Cyber incidents have surged among small businesses. Many don’t have the resources to defend against devastating attacks like ransomware. As a small business owner, you’ve likely come across security advice that is out of date or that doesn’t help prevent the most common compromises. This advice is different.

CISA offers a practical action plan that lays the groundwork for building an effective security program. Check out this high-level overview and CISA’s detailed online roadmap here:

https://www.cisa.gov/cyber-guidance-small-businesses

Role of the CEO – Cybersecurity is about culture as much as it is about technology. CEOs play a critical role by performing the following tasks:

1. Establish a culture of security.
2. Select and support a “Security Program Manager.”
3. Review and approve the Incident Response Plan.
4. Participate in tabletop exercise drills.
5. Support the IT leaders.

Role of the Security Program Manager – The Security Program Manager needs to drive the elements of the security program, inform the CEO of progress and roadblocks, and make recommendations. These are the Security Program Manager’s most important tasks:

1. Training.
2. Write and maintain the Incident Response Plan.
3. Host quarterly tabletop exercises.
4. Ensure MFA compliance.

Role for the IT Lead – The top tasks for the IT lead and staff include the following:

1. Ensure MFA is mandated using technical controls, not faith.
2. Enable MFA for all system administrator accounts.
3. Patch.
4. Perform and test backups.
5. Remove administrator privileges from user laptops.
6. Enable disk encryption for laptops.

There are, of course, many other IT tasks that add to a good security program. While CISA’s list is not exhaustive it does contain the top actions you can take that address the most common attacks.

Your Voice Communications need to be protected too. Make sure your systems are secure. Contact CTS today at 800.787.4848 or jnolte@ctsmd.us.