NIST said Wednesday it created the Small Business Information Security: The Fundamentals guide in an effort to provide basic cybersecurity steps and walk small business owners through a risk assessment process.
“Businesses of all sizes face potential risks when operating online and therefore need to consider their cybersecurity,” said Pat Toth, lead author of the NIST guide.
“Small businesses may even be seen as easy targets to get into bigger businesses through the supply chain or payment portals,” Toth added.
The guide also contains worksheets to help small businesses identify information they store and use; determine the information’s value; and assess potential risks in case the information’s confidentiality, integrity or availability is compromised, NIST said.
The agency noted the publication outlines strategies to regulate employee access to data and information; conduct information security training for employees; establish information security policy and procedures; encrypt data; install web and email filters; and update operating systems and applications.
NIST added the guide recommends that small businesses install surge protectors and uninterruptible power supplies; look into cybersecurity insurance; and find reputable cybersecurity contractors.
The document is based on the agency’s Framework for Improving Critical Infrastructure Cybersecurity that was published in 2014 to provide standards and best practices from the federal government and industry.