The National Institute of Standards and Technology (NIST) is releasing a new guidebook for companies, big and small, on how to secure their businesses from cyber attacks.
“Unfortunately, many organizations limit security responsibilities to designated security personnel that perform specialized security functions. But effective security must be enterprise wide, involving everyone in fulfilling security responsibilities,” NIST stated in the publication.
The key takeaways from NIST’s report are:
- Always exercise caution and fully understand your role
- Know how to handle, control, store, transfer and dispose of important information
- Limit access to documents and programs
- Use encrypted, complex passwords and multi factor authentication
- Follow your organization’s security procedures
Cyber attacks are everyone’s concern
NIST’s guidebook offers advice on the role of various company departments and what they should do to prevent cyber attacks.
It emphasizes the need for every employee, no matter their role, to be involved in creating a safe and secure environment, stating that data clearly shows that employees are the greatest vulnerability of any organization
The report notes that, “individuals across many levels of an organization have damaged their organization’s brand and reputation, and even lost their jobs or ruined their careers when cyber exploitations have occurred.”
The guidebook breaks down into seven categories based on various company departments, outlining what each team is responsible for when it comes to cyber security.
It covers the following roles:
- Leadership, planning, and governance
- Sales, marketing, and communications
- Facilities, physical systems, and operations
- Finance and administration
- Human resources
- Legal and compliance and;
- Information technology
The key to creating a safe and secure business, said NIST, is starting from the top down, company leaders need to create a cyber secure culture by developing awareness, implementing training programs and creating company-wide policies.
It emphasizes the need to stay aware of the changing landscape, including changing government policies, noting the recent implementation of the European Union’s General Data Protection Regulation (GDPR).
As IT World Canada reported, even the Canadian federal government is recognizing the need for businesses to improve cyber security practices, updating its national cyber security strategy earlier this year.
NIST emphasized the importance for all organizations to heed cyber secure practices. “Even those entities that do not maintain a robust technology environment must still operate in a world that depends on information and operation systems, and the humans that own, manage, and use those systems.”