The average cost of a single data breach for a small business amounts to $60,000, according to industry analysts. The U.S. Department of Defense also estimates that $60 billion dollars worth of data is lost each year due to cybersecurity incidents. Due to the vulnerabilities organizations face when dealing with security threats, a new standard in cybersecurity practices was introduced in 2016. The new standard, NIST 800-171, sounds intimidating.
Ilan Sredni, owner at Palindrome Consulting and a technology leader in Fort Lauderdale says ”being aware of and implementing the standard is crucial to protecting non-classified data.”
The Basics of NIST 800-171
NIST 800-171 was created as a blueprint for cybersecurity protection against data theft and loss. It was designed as a series of protocols or best practices for protecting data that the U.S. government would not label as classified. However, should this data get into the hands of a cybercriminal, it could pose a threat to the American public. NIST 800-171 has protocols for fourteen different groups of security controls, according to industry bloggers. Well over 100 controls can exist in each of those fourteen groups. The fourteen groups covered by NIST 800-171 include:
- Risk assessment
- Protection for physical assets
- System and information security
- Protection for system communication
- General risks
- Human resources
- Media and communications
- Responding to incidents
- Authentication and identification
- Managing system configurations
- Access control
Even though the list may be intimidating, experts on the new standard indicate that cybersecurity best practices come down to knowledge, education and common sense. For example, using passwords, requiring periodic password changes, and choosing strong passwords that are difficult to guess or decode. Assigning each employee that needs access to information systems a unique username is another best practice. Using special characters in passwords and not using obvious identifiers that can easily be attributed to a user is another best practice.
Organizations should also use a reputable anti-malware program, ensure updates to the program run daily, and save program logs of identified threats. Ensuring that systems have the latest OS security patches and running daily OS update checks on each system is also critical. Many of these practices can be automated to not only ensure compliance but ease the burden on IT staff and users.
More advanced best practices include restricting control to physical assets and IT resources, logging events related to access and other important occurrences, and putting into place restrictions or controls on how data moves throughout the organization. Reading up on new cybersecurity standards and protocols like NIST 800-171 can help guard against unwanted data breaches and intrusions. However, standards and protocols are not foolproof without thorough implementation, evaluation, and modification. Finding what protocols are effective and designing improvements is a continuous process that relies on properly identifying existing vulnerabilities.
Read Full Article Here – Important Changes to Cybersecurity You Need to Know