Cybersecurity Basics

Cybersecurity is a continuous process. Because your business, technologies, regulations/laws, and cybersecurity threats continue to change, your goal should be to always strive for continuous improvement in your cybersecurity risk management.

There are many ways you can improve your business’ cybersecurity. Here are a few basic steps to get you started:

• Understand that cyber threats are a business risk, and having strong cybersecurity is a competitive advantage.
• Require employees to enable multi-factor authentication (MFA), particularly phishing-resistant MFA, on all accounts that offer it.
• Require strong passwords and consider using a password manager.
• Regularly back up your data. Establish measures to protect and test your backups.
• Change default manufacturer passwords to ones that are unique to you.
• Install and maintain updated antivirus software.
• Update and patch all software when new versions are available.
• Learn how to protect your business from phishing.
• Train employees on basic cybersecurity hygiene.

Additional Resources:

Cybersecurity Framework 2.0 Small Business Quick Start Guide - provides small-to-medium sized businesses (SMB), specifically those who have modest or no cybersecurity plans in place, with considerations to kick-start their cybersecurity risk management strategy using the NIST Cybersecurity Framework (CSF) 2.0.
NIST

Cybersecurity Essentials Toolkit - a set of modules designed to break down the CISA Cyber Essentials into bite-sized actions for IT and C-suite leadership to work toward full implementation of each Cyber Essential. 
Cybersecurity and Infrastructure Security Agency

Questions Every CEO Should Ask About Cyber Risks – a guide for CEOs on how to discuss cybersecurity risk management topics with their leadership and implement cybersecurity best practices
Department of Homeland Security