What is NIST? THE CYBERSECURITY FRAMEWORK
Written and Published By: Demetrics Anderson, March 7, 2021
In looking at Cyber Security and how common breaches of security are affecting the Global community, there must be a remedy to combat such grave issues to prevent Identity Theft. Millions of people all around the Globe have been exposed to Identity Theft. This is a big problem for business owners and consumers. This issue not only affects consumers in a negative way but could also become a company liability if there is not a system put in place to protect companies from these types of liabilities.
A solid system should consist of:
- Requesting a photo ID before accepting credit cards or checks and being sure to encrypt all sensitive information before it is stored and sent,
- Train employees in digital security best practices,
- Limited software installation abilities for employees,
- Strong firewalls,
- Scheduled virus and malware scans,
- VPN for outside access,
- Secured wireless networks,
- Secure offsite data storage,
- Automatic Windows and other software updates,
- Protect physical access to company computers.
These are just a few practices that could make hacking your system harder. However, NIST has made its debut to save the day.
You may be wondering what is NIST and why should you consider it for your business? NIST is identified as the National Institute of Standards and Technology located at the U.S. Department of Commerce. This voluntarily, robust Cybersecurity Framework was designed to help all businesses in many areas. NIST boasts that businesses will better understand, manage, and reduce cybersecurity risk. With NIST, they will be able to accurately protect their networks and data. It provides businesses with an outline of the best practices to help companies decide where to focus time and money for cybersecurity protection. It can be used in these five areas: Identify, Protect, Detect, Respond, and Recover.
Following are the steps NIST will take to ensure protection from Cyber Security:
- IDENTIFY
Make a list of all equipment, software, and data you use, including laptops, smartphones, tablets, and point-of-sale devices. Create and share a company cybersecurity policy that covers: Roles and responsibilities for employees, vendors, and anyone else with access to sensitive data. Steps to take to protect against an attack and limit the damage if one occurs.
- PROTECT
•Control who logs on to your network and uses your computers and other devices.
• Use security software to protect data.
•Encrypt sensitive data, at rest and in transit.
•Conduct regular backups of data.
•Update security software regularly, automating those updates if possible.
•Have formal policies for safely disposing of electronic files and old devices.
• Train everyone who uses your computers, devices, and network about cybersecurity. You can help employees understand their personal risk in addition to their crucial role in the workplace.
- DETECT
Monitor your computers for unauthorized personnel access, devices (like USB drives), and software. Check your network for unauthorized users or connections. Investigate any unusual activities on your network or by your staff.
- RESPOND
Have a plan for:
•Notifying customers, employees, and others whose data may be at risk.
•Keeping business operations up and running.
• Reporting the attack to law enforcement and other authorities.
• Investigating and containing an attack.
• Updating your cybersecurity policy and plan with lessons learned.
• Preparing for inadvertent events (like weather emergencies) that may put data at risk.
- RECOVER
After an attack:
Repair and restore the equipment and parts of your network that were affected. Keep employees and customers informed of your response and recovery activities.
Citing: National Institute of Standards and Technology (2021). Understanding THE NIST CYBERSECURITY FRAMEWORK. https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity/nist-framework
In conclusion, NIST will more than likely become the top framework for Cyber Security and hopefully put somewhat an end to all the breaches in security we currently have and may experience in the future.
Comments (0)