U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

NIST Small Business Information Security guide for Small businesses

The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses. I have always stressed the necessity to improve cyber security posture for small businesses that are most exposed to threat actors across the world. Now the National Institute of Standards and Technology has released a cybersecurity guide to […]

NIST Small Business Information Security guide for Small businesses

The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses.

I have always stressed the necessity to improve cyber security posture for small businesses that are most exposed to threat actors across the world. Now the National Institute of Standards and Technology has released a cybersecurity guide to support small businesses in securing their IT infrastructure.

The NIST “Small Business Information Security: The Fundamentals” guide aims to provide basic cybersecurity recommendations for small businesses through a risk assessment process.

“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” she said. “Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals.” reads the NIST announcement. 

“Many small businesses think that cybersecurity is too expensive or difficult; Small Business Information Security is designed for them,” Toth said. “In fact, they may have more to lose than a larger organization because cybersecurity events can be costly and threaten their survival.” In fact, the National Cyber Security Alliance found that 60 percent of small companies close down(link is external) within the six months following a cyberattack.

nist-small-business-information-security

This guide is an important exercise for small-business owners that are not experienced in cybersecurity, it explains to them how to protect their information systems from cyber threats.

The Small Business Information Security: The Fundamentals guide proposes a classic approach that follows the IDENTIFY/PROTECT/DETECT/RESPONSE/RECOVER steps focusing on understanding and managing risks for small businesses. The guide also includes worksheets that could be used by small businesses to identify the information they manage. It is essential to assess the information assets and identify potential risks to it.

Of course, the guide is based on NIST’s Framework for Improving Critical Infrastructure Cybersecurity, which was issued in 2014.

The NIST highlighted that the new guide describes how to:

  • limit employee access to data and information;
  • train employees about information security; 
  • create policy and procedures for information security;
  • encrypt data;
  • install web and email filters; and
  • patch, or update, operating systems and applications.

The guide also suggests install surge protectors and uninterruptible power supplies, considering to transfer the risks with cybersecurity insurance; and find reputable cybersecurity contractors.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – NIST Small Business Information Security, cybersecurity)