Using a cybersecurity framework is absolutely a best practice.
Experience has led the cybersecurity community to think of defense in terms of process. Over time and through extensive coordination the best of these processes have made their way into standards and guidance documents and corporate policies. Every firm is different so rather than borrow someone else’s policy you can start with an outline or framework of an approach.
Our preferred framework for small to medium businesses is the one coordinated by the National Institute of Standards and Technology (NIST), called the “Framework for Improving Critical Infrastructure Cybersecurity”, or frequently just called the NIST Cybersecurity Framework.
We like the NIST framework because it is easy to remember, and the terms it introduces help reduce ambiguity when communicating in companies and also when communicating between companies. It is both a framework for building an action plan and it is a common taxonomy that can enhance your ability to communicate on cybersecurity topics with your suppliers, government and business clients.
We also like the framework because it is built on an understanding of risk management processes. Most cyber security decisions in small to medium sized businesses should be informed by topics such as risk tolerance and impact on business processes. This framework supports that.
The core of the NIST Cybersecurity framework is built around five core process categories:
Understand and Identify: Organizations need to understand and identify cyber risks to business, assets which need to be protected, as well as resources required to operate. You must know yourself and know the threat. It is also important to know best practices in defense.
Protect: Developing appropriate safeguards that can mitigate the impact of a breach of compromise of employee information or damage to your online presence are key. This is the meat of your plan. A good cyber defense will protect the right things and ensure if there is a breach that its impact is mitigated.
Detect: Current operations in defense of networks and a study of the history of cyber crime leads to the unfortunate conclusion that the bad guys will continue to breach networks and gain unauthorized access to information. When the right protections are in place their actions can be contained. Putting the right tools and processes in place to detect issues are also key to taking the right action.
Respond: When a cyber event occurs the processes should be in place to enable a rapid response. Response will depend on the nature of the incident, but could include notification of clients, partners, suppliers, law enforcement and others. It could also include bringing in outside help to push the adversaries out and improve defenses.
Recover: Planning for recovery can help return your business to normal operations as fast as possible.
Do you have other tips we should know about? Please contact us here and let us know what we should know.