“Bottoms up” is a good-natured toast or nudge to get one to finish their drink. The Cybersecurity and Infrastructure Security Agency (CISA) is introducing a good-natured nudge to get organizations to finish their resiliency called “Shields Up!”
You probably won’t find too many managed service provider (MSP) owners drinking and saying “Shields Up,” but the CISA’s Shields Up campaign is meant to get IT people and MSPs talking.
Awareness is key to protecting assets
Shields Up is a national initiative to enhance the cybersecurity posture of critical infrastructure organizations across the United States. The campaign provides various resources and guidance to help organizations protect their systems and data from cyberattacks.
“Awareness is key for almost anything related to cybersecurity, and Shields Up is a great tool for MSPs to use,” says Adam Short, a cybersecurity consultant in Austin, Texas.
CISA’s Shields Up initiative is designed to help organizations of all sizes and sectors protect their critical assets from cyberattacks. The Shields Up initiative provides recommendations, products, and resources to increase organizational vigilance and keep stakeholders informed about cybersecurity threats.
Another essential component is increasing awareness about the role of resiliency in cybersecurity, which is the ability to recover and adapt if a breach occurs.
“Resiliency is an acknowledgment that some cyberattacks will be successful, but it doesn’t have to be the end of a business. If it does, carefully planned resiliency can get you through and mitigate damage, and that is the goal behind Shields Up, reimagining life after a cybersecurity attack,” Short explains.
Some of CISA’s specific guidance for MSPs as part of the Shields Up campaign includes:
- Validate all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
- Ensure software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
- Confirm the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
- If the organization uses cloud services, ensure that IT personnel have reviewed and implemented the strong controls outlined in CISA’s guidance.
MSPs play a critical role
Short says that MSPs can play a critical role in helping their clients implement the Shields Up cybersecurity recommendations.
In addition to CISA’s recommendations and steps, Short has some specific ways of his own that MSPs can use the Shields Up campaign to benefit their clients.
“Educate clients about the Shields Up campaign and the importance of cybersecurity. I know this sounds so basic, but so much of cyber hygiene is bare basics,” Short advises, adding that awareness can be raised via email newsletters, blog posts, webinars, or in-person presentations.
Short also encourages MSPs to help clients identify and prioritize their critical assets. “MSPs can help clients identify their most vital assets and prioritize their protection. This can be done by conducting risk assessments and developing asset inventories,” he says.
“You’d be surprised some enterprises and even the MSPs that manage their IT don’t have an audit of all the assets of an organization; sometimes they are surprised to discover vulnerabilities,” Short emphasizes.
Employees must be educated and trained
Short explains that the government is using Shield Up to help raise awareness.
“The government is often limited in what they can do to help, but one thing that is effective is the use of their platform to raise awareness on a cybersecurity topic, and that is what Shields Up is,” Short explains.
He adds that other goals of the campaign include getting businesses to identify and prioritize critical assets. “Organizations need to identify their most critical assets and prioritize their protection,” Short says.
Shields Up is meant to help protect against ransomware and other destructive cyberattacks. “Organizations should implement measures to protect against ransomware and other destructive cyberattacks,” Short advises, adding that measures such as backing up data regularly and testing backup procedures are essential.
Shields Up is also pushing for the implantation of strong access controls. “Organizations should implement strong access controls to limit access to their systems and data,” Short stresses.
And lastly, Shields Up is urging organizations to secure networks and to educate and train employees.
“A knowledgeable, invested employee is worth far more than fancy software,” Short says.
Photo: jijomathaidesigners / Shutterstock
This post originally appeared on Smarter MSP.