Cyber Essentials

CISA's Cyber Essentials is a guide for leaders of small businesses as well as leaders of small and local government agencies to develop an actionable understanding of where to start implementing organizational cybersecurity practices. Download the Cyber Essentials Starter Kit, the basics for building a culture of cyber readiness. For a deeper look and greater insight, check out the Cyber Essentials Toolkits, a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. Consistent with the NIST Cybersecurity Framework and other standards, the Cyber Essentials are the starting point to cyber readiness. Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements:

Yourself

You, as leader of your organization are an essential element of your organization's Culture of Cyber Readiness. Your task for this element is to drive cybersecurity strategy, investment and culture.

Actions For Leaders

Action to Take in Consultation with IT

To learn more about how you can drive cybersecurity strategy, investment and culture, explore the Cyber Essentials Toolkit on this element.

Your Staff

As users of your organization's digital equipment and systems, your staff are essential elements of your organization's Culture of Cyber Readiness. Your task for this element is to develop cybersecurity awareness and vigilance.

Actions For Leaders

Actions to Take in Consultation with IT

Your Systems

As the infrastructure that makes your organization operational, your systems are an essential element of your organization's Culture of Cyber Readiness. Your task for this element is to protect critical assets and applications.

Action For Leaders

Actions to Take in Consultation with IT

Your Surroundings

As your organization's digital workplace, this is an essential element of your organization's Culture of Cyber Readiness. Your task for this element is to ensure only those who belong on your digital workplace have access to it.

Actions to Take in Consultation with IT

Your Data

Your data, intellectual property, and other sensitive information is what your organization is built on. As such, it is an essential element of your organization's Culture of Cyber Readiness. Your task for this element is to make backups and avoid loss of information critical to operations.

Action For Leaders

Actions to Take in Consultation with IT

Your Crisis Response

As your strategy for responding to and recovering from compromise, this is an essential element of your organization's Culture of Cyber Readiness. Your task for this element is to limit damage and quicken restoration of normal operations.

Actions For Leaders

Action to Take in Consultation with IT

Booting Up: Things to Do First

Even before your organization has begun to adopt a Culture of Cyber Readiness, there are things you can begin doing today to make your organization more prepared against cyber risks.

Backup Data

Employ a backup solution that automatically and continuously backs up critical data and system configurations.

Multi-Factor Authentication

Require multi-factor authentication (MFA) for accessing your systems whenever possible. MFA should be required of all users, but start with privileged, administrative, and remote access users.

Patch &Update Management

Enable automatic updates whenever possible. Replace unsupported operating systems, applications and hardware. Test and deploy patches quickly.

Webinar

Head over to CISA's YouTube channel to learn about the Cyber Essentials. This introductory webinar provides an overview of foundational cybersecurity principles and simple measures to start applying to your business.

To access the webinar, click here.