For as long as we can remember, smaller entities have been held accountable to the same security and compliance standards as enterprise sized organizations in their industry. From regional credit unions scrambling to comply with the same regulations as major banks like Wells Fargo and Bank of America to local “Main Street” merchants struggling with PCI compliance, security and compliance can seem like an impossible dream for smaller organizations.
“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity. Small businesses may even be seen as easy targets to get into bigger businesses through supply chain or payment portals.”Pat Thoth, Cybersecurity Program Manager at NIST Hollings Manufacturing Extension Partnership (MEP)
Cybersecurity can be confusing and expensive, even for large organizations. With an unlimited number of known and unknown threats, constant changes and innovation, and limited resources, smaller organizations are constantly faced with difficult choices. With the passing of The NIST Small Business Cybersecurity Act (formerly known as the Main Street Cybersecurity Act), lawmakers aim to bring actionable clarity to small businesses.
At RSA 2019, NIST Director, Dr. Walt Copan announced that the Small Business Cybersecurity Corner website was live and available.
The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage and reduce their cybersecurity risk and protect their networks and data.
Create an inventory of all equipment, software and data you use in your business.
Establish proper controls to protect assets and data. This includes training everyone who uses your computers, devices or network.
Monitor computers and network for unauthorized access.
Have an incident response plan that covers communications, keeping the business running, reporting attacks, investigating attacks, and updating policies and plans with lessons learned.
Repair equipment and parts of the network affected, and keep employees and customers informed of response and recovery activities.
While this guidance is clear, it’s not as simple as just following the steps. Small businesses will have to make choices and tradeoffs.
This is where Port53 can help. Our skilled cybersecurity experts work to conduct a risk assessment and help organizations implement the NIST Cybersecurity Framework in a controlled and achievable way. Our deep relationships and expertise with best of breed technologies mean that we offer the most effective solutions, expertly deployed at prices small businesses can afford.