Helping Small Businesses Boost Security

Monday, November 14, 2016 @ 02:11 PM gHale

The refrain resonates across the board when it comes to cybersecurity protection: I am just a small business, no one would go after me.


Guide to Cyber Threat Info Sharing
Security’s Small Steps Mean Protection
Age of ‘Security Fatigue’
Learning to Spot Phishing Emails

That is why the National Institute of Standards and Technology (NIST) is reaching out to small business owners to educate them on the vital topic.

“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” said Pat Toth who leads outreach efforts to small businesses on cybersecurity at NIST. “Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals.”

Toth is the lead author of NIST’s “Small Business Information Security: The Fundamentals.” The guide is for small-business owners not experienced in cybersecurity and explains basic steps they can take to better protect their information systems.

“Many small businesses think that cybersecurity is too expensive or difficult; Small Business Information Security is designed for them,” Toth said. “In fact, they may have more to lose than a larger organization because cybersecurity events can be costly and threaten their survival.” The National Cyber Security Alliance found 60 percent of small companies close down within six months following a cyberattack.

The new NIST publication walks users through a simple risk assessment to understand their vulnerabilities. Worksheets help them to identify the information they store and use, determine its value, and evaluate the risk to the business and customers if its confidentiality, integrity or availability were compromised.

The guide comes from NIST’s Framework for Improving Critical Infrastructure Cybersecurity, issued in 2014 as part of efforts to protect the nation’s critical infrastructure. The framework’s processes and tools provide key standards and best practices developed over decades by the federal government and industry. The document’s simple language allows organizations to better communicate, and its overall design helps them identify, assess and manage cybersecurity risks.

The new guide describes how to:
• Limit employee access to data and information
• Train employees about information security
• Create policy and procedures for information security
• Encrypt data
• Install web and email filters
• Patch, or update, operating systems and applications

Other recommendations may require new equipment, and the guide can help businesses perform cost/benefit analyses.

“We recommend backing up data through a cloud-service provider or a removable hard drive and keeping the backup away from your office, so if there is a fire, your data will be safe,” Toth said. And a backup can restore data in case a computer breaks or malware infects a system.

The guide also suggests:
• Installing surge protectors and uninterruptible power supplies to allow employees to continue to work through power outages and to save data
• Considering the purchase of cybersecurity insurance
• Ways to find reputable cybersecurity contractors

Leave a Reply

You must be logged in to post a comment.