authentication for all personnel, as well as granting access and admin privileges on a need to know basis.
Toolkit 5: Your Data-
In the fifth section of the guide, CISA explains how to protect and secure your data. This requires an understanding of what kind of information is stored and transmitted on your network as well as which data is critical to day-to-day operations. Another key step in protecting your data is backing up all data so it can’t be lost forever in a cyber attack. Some tasks that should be taken in protecting data are learning what is happening on your network, learning that information resides on your network, learning malware protection capabilities, and leveraging protection via backups.
Toolkit 6: Your Crisis Response-
In the final section of the guide, CISA recommends developing a crisis response plan. The essential role of developing a crisis response plan is to be ready for a cyber attack to happen at any moment. Being prepared and trained for a cyber attack will make your organization ready to continue operations even if an entity conducts a cyber attack on your organization. Preparedness is key. Some tasks that should be taken in developing a good crisis response plan are prioritizing resources that must be protected first, learn who to call for help, and development of an internal reporting structure. The Cannabis Information Sharing & Analysis Organization (ISAO) can help organizations identify the best practices for mitigating and responding to cyber attacks.
Webinars and Training–
At the very end of the guide, further resources are given for extra training and knowledge provided by CISA. You can find these resources here.
To find more valuable resources covering a wide variety of topics, visit the resource section of our website, and check back to our blog every Tuesday for our Library Card Series where we highlight different resources from the library.