Posted by: Heather Shy on April 9, 2021 at 8:00 am
NIST compliance is a huge concern these days, even for small businesses. Even if you don’t accept government contracts, more and more B2B customers want reassurance that you have protected their proprietary information. In addition, many cybersecurity and other business insurance providers require NIST compliance before providing coverage — or paying claims.
Fortunately, NIST wants to make it easy for small businesses to meet their cybersecurity standards. To that end, they published a NIST Cybersecurity Framework of five steps every small business owner or IT manager can use as a guideline. While not mandatory in most cases, these best practices can help you prioritize your cybersecurity needs, and protect your computer network — and your business — in the process.
Can you implement the NIST Cybersecurity Framework yourself? Possibly. Certainly, some of the guidelines regarding plans and policies require management-level decisions. But the nuts and bolts of cybersecurity is kind of like constructing your own office building: you might be able to do it yourself, but why would you? An expert IT services provider (like TAZ Networks) can provide expertise and guidance, along with ongoing support to keep your network running smoothly.
Let’s look at how a managed service provider can help you meet the five steps in the NIST Cybersecurity Framework. You can download the chart from NIST here. Keep in mind, some decisions on the framework must come from your business management team, but TAZ Networks can assist and guide you in developing policies and processes.
NIST Cybersecurity Framework Step 1: Identify
Make a list of all equipment, software, and data. Your IT services provider should help you compile this list as part of your onboarding process. It must be reviewed and updated regularly. TAZ Networks provides this service to our managed services clients, with a monthly maintenance checklist that verifies, updates, and documents your network equipment, data storage, and backups.
NIST Cybersecurity Framework Step 2: Protect
- Use security software to protect data. This could be as simple as a firewall, antivirus and spam filtering (which every business should have). Or, your business could require a higher-level of protection. Your computer services provider can help you make that determination based on your level of risk.
- Encrypt sensitive data. Does your staff regularly email sensitive data? You may need mail encryption and archiving.
- Conduct regular backups of data. You might be backing up your data, but do you know where to find it when you need it? Does someone verify that backups ran and can be accessed?
- Update security software regularly, automating those updates if possible. Cyber threats pop up constantly. Regularly and automatically updating antivirus and operating system software helps keep your network safe.
- Train your staff about cybersecurity. If some bad actor gets through your digital defenses, and their bad link reaches someone’s in-box, what is the last protection for your network? Your “human firewall” — the human being receiving that email. Our TAZ Security Care plan includes cybersecurity training for your staff.
NIST Cybersecurity Framework Step 3: Detect
- Monitor your computers for unauthorized personnel access, devices (like USB drives), and software.
- Check your network for unauthorized users or connections.
- Investigate any unusual activities on your network or by your staff.
TAZ Security Care Advanced collects, analyzes and correlates information from network devices, endpoint logs and threat intelligence feeds to help keep track of what’s happening on your network at any given time.
NIST Cybersecurity Framework Step 4: Respond
This step calls for developing a response plan in case of cyber attack or other business interruption. This includes notifying those whose data may be at risk and reporting an attack to law enforcement such as the FBI and Michigan State Police.
In addition, an IT managed services provider like TAZ Networks can assist with:
- Investigating and containing an attack
- Keeping business operations running
- Preparing for adverse weather
NIST Cybersecurity Framework Step 5: Recover
The best defense is a good offense, but attacks still happen. Does your IT company have the expertise to guide you with cleaning, repairing and restoring your system?
This blog post is not a complete look at NIST cybersecurity compliance, but gives you an overview of how your managed service provider should be able to assist you. Not getting the answers you need from your IT provider? Fill out the form on this page, and TAZ Networks will contact you to see how we can help secure and manage your business computer network.