NIST Releases Cybersecurity Guidelines for Small Businesses | Practical Law

NIST Releases Cybersecurity Guidelines for Small Businesses | Practical Law

The National Institute of Standards and Technology (NIST) has released a new guide aimed at helping small businesses improve their cybersecurity.

NIST Releases Cybersecurity Guidelines for Small Businesses

Practical Law Legal Update w-004-5259 (Approx. 3 pages)

NIST Releases Cybersecurity Guidelines for Small Businesses

by Practical Law Intellectual Property & Technology
Published on 14 Nov 2016USA (National/Federal)
The National Institute of Standards and Technology (NIST) has released a new guide aimed at helping small businesses improve their cybersecurity.
On November 10, 2016, the National Institute of Standards and Technology (NIST) announced the publication of Small Business Information Security: The Fundamentals, a guide to help small businesses improve their cybersecurity.
The guide is aimed at small businesses that are inexperienced in cybersecurity and may think they are too small to be targets. In particular, the guide sets out basic steps a small business can take to better protect their information systems, including, among other things:
  • Identifying and controlling who has access to the business's information.
  • Conducting background checks on prospective employees.
  • Creating separate user accounts for each employee.
  • Developing information security policies and procedures.
  • Limiting employee access to data and information.
  • Keeping operating systems and applications up to date.
The guide, which is based on the NIST's Framework for Improving Critical Infrastructure Cybersecurity, also walks users through a simple assessment and includes worksheets businesses can use to:
  • Identify what types of information the business stores and uses.
  • Determine the information's value.
  • Evaluate the business and consumer risks if that information's confidentiality, integrity, or availability were compromised.