New NIST Guide Helps Small Businesses Improve Cybersecurity
November 11, 2016 | NISTEstimated reading time: 2 minutes
Small-business owners may think that they are too small to be victims of cyber hackers, but Pat Toth knows otherwise. Toth leads outreach efforts to small businesses on cybersecurity at the National Institute of Standards and Technology (NIST) and understands the challenges these businesses face in protecting their data and systems.
“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” she said. “Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals.”
Toth is the lead author of NIST’s Small Business Information Security: The Fundamentals(link is external). The guide is written for small-business owners not experienced in cybersecurity and explains basic steps they can take to better protect their information systems.
“Many small businesses think that cybersecurity is too expensive or difficult; Small Business Information Security is designed for them,” Toth said. “In fact, they may have more to lose than a larger organization because cybersecurity events can be costly and threaten their survival.” In fact, the National Cyber Security Alliance found that 60 percent of small companies close down(link is external) within the six months following a cyberattack.
The new NIST publication walks users through a simple risk assessment to understand their vulnerabilities. Worksheets help them to identify the information they store and use, determine its value, and evaluate the risk to the business and customers if its confidentiality, integrity or availability were compromised.
The guide is based on NIST’s Framework for Improving Critical Infrastructure Cybersecurity, which was issued in 2014 as part of efforts to protect the nation’s critical infrastructure. The framework’s processes and tools provide key standards and best practices developed over decades by the federal government and industry. Its simple language allows organizations to better communicate, and its overall design helps them identify, assess and manage cybersecurity risks.
For example, the new guide describes how to:
- limit employee access to data and information;
- train employees about information security;
- create policy and procedures for information security;
- encrypt data;
- install web and email filters; and
- patch, or update, operating systems and applications.
Other recommendations may require new equipment, and the guide can help businesses perform cost/benefit analyses. “We recommend backing up data through a cloud-service provider or a removable hard drive and keeping the backup away from your office, so if there is a fire, your data will be safe,” Toth said. And a backup can be used to restore data in case a computer breaks or malware infects a system.
The guide also suggests:
- installing surge protectors and uninterruptible power supplies to allow employees to continue to work through power outages and to save data;
- considering the purchase of cybersecurity insurance; and
- ways to find reputable cybersecurity contractors.
NIST has been in the business of helping small businesses with information security since 2001 when it joined forces with the U.S. Small Business Administration(link is external) and the Federal Bureau of Investigation’s InfraGard(link is external) program to provide introductory cybersecurity workshops to small businesses.
Suggested Items
Nolan’s Notes: Coming to Terms With AI
05/07/2024 | Nolan Johnson -- Column: Nolan's NotesHow fast do things move in the world of data analytics? Here’s an example. We’ve been planning this issue on artificial intelligence for the past few months, and, in fact, I had already written this column about a month ago. Then I went to IPC APEX EXPO and upended it all. I originally had compared AI to drag racing in that (CPU) horsepower and new (data) vehicles have steadily delivered higher performance competition. That seemed pretty accurate given how generative AI models dominated the popular media with amazing results—and sometimes spectacular crashes.
RTX's Advanced Ground System for Space-based Missile Warning Now Operational
05/06/2024 | RTXAn advanced ground system for space-based missile warning developed by Raytheon, an RTX business, is now operational at the U.S. Space Force's Overhead Persistent Infrared Battlespace Awareness Center (OBAC).
Cigent, Swissbit Announce Partnership to Enhance Endpoint Data Security
05/06/2024 | CigentCigent, a leading provider of endpoint data protection solutions, and Swissbit, a leading manufacturer of storage, security, and embedded IoT solutions, today announced a strategic partnership to offer a comprehensive portfolio of secure storage drives designed to safeguard endpoint data against a growing landscape of cyberthreats.
Industrial PC Market Size to Record $1.75 Billion Growth from 2023-2027
05/03/2024 | PRNewswireThe global industrial pc market size is estimated to grow by USD 1.75 billion from 2023 to 2027, according to Technavio. This growth is expected to occur at a Compound Annual Growth Rate (CAGR) of almost 6.29% during the forecast period.
Gartner Survey: 61% of Organizations Evolving D&A Model Due to AI
05/01/2024 | Gartner, Inc.Sixty-one percent of organizations are forced to evolve or rethink their data and analytics (D&A) operating model because of the impact of disruptive artificial intelligence (AI) technologies, according to a new Gartner, Inc. survey.