On February 26, 2024 NIST (National Institute of Standards and Technology) did what?! Oh, they released the NIST Cybersecurity Framework 2.0 (CSF 2.0)! The newly updated Cybersecurity Framework is a great resource for small businesses as it “can be used by organizations to understand, assess, prioritize, and communicate cybersecurity risks.” NIST wasn’t done with just an update to their Cybersecurity Frame, they also released a Small Business Quick-Start Guide for those small businesses “who have modest or no cybersecurity plans in place.”
Now that I have hyped it up, what does this really mean for a small business who wants to either start their cybersecurity journey or continue their journey.
Where to start
If cybersecurity is new to you and your small business, I recommend starting off with reading the Small Business Quick-Start Guide first. This is a great introduction to the CSF and provides 5 key activities per section on the framework. These include: Actions to Consider, Getting Started, Technical Deep Dive, Questions to Consider, and Related Resources. The Small Business Quick-Start Guide is a fantastic starting point for those who are just building their cybersecurity programs.
For those of you familiar with the CSF or have already started your cybersecurity implementations, I recommend diving right into reading the framework itself. It will look familiar to many as it continues with the previous 5 functions: Identify, Protect, Detect, Respond, and Recover. Quickly noticeable though is an addition of a 6th function: Govern. This new function is all about your small business’s risk management strategies and cybersecurity program as a whole.
What’s next
Whether you are just starting out or you have a mature cybersecurity program, you need your game plan. This plan will look different for everyone as every business is different. One common theme though will be the desire and need to reduce your risk. To do this, you need to know and understand your data. This means you know what you do with it and how it is stored and accessed.
Another important step is to identify your devices. Knowing the devices to protect and the data to protect, will give you your scope. These are two critical steps to protecting your small business.
Breaking news! NIST did what?!
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on home protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!