3 Key Takeaways for your Business from the CISA Cross-Sector Cybersecurity Performance Goals

August 22, 2024

3 Key Takeaways for your Business from the CISA Cross-Sector Cybersecurity Performance Goals

 The CISA (Cybersecurity and Infrastructure Security Agency) has released its cross-sector Cybersecurity Performance Goals (CPGs), outlining the key areas that small and medium businesses need to focus on in order to secure their networks and data from hostile actors. These goals are intended to provide guidance for businesses looking to protect themselves from cyber threats and should be taken into consideration when developing and implementing cybersecurity strategies. Cyberattacks have been ramping up in scale and frequency, making defense more important than ever before.

One of the key goals outlined by CISA is the need for businesses to implement strong and effective identity and access management controls. This includes using multi-factor authentication to protect against unauthorized access and implementing strict policies for password management. A password manager is a good option if you have a lot of passwords, (we all do) but make sure you pick one with a good historical record. LastPass recently experienced a breach which we outlined in our last cybersecurity wrap up, so our current recommendation is 1Password. 

Another important goal is the need for businesses to regularly assess and prioritize their cybersecurity risks. This includes identifying and addressing vulnerabilities in systems and networks and implementing robust incident response plans to ensure that any potential breaches are quickly and effectively dealt with. A Security Operations Center is a good fit for running penetration tests and vulnerability scans, which our team can provide you with if your current IT team is overloaded.

CISA also emphasizes the importance of training and educating employees on cybersecurity best practices. This includes providing regular training on how to identify and avoid potential threats, as well as promoting a culture of security within the organization. In addition to cybersecurity training, iTecs can run phishing simulation tests to teach your staff the importance of email security. 

The CPGs provide a valuable roadmap for businesses looking to secure their networks and data from hostile actors. By implementing strong identity and access management controls, regularly assessing and prioritizing risks, and educating employees on cybersecurity best practices, businesses can significantly reduce their exposure to cyber threats and ensure the protection of their critical assets. These guidelines are meant to serve as a baseline and are therefore not comprehensive; a sophisticated attacker can work their way around them. That's where Managed Service Providers like iTecs can help. The CPGs are a wonderful foundation for your cybersecurity but without a dedicated team of professionals that keep up to date on the latest threats, you're still vulnerable to a breach.

iTecs offers customized solutions for your business that are tailored around the best practices for your industry. We have a large roster of clients from a variety of different trades that all agree we have given them the highest level of IT support and cybersecurity possible. Talk to one of our professionals today and secure your network tomorrow.

Latest posts

Claude vs ChatGPT Business Comparison
July 1, 2025

Claude vs ChatGPT Business Comparison

This in-depth comparison guide analyzes Anthropic's Claude and OpenAI's ChatGPT from a business perspective, helping enterprises make informed AI platform decisions. The article covers feature comparisons, pricing analysis, security considerations, industry-specific recommendations, and includes interactive tools like a decision framework and ROI calculator. Claude excels in analytical reasoning and compliance-heavy environments, while ChatGPT dominates in creative content and integrations. The guide provides practical implementation strategies and real-world scenarios to help businesses choose the platform that best aligns with their strategic objectives and operational requirements.
Meta and Yandex Betrayed User Trust: A Privacy Professional's Take
June 19, 2025

Meta and Yandex Betrayed User Trust: A Privacy Professional's Take

Meta and Yandex deliberately circumvented Android privacy protections through sophisticated tracking methods that collected detailed user data from millions of websites. Using techniques like "SDP munging," they created a web-to-app pipeline that defeated incognito mode, cookie deletion, and privacy settings. Even more concerning, similar techniques could potentially affect iPhone users as well. Both companies only stopped after being publicly exposed by researchers. At ITECS, we're working with partners to help clients protect against these unethical practices and advocate for genuine privacy protection.
The Hidden Threat: How Rogue Communication Devices in Solar Inverters Could Bring Down the Power Grid
June 19, 2025

The Hidden Threat: How Rogue Communication Devices in Solar Inverters Could Bring Down the Power Grid

This investigative article exposes the discovery of undocumented communication devices hidden in Chinese-made solar inverters, creating unprecedented vulnerabilities in global power grids. The piece provides real-world attack scenarios from a business owner's perspective, analyzes the broader cybersecurity implications of hardware-level supply chain attacks, and offers actionable guidance for organizations to protect their infrastructure. With over 200GW of vulnerable capacity and the ability to compromise grids with less than 2% of inverters, this threat represents a critical national security issue requiring immediate attention from businesses and governments worldwide.