IT Services Company on NIST Framework for Small Business
March 21, 2019
Small business owners may think they are too small to be victims of cyber hackers, but Pat Toth knows otherwise. Toth directs the efforts of approaching the small companies in cyber security in the National Institute of Standards and Technology (NIST) and understands the challenges that these companies face in the protection of their data and systems.
“Companies of all sizes face potential risks when they operate online and, therefore, should consider their cybersecurity.” She said. “Small businesses can even be seen as easy targets to enter larger companies through the supply chain or payment portals”
Toth is the lead author of Small Business Information Security: The Fundamentals of NIST. The guide is aimed at owners of small businesses with no experience in cyber security and explains the basic steps they can take to better protect their information systems.
“Many small businesses think that cyber security is too expensive or difficult, information security for small businesses is designed for them,” said Toth. “In fact, they may have more to lose than a larger organization because cyber security events can be costly and threaten their survival.” In fact, the National Cyber security Alliance found that 60 percent of small businesses closed in the six months after a cyber attack.
The new NIST publication guides users through a simple risk assessment to understand their vulnerabilities. The worksheets help them identify the information they store and use, determine its value and assess the risk to the business and customers if their confidentiality, integrity or availability is compromised.
The guide is based on the NIST Framework for Improving Cyber security of Critical Infrastructure, which was issued in 2014 as part of efforts to protect the critical infrastructure of the nation. The processes and tools of the framework provide key standards and best practices developed for decades by the federal government and the industry. Their simple language allows organizations to communicate better, and their general design helps them identify, assess and manage cyber security risks.
For example, the new guide describes how:
- limit employee access to data and information;
- train employees on information security;
- create policies and procedures for information security;
- encrypt data;
- install web and email filters; Y
- patch or update, operating systems and applications.
Other recommendations may require new equipment, and the guide can help companies perform cost / benefit analysis. “We recommend making backup copies of the data through a cloud service provider or a removable hard disk and keeping the backup away from your office, so if there is a fire, your data will be safe,” he said. A backup can be used to restore data in case a computer breaks or malware infects a system.
The guide also suggests:
- install surge protectors and uninterruptible power systems to allow employees to continue working through power outages and to store data;
- considering the purchase of cyber security insurance;
- ways to find reputable cyber security contractors.
Let us help you maintain your IT Security work so you can focus more on your productivity! TrueITPros service area includes the Valdosta and metro Atlanta area including the following cities: Dunwoody, Roswell, Alpharetta, Johns Creek, Marietta, Norcross, Decatur, Buckhead, Kennesaw, Duluth, Snellville, Brookhaven and Lilburn. Many of our clients have multiple locations and out of state locations too.
If you are looking for an IT services and support company in Atlanta or Valdosta please call us at (678)534-8776 or email us.