Cybersecurity is a major concern for today’s small businesses. But that doesn’t mean that all small businesses have to approach cybersecurity in the same way.
Small Business Trends caught up with Michael Kaisser of the National Cyber Security Alliance at Nasdaq MarketSite in New York City’s Times Square to discuss how small businesses can make sense of all the complicated cybersecurity issues in today’s landscape.
One of the major issues he’s noticed is that small businesses don’t even know where to start when it comes to cybersecurity. He recommends that small businesses in that situation look into the NIST Cybersecurity Framework.
Getting Started With Small Business Cybersecurity
This might sound like a complicated undertaking. But it’s actually just a few simple steps that small businesses can use to create a cybersecurity plan that works for their particular situation. The framework simply asks businesses to identify what data they have to protect, look at what they’re doing to protect it, be able to understand and detect if something goes wrong, and learn how to respond and recover in the case of a cybersecurity incident.
The whole point of this framework is to help businesses come up with a plan that’s specific to them, rather than trying to go with a one-size-fits-all approach.
Kaisser said, “It seems like this big thing — ‘I’m supposed to be doing everything.’ The fact is, you don’t have to do everything. You have to do what’s important for your business and you have to make cybersecurity relevant for your situation.”
For example, a retail business that collects customer data and payment information will have one set of risks and needs. But a doctor’s office is likely to have a whole separate set of needs. So each business has to build its own cybersecurity plan. But businesses are already used to making their own plans and doing what’s best for their specific needs. So Kaisser thinks that simply extending that philosophy to cybersecurity is a great place to start.
He said, “Making cybersecurity relevant to your situation is where you need to start. And I think businesses are already good at this.”
More in: Cybersecurity