Michael McCarthy, CISA Region 1 External Affairs
At the Cybersecurity and Infrastructure Security Agency (CISA), we understand that businesses across New Hampshire face unique challenges when dealing with cyber risks such as ransomware. Everyone wants the best protection, but money can be an issue, especially for small and medium-sized businesses with smaller operating budgets and fewer IT staff than larger enterprises.
But in today's connected world, business leaders must recognize cyber risk as a core business risk, just as important as the financial, regulatory, and competitive risks they face.How 83% of companiesThe question is not if a data breach will occur, but when.
The best thing a small business can do to strengthen the cybersecurity of their business is to get the basics right.
The fundamentals of cybersecurity remain fundamental, and the foundations of good security are the same no matter the size or mission of your organization.
CISA Cyber Essentials This is a starting point for small businesses to understand and address cybersecurity risks like any other risk. Developed in partnership with small businesses, state and local governments, Cyber Essentials is designed to provide small organizations with basic steps and resources to improve their cybersecurity.
Here are some simple steps you and your business can take today To improve your cybersecurity posture:
Tip 1: Practice good cyber hygiene
- Establish and enforce strong password requirements for all users and require multi-factor authentication (MFA) for all remote users and users with administrative access.
- Enable automatic software updates if possible. If automatic updates are unavailable or impractical, prioritize updating applications that are accessible via the Internet.
- Consider using a managed security provider (MSP) for many security services. Consider using a cloud service provider (CSP) to host your organization's data, applications, and services. In particular, consider using Software-as-a-Service providers for email and workplace productivity solutions, such as Google Workspace and Microsoft Office365.
Tip 2: Train your staff
- Avoid phishing scams by educating your employees about thinking before they click. More than 90% of successful cyberattacks start with a phishing email.
- Ensure you have the resources to identify and quickly assess unexpected or anomalous network behavior, whether through your MSP or your organization's own personal devices.
Tip 3: Be prepared to respond if an incident occurs
- Ensure availability of key personnel. Identify methods to provide surge support in response to incidents.
- Develop a cyber incident response plan and conduct exercises to ensure employees understand their role in the event of an incident.
- Be sure to back up important data. Test your backup procedures to ensure that important data can be quickly restored and that backups are isolated from network connections.
Tip 4: Read and use CISA's free cybersecurity resources
CISA offers several free resources for organizations and businesses looking to improve their cybersecurity practices. Here are a few:
- What CISA offers guidance About important risk management considerations.
- If you're adopting cloud services, check out what CISA says guidance About cloud security.
- CISA Cyber essentials guide We help small business owners and leaders who are just beginning their journey to implement cybersecurity practices into their organizations.
- Please check and use the list of Free cybersecurity tools and services — A living repository that houses cybersecurity services provided by CISA, widely used open source tools, and free tools and services provided by private and public sector organizations across the cybersecurity community.
- We also recommend that you follow 4 things you can do to stay cyber safe tips, read bad habit Please avoid. Cyber hygiene service.
- Finally, small business owners National Cyber Awareness System Ensure your business has access to timely information on security topics and threats.
Ransomware and cyberattacks are on the rise among small and medium-sized businesses, but the good news is that you can take action. now This is to avoid becoming a victim in the first place and to reduce the impact if an incident occurs.
For more information, visit CISA's Small Business webpage. www.cisa.gov/small-business — This includes specialized information and resources.
At the end of the day, we are committed to working with the business community to provide them with the information they need to keep their networks secure. CISA's community-based advisors are located throughout New England and work directly with your state, so we encourage you to contact us for assistance. contact: CISAregion1@cisa.dhs.gov
