NIST Cybersecurity Guidance for Small Businesses
The U.S. Department of Commerce, National Institute of Standards and Technology (NIST) in November 2016 released information security guidance targeted at small businesses. Strengthening information security is key for small businesses; NIST cites a National Cyber Security Alliance study that found that 60% of small businesses close within six months of a cyberattack.
Acknowledging that small businesses may not have the resources to craft information security programs in the same way that large entities might, the NIST guidance describes how such a program can be implemented.
To help prevent small businesses from being easy targets for cyberattacks, the guidance outlines key steps that small businesses can take to improve cybersecurity, including practices that can be implemented immediately to protect systems and data. These include data encryption, purchasing cybersecurity insurance, the installation of web and e-mail filters and continuously implementing patches to operating systems and other applications.
The NIST guidance also contains helpful appendices, including an overview of the NIST cybersecurity framework, risk analysis worksheets and sample cybersecurity policy and procedure statements.
The NIST guidance can be found here.