top of page

NSBA PARTNER CIS | Accelerate Essential Cyber Hygiene for Your Small Business

Think you're too small to experience a cyber attack? That's not the case.


In fact, cyber threat actors (CTAs) are increasingly setting their sights on small businesses. If successful, their attack attempts can be devastating.


Fortunately, the Center for Internet Security released the "CIS Implementation Guide for Small- and Medium-Sized Enterprises." It's designed to help your small business rapidly adopt Implementation Group 1 (IG1), a subset of the CIS Critical Security Controls (CIS Controls). Let's examine how below.


The Impact of IG1


IG1 is one of three Implementation Groups of the CIS Controls. It's special because it lists fundamental steps that you can take to establish essential cyber hygiene. In doing so, you'll lay a foundation for defending against some of today's most common cyber attack vectors.

Implementing all of IG1 takes time, but by using the guide's methodology, you'll be able to work through most of the recommended actions within IG1. At that point, you can review which IG1 Safeguards you haven't yet implemented. You can then lay out a plan for enacting those IG1 Safeguards that will have the greatest impact on your small business.


3 Small Business Cybersecurity Challenges


As a small business owner, you may deal with the following cybersecurity challenges every day:


  1. Limited Resources: Your tight budget provides little room to invest in cybersecurity, leaving you exposed to exploitation attempts from cybercriminals.

  2. Lack of Expertise: You might not know what you need to effectively navigate the changing cyber threat landscape and mitigate related business risks.

  3. Insufficient Security Policies: You might lack comprehensive cybersecurity policies and procedures, which can result in inadequate access controls and other security weaknesses.

These challenges make it difficult to deal with threats like theft of information, password theft, phishing attacks, ransomware, natural disasters, instances of defacement, and downtime incidents.


The First Steps Toward Essential Cyber Hygiene


CIS's implementation guide gets you started on the path toward establishing essential cyber hygiene and implementing IG1. It does this by listing free and low-cost tools as well as procedures for improving your cybersecurity. It also recommends the following approach to help you prioritize your cybersecurity efforts while operating in the constraints listed above:


Phase 1 – Complete five inventory-related worksheets included in the guide:

  • Enterprise Asset Inventory Worksheet

  • Software Asset Inventory Worksheet

  • Data Inventory Worksheet

  • Service Provider Inventory Worksheet

  • Account Inventory Worksheet

Phase 2 – For each asset listed in your inventory, complete the Asset Protection Worksheet.


Phase 3 – For each account listed in your inventory, complete the Account Security Worksheet.


Phase 4 – For each asset, complete the Backup and Recovery Worksheet.


Phase 5 – Complete the Incident Response Worksheet.


Phase 6 – Verify that all employees have reviewed the Cyber Education Worksheet's training options.


Start Growing Your Cybersecurity Maturity


CIS's guide can help you strengthen your cybersecurity maturity while balancing limited resources and technical know-how. Your small business might be a target of cybercriminals. But you don't have to be a victim.


Ready to get prepared?



bottom of page