CISA resources and three key steps to protect from cyberattacks

The country’s economic strength is grounded in small business. Not surprising when you consider that, according to the Small Business Administration, approximately 99.9% of all businesses in the United States have fewer than 500 employees.

Of course, smaller organizations’ budgets and staffing are often stretched thin, leaving them vulnerable to attacks. Recognizing the importance of helping to keep American businesses protected from threats, the Department of Homeland Security established the Cybersecurity & Infrastructure Security Agency (CISA), in 2018. CISA’s mission is to enhance the security, resilience, and reliability of the nation’s cyber and physical infrastructure.

The organization has a deep appreciation for importance of small and mid-sized businesses, and a clear understanding of the unique vulnerabilities they face. (According to Forbes, smaller businesses are three times more likely to be the victims of a cyberattack. Additionally, the FBI’s Internet Crime Report shows the total cost of cybercrimes on smaller businesses reached $2.4 billion in 2021.)

The first steps toward staying protected

CISA has set out three key steps any business can take to boost their protection from cyberattacks.

• Step 1: Talk to the entire organization about cybersecurity. Provide updates on security initiatives and set security goals that are aligned with business goals. Frequent communication keeps best practices top of mind and makes security an everyday activity.
• Step 2: Take the burden off of your company by eliminating all services hosted in your office - also known as “on premises” or “on prem” services. Few small businesses have the time, budget, and expertise to keep on-prem mail and file storage services secure. Instead, migrate these services to secure cloud versions, such as Microsoft 365.
• Step 3: Enable multifactor authentication (MFA) for all accounts and services. MFA requires two or more authenticators – such as a password and a single-use code – before granting access to an account or service. With MFA, even if a password becomes compromised, an unauthorized user won’t be able to obtain the second authentication requirement.

Calling on big businesses to step up

CISA understands that under-resourced organizations can’t secure themselves without help. The National Cybersecurity Strategy calls for a re-balancing of responsibility, in which those most equipped (think large corporations) should take on most of the burden of cybersecurity and take steps to drive change and innovation that reduce risk. The aim is to shift the responsibility of security away from small organizations, toward the producers of the technology and products that increasingly run our digital lives. 

As CISA explains, “SMBs should be expected to take the fewest number of cybersecurity steps possible and rely upon those with the resources and expertise to bear the weight of the cybersecurity burden.” 

Taking the pledge

The Secure by Design pledge is another testament to the breadth of CISA’s commitment to smaller businesses. Designed to build on existing technology best practices, including the NIST cybersecurity framework, the Secure by Design pledge encourages all software designers and manufacturers to make a good-faith effort to work toward seven goals. These include increasing the use of multi-factor authentication, reducing the use of default passwords, and increasing the installation of security patches by end users.

Participants are asked to publicly document how they’ve made progress toward each goal every year. They’re also encouraged to document the challenges they faced in areas where they haven’t made progress. Putting everything in writing for the entire industry to access enables others to learn what’s working, what’s not, and how to move forward effectively.

As CISA director Jen Easterly explained, “Our goal for the entire community is to shift the security burden from individuals and small businesses – in other words, end users whose business is not a technology development effort or cyber security – to technology manufacturers whose business it is, and who are in the best position to address and manage security risks from the start." 

Cybersecurity firm Huntress was one of the first 60 companies to join the pledge alongside some of the biggest names in tech. “We commend CISA on launching this important initiative and bringing together heavy hitters in technology to drive home the point that we have to build better software. We were thrilled to be in the inaugural pledge group and hope we inspire other vendors to follow our lead,” said Roger Koehler, Chief Information Security Officer for Huntress. 

Microsoft is a signatory, as well. Bret Arsenault, Corporate VP and Chief Cybersecurity Advisor explains, "Microsoft is delighted to join CISA’s Secure by Design pledge and other signatories to strengthen the cybersecurity and resilience of the ecosystem.  This builds on the ongoing public/private partnerships we believe drive systemic change and improvements globally.”

Help is out there. And there. And over there.

CISA’s commitment to the companies that drive our economy is expansive. Small and medium-sized businesses have access to a local CISA cybersecurity advisor who can help with a free Cybersecurity Performance Goal assessment.

The cybersecurity experts at CompassMSP are equally committed to helping smaller organizations stay secure. We’d be happy to discuss your own cybersecurity needs and explain how we can tailor a comprehensive security approach that’s aligned with your budget, and your goals. To learn more, please contact us here, or call 833-444-2677.

Register for the next CompassMSP Cybersecurity Webinar

You're invited to join us on July 25th at 1:00 PM EDT for "Protect: Securing Operations: Strengthening Foundations for Business Success," the third of a series of informative webinars. We'll discuss the current cybersecurity landscape, a roadmap to effective, holistic protection, and much more.