Protecting SMBs from Cyber Risks Using the NIST Framework

Featured, Security, Strategy

classification

After SMBs Identify risks in the first step of the NIST Framework, the second step defines the process to Protect your assets. We like to refer to this NIST step as making the “security sandwich.” We like this metaphor because we incorporate layers of protection to shield data and systems from hackers. When I say layers, I mean layers; lots of layers. The layers create redundancy and backstops because there is NO singular protection that can address all security threats. The more layers on your security sandwich, the more robust the protection.

In the NIST Protect step, we:

1. Determine options for protecting critical data, systems, and people, then,

2. Implement protections and leverage best practices so you can better sleep at night

Simply put, we outline and implement safeguards that ensure you can maintain critical operations, continue service delivery, and limit the impact of a potential cybersecurity event.

 

Determine options for protecting critical data, systems, and people

If the threats and mandates are not already overwhelming and confusing enough, there are literally thousands of options available for an SMB to protect its environment. These solutions can lead to vastly different cost structures and, more important, impact on your systems and employees. It can be a daunting task for any business to determine the best approach that protects your critical systems, aligns with your risk management strategy, and remains within your budget constraints. We’ve learned that a layer of protection is only good if it is properly used, remains effective, and does not get in the way of your business.

Simple additions to protect SMBs from cyber risk

Beyond the basics of good password management, we add protective layers to email (spam filtering, anti-phishing, anti-virus/spyware, encryption, and sandboxing) as a multifaceted layer to your security sandwich. Also, the standard desktop and server anti-virus/spyware/malware applications installed can be upgraded to much more robust and effective protection. Along with managing the firewall, protecting logins with MFA, and security awareness training for your entire team, you can create a multilayer, robust security sandwich rather quickly.

Some SMB’s will need more advanced security protections because they are regulated or, as we often see, held to a high-security standard by their own clients. We add more layers to the sandwich in NIST step 3, Detection, which I will cover in my next post. Let’s look at what it takes to effectively implement these Protection layers.

 

Implement protections and leveraging best practices

As you can imagine, implementation is critical. “Cheap-and easy-for-IT-to-install” technologies are often layered on without understanding the technology’s interdependence with other systems and, more important, impact on the business. Your protection will inevitably fail if people reject it because they don’t understand its purpose or it gets in their way of doing their jobs.

Our Resilient IT approach begins with a people-first mindset. Implementing cybersecurity protections is no exception. We balance the need for security with the need to get real work done efficiently and effectively. If you want to achieve this balance, your organization must invest the time and effort to ensure that every cybersecurity protection installed provides the maximum defense with minimal unfavorable impact, if any at all.

Given the ever-evolving threats, cybersecurity is a dynamic and communal discipline.  It is critical to work with enterprise-level partners and tools that have a long track record of being successful. Big user networks allow organizations to understand the latest threats and exploit the collective wisdom of an active and dogged community. We take advantage of the combined knowledge and best practices of our partner platforms to ensure each tool is set up properly the first time and finely tuned as threats evolve.

 

Conclusion: Protecting SMBs from Cyber Risks Using the NIST Framework

After an SMB has identified its risks, it’s time to mitigate them with the proper tools, practices, and support. Adding tools for tool sake is not an effective approach. Such an approach can add unnecessary costs and burdens to the business. The most effective approach to protecting SMBs from cyber threats involves a people-first mindset, a layered tool approach, a thorough understanding of the risk, and reward for each situation.

 Bonus: Ransomware Checklist to Protect Your Business

 

 

 

 

 

 

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Related posts

Resilient IT: The Pragmatic Solution to Any Fiasco

Resilient IT: The Pragmatic Solution to Any Fiasco

Companies with Resilient IT approach technology strategically and proactively.  Resilient IT reduces the frequency, severity, and duration of fiascoes. More importantly, it gives you an evergreen lens through which to make important IT decisions for the post-COVID-19...

Accessibility Toolbar

Share This