Library Card Series: CISA Cyber Essentials Toolkits

In our weekly Library Card Series we highlight a selection from our resource library to help introduce the content to our industry partners.

In this week’s Library Card Series post we will be going over the Cybersecurity & Infrastructure Security Agency (CISA) Cyber Essentials Toolkits. The CISA Cyber Essentials Toolkits are a set of six modules which each focus on a “cyber essential”. The point of each cyber module is to prepare readers for cyber readiness through certain actions and procedures. Below are the six modules summarized into an easy to read list:

1. Yourself, The Leader- This module focuses on leading cyber readiness and security from the top. Some examples of leading the charge for cyber readiness in a workspace include leading investment in cybersecurity, determining how much of a business’ critical infrastructure is cyber based and IT focused, leading development of cybersecurity policies, and so on.
2. Your Staff- This module talks on how to educate employees and train employees on cyber readiness and vigilance. Some examples of staff training include leveraging basic cyber knowledge, creating an environment of awareness, learning about different kinds of cyber attacks such as phishing, and so forth.
3. Your Systems- This module focuses on securing and locating network assets and information. A few examples of securing systems include implementing secure configurations, learning what’s on your network, leveraging different automatic updates, removing unauthorized hardware and software, and so on.
4. Your Surroundings- This module speaks on ensuring only trusted personnel should have access to your digital workspace. Some examples of knowing who can access your digital networks consists of leveraging multi-factor authentication, learning who’s on your network, giving appropriate access and administrative positions, and so forth.
5. Your Data- This module focuses on ensuring safety of a business’ data and if the data is recoverable and secure. Some examples of keeping data safe and secure include learning what is happening on the network, domain name system protection, learning malware protection capabilities, establishing automated backups, and so on.
6. Your Crisis Response- This module focuses on responding and recovering from a cyber attack. Some examples of responding and recovering from a cyber attack consist of developing a response plan, developing a disaster recovery plan, knowing who to call amiss a crisis, communicating to stakeholders through an internal reporting structure, etc.

While the legal cannabis industry has dealt with physical security risks since its inception, cybersecurity risks are relatively new to the industry, and will only continue to grow as legalization and banking reform open up more doors for the industry to expand their services. This article on Cannabis Industry Journal discusses how Private-Sector led information sharing can help create a more resilient industry against cybersecurity attacks. The article includes a breakdown of various types of cyber attacks, as well as several case studies that are applicable to the cannabis industry. It is imperative that organizations prepare themselves for inevitable cybersecurity attacks by learning best practices, and educating staff in order to properly protect organizational assets.

Some tips for cyber essential preparedness:

• Read the CISA Cyber Essentials Toolkits
• Train staff on cybersecurity knowledge
• Lead the charge in implementing good cyber practices
• Back up all data
• Know all your personnel on your database
• Keep systems and assets in check
• Have a crisis plan

To find more valuable resources covering a wide variety of topics, visit the resource section of our website, and check back to our blog every Tuesday for our Library Card Series where we highlight different resources from the library.