By: Andrew Lanning, Co-Founder, Integrated Security Technologies and Chair of the PSA Cybersecurity Committee
Information Security Small Business Fundamentals
In November of 2016 the National Institute for Standards in Technology (NIST) released updated guidance on information security (cybersecurity) risk management for small businesses. A distinctively soft target for cyber criminals, small businesses generally lack the technical and financial resources to deploy strong risk mitigation controls.
The recent guidance (NISTIR 7621 Rev.1) provides information and tools that small business owners can use to better understand and document the risks and impacts that cybersecurity threats and vulnerabilities pose to their organizations. There is direct guidance on safeguarding the information that your company processes and stores through a multi-step framework. Finally, this updated guidance outlines steps that employees can take to work with information safely and securely.
Many small businesses do not make the security of their information or information systems a high priority even though the impact of a cyber security incident could include system damage, lost productivity, an adverse reputation, loss of business income, credit damage, and/or fines. The PSA Security Network Cybersecurity Committee works diligently to bring tools and training to our owners that can lower the likelihood of suffering these impacts. We believe it is vital for the health of your business that you take a look at the available guidance and begin to implement the recommended controls as soon as possible. Who’s got your back?
Andrew Lanning, Chairman
PSA Security Network Cybersecurity Committee