{"id":99081,"date":"2023-10-02T14:45:55","date_gmt":"2023-10-02T18:45:55","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=99081"},"modified":"2024-02-20T15:44:32","modified_gmt":"2024-02-20T20:44:32","slug":"cisa-cybersecurity-steps","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/cisa-cybersecurity-steps","title":{"rendered":"What Are CISA\u2019s 4 Steps to Cybersecurity and Why Are They Important?"},"content":{"rendered":"\n

October is Cybersecurity Awareness Month, and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is calling on all of us to \u201cSecure Our World,\u201d with a simple message that calls everyone to action \u201cto adopt ongoing cybersecurity habits and improved online safety behaviors.\u201d This month, the JumpCloud blog will focus on helping you empower everyone in your organization to do their part regarding cybersecurity. Tune in throughout the month for more cybersecurity content written specifically for IT professionals.<\/em><\/p>\n\n\n\n

For Cybersecurity Awareness Month this year, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) recommends 4 <\/a>simple<\/a> steps<\/a> that can make a big impact on your security posture. <\/p>\n\n\n\n

\n\n<\/figure>\n\n\n\n

These four steps are a great way to start building a strong foundation of cybersecurity. Through the month of October, we\u2019ll be sharing tips and tricks to implementing these steps as well as other foundational security measures. <\/p>\n\n\n\n

Let\u2019s dive into what these steps are, why they\u2019re important, and how you can implement them in your organization. <\/p>\n\n\n\n

What Are CISA\u2019s 4 Steps to Cybersecurity?<\/h2>\n\n\n\n

The following steps are part of a new CISA initiative to encourage cybersecurity and are the focus of Cybersecurity Awareness Month this year. <\/p>\n\n\n\n

    \n
  1. Use strong passwords and a password manager.<\/li>\n\n\n\n
  2. Turn on multi-factor authentication (MFA).<\/li>\n\n\n\n
  3. Recognize and report phishing. <\/li>\n\n\n\n
  4. Update software.<\/li>\n<\/ol>\n\n\n\n

    Note: These steps align with CISA\u2019s cross-sector cybersecurity performance goals<\/a>, which are a more thorough list of security best practices across sectors. These performance goals can act as great guidelines for building a security program<\/a>.<\/p>\n\n\n\n

    Why Are These Security Steps Important?<\/h2>\n\n\n\n

    Passwords Are No Longer a Reliable Security Standard<\/h3>\n\n\n\n

    It takes a lot to make a password secure. Password best practices<\/a> call for passwords that are long, complex, and unique, among other criteria. That\u2019s too much for the average user to remember, given the sheer number of accounts employees today need to do their work. When users are asked to memorize all these passwords, they end up writing passwords down, choosing easy-to-remember (and easy to guess) passwords, sharing them, and requesting resets often. Cutting corners with passwords can create inefficiencies and security vulnerabilities. <\/p>\n\n\n\n

    Password managers combat these issues by generating strong passwords and storing them securely, removing the need for users to create or memorize them. Many password managers include helpful security features like secure password sharing, reporting on password health, and storing and autofilling MFA.<\/p>\n\n\n\n

    The JumpCloud Password Manager<\/a> even stores passwords locally on endpoints rather than in the cloud. This segments and secures stored secrets, preventing them from being hacked in bulk or becoming a casualty in an attack on a server.<\/p>\n\n\n\n

    MFA Is Significantly More Secure Than Just a Password<\/h3>\n\n\n\n

    Multi-factor authentication (MFA) helps combat password vulnerabilities by adding an additional layer of verification. With MFA, a bad actor can\u2019t gain access to resources with just a compromised password \u2014 they\u2019d have to then hack an additional factor. Often, that additional factor is much harder to compromise than a traditional password, like a biometric or push notification to a mobile device.<\/p>\n\n\n\n

    When it comes to implementation, MFA should be turned on everywhere. As CISA advises<\/a>, \u201cEnable multifactor authentication on all your online accounts that offer it, especially email, social media, and financial accounts and use authentication apps or hardware tokens for added security.\u201d <\/p>\n\n\n\n

    In addition, don\u2019t underestimate the importance of training. Make sure all employees understand how to use MFA, and create a policy that requires all employees to use MFA. Turning off or circumventing the process negates any of the security benefits. <\/p>\n\n\n\n

    Finally, make sure your training program pays special attention to those with high-privilege accounts and those who support MFA enrollment and resets. These are some of the most vulnerable elements of MFA.<\/p>\n\n\n\n

    Software Exploitation Is All Too Common \u2014 and Easy to Prevent <\/h3>\n\n\n\n

    Software updates often contain patches for known vulnerabilities. Cybercriminals are constantly searching for and exploiting these vulnerabilities to gain unauthorized access to systems and data. By regularly updating software, organizations close these security holes, making it significantly harder for attackers to breach their systems. <\/p>\n\n\n\n

    CISA advises<\/a> to \u201cregularly check manually for updates if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date.\u201d The best way to ensure regular updates is with a patch manager. JumpCloud\u2019s patch manager<\/a> automates much of the patch management process with pre-built policies designed for each operating system.<\/p>\n\n\n\n

    Phishing Is Becoming More Prevalent and Convincing <\/h3>\n\n\n\n

    According to CISA<\/a>, \u201cphishing emails, texts, and calls are the number one way data gets compromised.\u201d <\/p>\n\n\n\n

    Phishing attacks are evolving<\/a> with increasing sophistication, employing tactics like spear-phishing and social engineering to target organizations more effectively. This makes employee awareness critical. Consider implementing ongoing training (quarterly is a great place to start) to ensure employees are aware of common phishing tactics, able to recognize them in emails, phone calls, MFA attempts, and other mediums, and equipped to report them correctly.<\/p>\n\n\n\n

    Start Securing Your SME <\/h2>\n\n\n\n

    Fortunately, CISA\u2019s four steps to cybersecurity are intended to be quick and easy to implement with a significant positive impact on security. <\/p>\n\n\n\n

    JumpCloud ensures security by unifying identities and devices to provide comprehensive, overarching security for small and medium-sized enterprises (SMEs). The following JumpCloud tools are quick wins when it comes to implementing CISA\u2019s four cybersecurity steps:<\/p>\n\n\n\n