Networking, Small business

NIST Cybersecurity Guidance for Small Businesses

The U.S. Department of Commerce, National Institute of Standards and Technology (NIST) in November 2016 released information security guidance targeted at small businesses. Strengthening information security is key for small businesses; NIST cites a National Cyber Security Alliance study that found that 60% of small businesses close within six months of a cyberattack.

Acknowledging that small businesses may not have the resources to craft information security programs in the same way that large entities might, the NIST guidance describes how such a program can be implemented.

To help prevent small businesses from being easy targets for cyberattacks, the guidance outlines key steps that small businesses can take to improve cybersecurity, including practices that can be implemented immediately to protect systems and data. These include data encryption, purchasing cybersecurity insurance, the installation of web and e-mail filters and continuously implementing patches to operating systems and other applications.

The NIST guidance also contains helpful appendices, including an overview of the NIST cybersecurity framework, risk analysis worksheets and sample cybersecurity policy and procedure statements.

The NIST guidance can be found here.

Valerie Breslin Montague is a partner at Nixon Peabody. Read more Nixon Peabody blogs here.

Nixon Peabody

At Nixon Peabody, we see 21st century law as a tool to help shape our clients’ futures. We are constantly thinking about what is important to our clients now and next so we can foresee obstacles and opportunities in their space and smooth the way. We work together to handle complex challenges in litigation, real estate, corporate law, intellectual property, and finance anywhere in the world.