The National Institute of Standards and Technology (NIST) created the Cybersecurity Framework (CSF) to give businesses foundational structure and common language to address their own individual security needs. In our previous article NIST – Achieving Alignment in Cybersecurity we established that some form of cybersecurity posture is necessary to simply do business in today’s environment. As larger businesses invest heavily in cybersecurity, bad guys are turning their focus to small business as they are perceived as easier targets. The NIST CSF is comprised of five critical functions or best practices that are also referred to as the Framework Core. The Core is comprised of – Identify, Protect, Detect, Respond and Recover. Last month we covered the function of Identity in NIST – Identifying What you Need to Protect. In this article we will be discussing the foundational function of Protect.
Now that you have determined what needs to be protected you must develop and implement a plan to stop, limit or contain a potential cybersecurity event targeting your business. As with most (if not all) technology plans there are several ways to work toward this goal.
Access Control – The first line of defense is to ensure that your assets and associated facilities are only accessible to authorized users, processes or devices, and to authorized activities and transactions. Strict password guidelines and maintenance along with two or multi factor authentication (2FA or MFA) assist with controlling access.
Awareness and Training – Time and time again breaches occur as a result of human error. You must train your users on cybersecurity best practices.
Data Security – Information and records are managed to protect the confidentiality, integrity and availability of the data.
Information Protection Processes and Procedures – This also ties into data security. When you know what you need to protect you have to use a proven process to protect it.
Maintenance – Maintaining your network and system components with patching and upgrades as required.
Protective Technology – Utilize security solutions, such as encryption, to ensure your cyber resiliency.
Perhaps the most critical component of protection is keeping up with change. The way you protect your data must evolve as news ways to infiltrate network infrastructures are discovered and deployed. As with all parts of the NIST Cybersecurity Framework, you need to make sure that you are constantly updating your protection posture to adapt to the changes in how you use technology as well as new threats from bad actors. Working with an experienced Cybersecurity expert is critical in making sure that your assets are protected from breach and exploitation. Now that we’ve outlined how to Protect your data we’ll cover how to Detect, Respond and Recover should a cybersecurity event should occur in our next article.
Mythos Technology is an IT consulting and management firm that provides Managed Technology Services including hosted cloud and compliance solutions. For more information or copies of previous NIST articles, please visit www.mythostech.com or call (951) 813-2672.