Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, recently laid out four steps small and medium businesses should take to protect their organizations from ransomware attacks and improve their cybersecurity posture, the first being the need for SMB leaders to discuss cybersecurity with direct reports.
“If you have regular email communications to staff, include updates on security program initiatives. When you set quarterly goals with your leadership team, include meaningful security objectives that are aligned with business goals,” Goldstein wrote in a blog post published Tuesday.
He called on SMBs with on-premises systems to transition to cloud-based platforms and enable multifactor authentication for all services and accounts.
Another step these businesses should take, according to Goldstein, is to seek the assistance of their local CISA cybersecurity advisers when it comes to Cybersecurity Performance Goal assessments.
“These assessments are designed to assist organizations of any size identify areas for near term improvement prioritized by Cost, Impact, and Complexity,” Goldstein noted.
The CISA executive also highlighted the need to transition to a “model in which technology products are safe and secure by design and default” to help advance cybersecurity for such businesses.