The Newsroom
Press releases and other announcements from the 360IT Partners
A Free Cybersecurity Cheat Sheet
By Martin Joseph, President, 360IT PARTNERS
(originally published in Inside Business)
As a business owner, a member of the C-suite, or a manager of a critical department, we each have different perspectives on how to mitigate the risks of cybersecurity. And many times, cybersecurity falls far down the list of important tasks and expenditures — because a breach just couldn’t happen to us. Until it does.
Imagine if you didn’t have to worry about cybersecurity or the Internet of Things or breaches or hackers or any of it. But you do.
There are no businesses that are immune to the risks or responsibilities of having sound cybersecurity practices in place. However, cybersecurity can feel like a daunting task and so many businesses overlook it.
What if you had a cybersecurity cheat sheet – and it was free to you?
There is one, and it is called the Cybersecurity Framework. It has been available from the National Institute of Standards and Technology (NIST) since early 2014 and has been updated as recently as April 2018.
The Framework came about as an effort from the federal government acknowledging that both government and private sector businesses have a role to play in the “security and resilience of the Nation’s critical infrastructure.” Along with providing “standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk,” the Framework provides a common language that can be used to speak about cybersecurity risks at all levels of an organization and also with both internal and external stakeholders.
Matthew Eggers, Executive Director, Cybersecurity Policy, U.S Chamber of Commerce, feels that the Framework provides stakeholders in different roles within an organization with a common language. “Whether you are CEO or you just walked into a company as a new employee, it’s something that you can feasibly grasp.”
As Chief Security Officer of Telos Corporation, Richard Tracy agrees, “[The Cybersecurity Framework] helps us communicate risk in ways that everyone can understand – from the server room to the board room.”
In addition to helping all leaders of an organization better understand the potential risks that cybersecurity can bring about, the Cybersecurity Framework provides guidance on managing and reducing those risks.
In fact, NIST reports that thirty percent of U.S. companies are using the Cybersecurity Framework to help manage cyber risk. While it is not created to be a one-size fits all solution, it was designed to be flexible to be used across many different industries.
The Cybersecurity Framework isn’t just for large organizations either. “The NIST framework is a valuable tool for any business owner or executive who wants to be prepared for, and possibly head off, any cybersecurity issue that can threaten their business,” says Justin Carter, Chief Technology Officer at 360IT PARTNERS. “We leverage it for our clients who may have already implemented some level of a cybersecurity plan, as well as for new clients who believe that now is the time to create and implement their first plan. There is no wrong time in a business lifecycle to get started.”
The Framework has 5 core functional areas: Identify, Protect, Detect, Respond, and Recover.
IDENTIFY. During the initial phase, we review our client’s critical business applications and resources which support the organization’s efficiency and operations. Consistent with their risk management strategy, we identify and develop protocols which support the organization’s resources, needs, and capabilities.
PROTECT. In this phase of the Cybersecurity Framework, we implement enterprise-level solutions which scan and create protocols for maintaining the delivery of our client’s critical infrastructure.
DETECT. Our cybersecurity software is deployed to constantly scan our client’s infrastructure for potential cybersecurity events before they become a threat.
RESPOND. We develop protocols and procedures for our client’s in the event that there is an unforeseen cybersecurity event. This includes response planning, communications, analysis, mitigation, and improvements.
RECOVER. In the event of a cybersecurity event, we have a plan to quickly recover and restore our client’s critical network and IT capabilities.
While there are no silver bullets for being completely immune to cybersecurity risks, there are measures that every company can take. With a well-documented strategy under the guidance of a robust architecture such as NIST’s Cybersecurity Framework and leveraging best practices and reliable systems and processes, most companies can drastically reduce their cyber-threat exposure.
In an effort to reduce the disruptions caused by cybersecurity events, NIST projects that by 2020, 50% of United States companies will be using the Cybersecurity Framework. Will your company be one of them?
Martin Joseph, president of 360IT PARTNERS, has been an expert in the IT field for over 30 years. He is also a member of the Entrepreneurs’ Organization. His company provides IT services to small and medium businesses and ranks 185th on the list of the world’s top 501 Managed Service Providers. Martin can be reached at www.360ITPARTNERS.COM or at 757-499-6761.