The new year is coming and if history is any indicator, new cybersecurity threats will arrive with it. If you are a small business, you may be overwhelmed by trying to protect your data and information technology assets. Start the new year off right with a new year's resolution to prioritize low cost, high impact security measures using CISA's Cross Sector Cybersecurity Goals.

Implementing just the measures described can help you reach over 40% of the these cybersecurity goals. In fact, only three measures were described as being high cost, high impact, and high complexity: Third-party validation of cybersecurity control effectiveness, prohibiting the connection of unauthorized devices, and network segmentation.

Over the past several years, as our nation has faced unprecedented cyber threats from ransomware to nation-state espionage, we have heard a common refrain from organizations across the spectrum, from the largest multinational corporations to state and local governments, to critical infrastructure entities of all sizes: How can we focus investment toward to the most impactful security outcomes? ... Even with comprehensive guidance from sources like the NIST Cybersecurity Framework, many organizations would benefit from help identifying and prioritizing the most important cybersecurity practices along with support in making a compelling argument to ensure adequate resources for driving down risk. Ultimately, prioritized investment will help meaningfully address serious risks to the safety, health, and livelihoods of the American people.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.