Featured Product
This Week in Quality Digest Live

More Videos

Management Features
Who Defines Quiet Quitting?
Megan Wallin-Kerth
Committed employees may be hiding in plain sight
The Circular Economy: Building Trust Through Conformity Assessment
ISO
Using the CASCO Toolbox to repair and restore
Four Challenges in Navigating Remote Work Layoffs
Gleb Tsipursky
Putting the right policies and procedures in place
How to Deal With Imposter Syndrome at Work
Ethan Lee
Don’t worry. You are who you thought you were.
Gap or Opportunity? Manufacturing Skills for a Supply-Chain Disrupted World
Ray Hein
It’s time to lean in to smart technology to help close the skills gap

More Features

Management News
MIT Sloan Executive Education Introduces New Women’s Leadership Program
Provides opportunities to deepen leadership capabilities
Who Is at the Highest Risk of Being Hacked?
A cybersecurity expert offers guidance
Sunnen Acquires Hommel Präzision
Former service partner provides honing and deep-hole drilling solutions
Study Reveals Employers’ Awareness of Inability to Meet Worker Demands
Employers need to turn awareness into action
Siemens Teamcenter Now Available on Google Cloud
Connects people and processes across functional silos with a digital thread for innovation
Innovative Employer Engagement Process Establishes Effective On-the-Job Training
Here are five easy steps
CESMII and SME Form Smart Manufacturing Executive Council
Better manufacturing processes require three main strategies
Teaching Computers to Read ‘Industry Lingo’
Technical vs. natural language processing
X-Rite and Pantone Win Pinnacle InterTech Award With Mantis Video Targeting Technology for eXact 2
Recognized as best-in-class industry technology by Printing United Alliance

More News

NIST

Management

NIST Guide Helps Small Businesses Improve Cybersecurity

Explains basic steps businesses can take to better protect their information systems

Published: Wednesday, November 30, 2016 - 18:45

(NIST: Gaithersburg, MD) -- Small-business owners may think that they are too small to be victims of cyber-hackers, but Pat Toth knows otherwise. Toth leads outreach efforts to small businesses on cybersecurity at the National Institute of Standards and Technology (NIST) and understands the challenges these businesses face in protecting their data and systems.

“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” she says. “Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals.”

Toth is the lead author of NIST’s Small Business Information Security: The Fundamentals. The guide is written for small-business owners not experienced in cybersecurity and explains basic steps they can take to better protect their information systems.

“Many small businesses think that cybersecurity is too expensive or difficult; Small Business Information Security is designed for them,” says Toth. “In fact, they may have more to lose than a larger organization because cybersecurity events can be costly and threaten their survival.” The National Cyber Security Alliance found that 60 percent of small companies close down within the six months following a cyber attack.

The new NIST publication walks users through a simple risk assessment to understand their vulnerabilities. Worksheets help them to identify the information they store and use, determine its value, and evaluate the risk to the business and customers if its confidentiality, integrity, or availability were compromised.

The guide is based on NIST’s Framework for Improving Critical Infrastructure Cybersecurity, which was issued in 2014 as part of efforts to protect the nation’s critical infrastructure. The framework’s processes and tools provide key standards and best practices developed over decades by the federal government and industry. Its simple language allows organizations to better communicate, and its overall design helps them identify, assess, and manage cybersecurity risks.

For example, the new guide describes how to:
• Limit employee access to data and information
• Train employees about information security
• Create policy and procedures for information security
• Encrypt data
• Install web and email filters
• Patch, or update, operating systems and applications

Other recommendations may require new equipment, and the guide can help businesses perform cost/benefit analyses. “We recommend backing up data through a cloud-service provider or a removable hard drive and keeping the backup away from your office, so if there is a fire, your data will be safe,” says Toth. And a backup can be used to restore data in case a computer breaks or malware infects a system.

The guide also suggests:
• Installing surge protectors and uninterruptible power supplies to allow employees to continue to work through power outages and to save data
• Considering the purchase of cybersecurity insurance
• Ways to find reputable cybersecurity contractors

NIST has been in the business of helping small businesses with information security since 2001, when it joined forces with the U.S. Small Business Administration and the Federal Bureau of Investigation’s InfraGard program to provide introductory cybersecurity workshops to small businesses. 

Discuss

About The Author

NIST’s picture

NIST

Founded in 1901, the National Institute of Standards and Technology (NIST) is a nonregulatory federal agency within the U.S. Department of Commerce. Headquartered in Gaithersburg, Maryland, NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.