NIST release new guidebook about keeping your company safe from cyber attacks

During a year when cyber security has been a concern for everyone from the Canada Revenue Agency, to the FIFA World Cup, its safe to say that it’s on the forefront of everyone’s mind.

The National Institute of Standards and Technology (NIST) is releasing a new guidebook for companies, big and small, on how to secure their businesses from cyber attacks.

“Unfortunately, many organizations limit security responsibilities to designated security personnel that perform specialized security functions. But effective security must be enterprise wide, involving everyone in fulfilling security responsibilities,” NIST stated in the publication.

The key takeaways from NIST’s report are:

  • Always exercise caution and fully understand your role
  • Know how to handle, control, store, transfer and dispose of important information
  • Limit access to documents and programs
  • Use encrypted, complex passwords and multi factor authentication
  • Follow your organization’s security procedures

Cyber attacks are everyone’s concern

NIST’s guidebook offers advice on the role of various company departments and what they should do to prevent cyber attacks.

It emphasizes the need for every employee, no matter their role, to be involved in creating a safe and secure environment, stating that data clearly shows that employees are the greatest vulnerability of any organization

The report notes that, “individuals across many levels of an organization have damaged their organization’s brand and reputation, and even lost their jobs or ruined their careers when cyber exploitations have occurred.”

The guidebook breaks down into seven categories based on various company departments, outlining what each team is responsible for when it comes to cyber security.

It covers the following roles:

  • Leadership, planning, and governance
  • Sales, marketing, and communications
  • Facilities, physical systems, and operations
  • Finance and administration
  • Human resources
  • Legal and compliance and;
  • Information technology

The key to creating a safe and secure business, said NIST, is starting from the top down, company leaders need to create a cyber secure culture by developing awareness, implementing training programs and creating company-wide policies.

It emphasizes the need to stay aware of the changing landscape, including changing government policies, noting the recent implementation of the European Union’s General Data Protection Regulation (GDPR).

As IT World Canada reported, even the Canadian federal government is recognizing the need for businesses to improve cyber security practices, updating its national cyber security strategy earlier this year.

NIST emphasized the importance for all organizations to heed cyber secure practices. “Even those entities that do not maintain a robust technology environment must still operate in a world that depends on information and operation systems, and the humans that own, manage, and use those systems.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Meagan Simpson
Meagan Simpson
Meagan Simpson is a Jr. Staff Writer for IT World Canada. A graduate of Carleton University’s journalism program, she loves sports, travelling, reading and photography, and when not covering tech news she can be found cuddled up on the couch with her cat and a good book.

Related Tech News

CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.