NIST provided a great Framework for small businesses to follow. I added the reference for you to follow for a long time but I will discuss this. For more details please observe the NIST small business documentation that they provided in this post.This is following the standard of the NIST Cyber Framework 2.0 for cyber security risk management.
What is NIST
The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is a set of voluntary guidelines and best practices that help organizations manage their cybersecurity risk
We will be discussing the CSF outcomes which is important for all small businesses to follow. This includes: Govern, recover, Identify, protect, detect, and respond.
Govern Function
The Govern function helps monitor our business risk management strategy , expectation and policies. This function is the biggest threat for small businesses. Most small businesses do not have the capital, time or manpower to worry about these concerns. These concerns are crucial because if certain industries are not up to date with policies they will be forced to shut down or paid a huge fine. Some examples include Financial firms in America that need to comply and stay up to date with Finra when it comes to risk management and following policies. Also so do health companies following the regulation of HIPPA. Not following these policies could make a big difference. The goal as the business owner is to understand the legal requirements for cyber security and developing some type of cyber strategy. Important discussion to think about is who to assign the work to focus on these topics. Should you get an MSSP or hire an in-house person? Also assessing risk and understanding what is lacking and what could be the cost if you do not succeed adding required stuff.
Identify Function
The Identify function helps identify the current risk to the business. To understand current risk in our business you first need to identify what you have or used. Keeping track of your access management or hardware and software. If a zero-day exploit targets Mac devices but you have an all-Windows environment, it won’t be a concern for you. However, it’s essential to stay informed about all potential threats, as the cybersecurity landscape is constantly evolving. So it helps save time knowing what you have and to stay up to date. Review all your vendors and understand their roles and importance to your business. This assessment will help you identify the most critical partners and improve your documentation methods. Additionally, this practice ensures that you maintain up-to-date records and can quickly address any issues that may arise. Two ways to keep track of asset management is to create a spreadsheet of all the inventory which may take more time and continuously update if you need to add or remove something. Or having automated software. If you need help with acquiring software that can automatically do that for you please reach out to me. My company provides services with templates.
Protect Function
The protect function places safeguards to reduce cybersecurity risk. This function’s main task is to restrict any sensitive data from being accessed. Prioritizing systems and methods to protect is key. Organizations should look to utilize MFA important accounts like emails, bank accounts and anything else that need extra protection. To protect your systems, ensure your technology is up-to-date and free from vulnerabilities. Regularly updating software and conducting vulnerability assessments are crucial steps in maintaining a secure environment. Having regular backups to protect workstations or servers from losing data should be the standard. For portable (devices such as usb, laptops, etc) to make such that they are encrypted in case of a device being lost or stolen by bad actors so they can’t access your data. Another part of protection is communication with your staff. Are they updated with the latest threat actors that could possibly affect their industry? When they come across a threat do they even report it? Keeping the staff aware and trained is an important factor that is overlooked to protect an organization. All it takes is one untrained employee that could possibly open the door for a cyber threat. According to the article, “83% of UK businesses that suffered a cyber attack in 2022 reported the attack type as phishing” (AAG IT Services). This information informs us that even with all these complex cyber attacks that could take out an organization, a simple one like phishing continues to affect everyone because of lack of continuous training.
Detect Function
The detect function provides outcomes that help you find and analyze possible cybersecurity attacks and compromises. (National Institute of Standards and Technology) Small businesses need to prioritize having antivirus software on every device to automate the detection of suspicious activities that are difficult for the human eye to catch. According to the NIST Cybersecurity Framework, the ‘Detect’ function is crucial for identifying cybersecurity events in a timely manner. If you don’t have an internal team to focus on detection, consider engaging a third-party vendor, such as a Managed Security Service Provider (MSSP), whose job is to manage your business’s security. This approach ensures continuous monitoring and rapid response to potential cybersecurity attacks and compromises, aligning with the NIST guidelines
Respond Function
The respond function is the ability to take action regarding a cyber incident. In order to respond to an attack or something that is usually going on at your organization, you should have a Security incident response planning (SIRP) in place. A Security Incident Response Plan (SIRP) is a critical document that outlines the steps an organization should follow in the event of a security incident. By having a SIRP in place, your organization can respond quickly and effectively to mitigate damage, ensure compliance, and restore normal operations *For more details on a SIRP please review our article about and check out our SIRP template guide. Employees need to be aware of who to contact, when to do so, where to report the incident, and who should be informed in the event of a security incident. Clear communication protocols ensure a swift and coordinated response, minimizing the impact of the incident on the organization. As things change rapidly in an organization it is important to update and test your SIRP at least once a year to stay up to date. For example, if your server got hacked and someone reached out to your IT team based on outdated information, they might not know that the company hired a new IT team six months ago. This oversight could cause significant delays in addressing the breach. Therefore, regularly testing and updating the Security Incident Response Plan (SIRP) is a crucial task to ensure timely and effective responses to security incidents
Recover Function
The recovery Function is about restoring assets that were impacted under a cyber incident. As an organization you must know who is responsible for your recovery and the process of how it got back up. This should be documented as well and noted on how long operations were affected by the cyber incident. Once everything is back up, have a meeting with members of your team and have discussions and plans on what you have learned and how to prevent this incident from happening in the future. In some cases businesses may never recover from a big cyber incident so it is important to make sure you set up strong security controls to migrate attacks and to be prepared for an attack when it comes.
If you require assistance to get started with your cybersecurity needs, We at WellTec Defense is an MSSP dedicated to guiding clients through their cyber needs using the latest tools and expertise. Please reach out to me at wwellington@welltecdefense.com to schedule a free consultation. Visit our website at welltecdefense.com for more information.
Works Cited:
National Institute of Standards and Technology. NIST Special Publication 1300. 2023, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1300.pdf.
AAG IT Services. “The Latest Phishing Statistics.” AAG IT Services, 2023, https://aag-it.com/the-latest-phishing-statistics/.