New NIST Cyber Guidelines Released

NIST, The National Institute of Standards and Technology, has released a new guide—Small Business Information Security: The Fundamentals—designed to help businesses arm themselves with best practices against potential cyberthreats.

The downloadable guide is written for business owners not familiar with cybersecurity procedures and contains best practices for encrypting data, creating company policy and training employees, installing web and email filters, finding reputable contractors and more. The guide walks businesses through a risk assessment and includes worksheets.

“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” said Pat Toth, who leads NIST’s cybersecurity outreach to small businesses, in a statement accompanying the guide’s release earlier in November. “Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals.”

In the guide’s forward, NIST, an arm of the U.S. Commerce Department, notes that “an information security or cybersecurity incident can be detrimental to (a company’s) business, customers, employees, business partners, and potentially their community.”

ACG has been active in keeping its members apprised of cyberdevelopments through webinars, articles and other programs with leaders in the field.