Understanding best practices when it comes to cyber security is just as important to a small business’s bottom line as a good product. Being hacked or otherwise compromised can drive up costs, decimate profits and even land you in hot legal water.
What is the NIST Cybersecurity Framework?
That’s where the NIST Cybersecurity Framework comes in. It’s a library of sorts where small businesses can learn what they need to know about cyber attacks. It’s called a policy framework in more formal terms, and this set of guidelines is published by the National Institute of Standards and Technology, a United States Department of Commerce agency.
How It Came About
It’s the place for small businesses to learn how to detect, prevent and even respond to cyber attacks. It was first put together by a Presidential Executive Order in 2014. The original idea was a voluntary framework designed to help keep America’s infrastructure safe. However, the idea has caught on and now small businesses can take advantage of the 2017 draft titled Framework for Improving Critical Infrastructure Cybersecurity Version 1.1. But one of the most exciting things about the framework is the fact that it will be continually updated and improved.
Why It Matters To Small Business
The NIST Cybersecurity Framework is important to small business owners for several very good reasons. The tools and best practices were first put together in 2014 but they were developed over decades by the federal government and industry. Here’s just a few of the critical areas the framework covers that make a difference to smaller companies.
Employee Access To Data
One of the big problems when it comes to small business cyber security is access to data. If you have an office with salespeople who are on the road a lot, this framework can help. The latest publication has worksheets to assist business owners in identifying the kinds of information they have. Making sure only qualified people have access to company information is a critical way to make sure data stays safe.
Understanding all the options when it comes to cyber security is a team effort. The NIST Cybersecurity Framework has suggestions on how best to train employees.
The framework also goes through several technology must-haves that small businesses need to bring on board. It allows them a good understanding of the techniques and tools they need like data encryption and best practices in the cloud.
It coaches small businesses about best practices including other critical aspects like patching and updating operating systems. The framework also details other security measures like installing web and email filters. This is great for the smaller company that can’t afford high priced tech help.
A companion guide that goes along with the framework can even help small businesses perform a cost/benefit analysis when they need new equipment based on some of these security recommendations.
Here’s another benefit of the NIST Cybersecurity Framework. Some sections act as refreshers for information small business owners may already know. For example, the framework suggests a reputable cloud providers are a great way to keep data safe, something small business owners have probably heard many times without acting. The framework also suggests the precaution of storing removable thumb drives in safe locations away from your business.
The framework is also useful because it makes simple suggestions that don’t cost small businesses a lot of money. It suggests surge protectors to keep stored data safe during a power outage. There are even tips on purchasing cyber security insurance to act as a buffer if things go wrong.
The NIST Cybersecurity Framework is a potential referennce for small businesses without the funds or time to learn everything about cyber security. If you’re a small business owner looking for the latest updates, you can click this link to learn more.
NIST Photo via Shutterstock