The Cybersecurity and Infrastructure Security Agency (CISA) released its Cyber Essentials Toolkit, Chapter 2: Your Staff, The Users. This toolkit is the second in a series of six toolkits set to be released each month. This chapter follows the release of Chapter 1: Yourself, The Leader – Drive Cybersecurity Strategy Investment and Culture and CISA Cyber Essentials in November 2019.

Chapter 2 emphasizes the importance of the organization as a whole in cybersecurity, requiring a shift toward a culture of cyber readiness and greater cyber awareness among staff by providing cyber education, training, and other resources, notes CISA. Focus areas include, leveraging basic cybersecurity training; developing a culture of cyber awareness that incentivizes making good choices online; teaching employees about risks such as phishing and ransomware; and identifying available training resources from partner organizations.

“As many organizations over the past few months have switched to maximum telework capabilities, employees are connecting from more devices and through different networks, potentially opening an organization up to greater risk. Now more than ever, it’s critical that employees view themselves as a first line of defense and that organizations empower them to be a part of its cybersecurity risk management plans,” said Christopher Krebs, Director of CISA. “Our goal is that each of these six toolkits will provide our partners training resources to keep staff current on cyber threats and trends and emphasize the ‘organization as a whole’ approach to owning and investing in cybersecurity.”

Cyber Essentials are a starting point for small businesses and government agencies to understand and address cybersecurity risk as they do other risks. The toolkits provide greater detail and insight on each of the Cyber Essentials’ six Essential Elements of a Culture of Cyber Readiness and include links to resources for implementing each Element’s corresponding recommended actions from the Cyber Essentials, says CISA. 

To learn more about the Cyber Essentials Toolkits, visit