Can NIST cybersecurity compliance help your business?
NIST Cybersecurity Compliance
What it is:
The National Institute of Standards and Technology (NIST) published several cybersecurity frameworks to allow for a standardized approach to cybersecurity which could apply to businesses of any size, including small and mid-sized businesses.
How might it be important?
Businesses who possess or deal with sensitive information - patient records and claims, personnel and payroll records, insurance information, HR information on employees. This information is routinely stolen or held for ransom.
HR and benefits consulting firms - this information is sensitive and valuable.
Manufacturers who are government subcontractors must be NIST 800-171 compliant or they are subject to the termination of their contracts…loss of this net income could be catastrophic.
Manufacturers who are not subcontractors - loss or theft of a manufacturer’s “secret sauce” (proprietary processes, ISO procedures, etc.) is acknowledged by the FBI and others to be the single biggest risk facing manufacturers.
Oil and Gas and energy - energy firms possess land management, prospecting, drilling, and production information which is valuable if stolen. If damaged permanently or temporarily it can have a disastrous impact.
Education - education is subject to Federal Education Rights and Privacy Act (FERPA) for the protection of student information and institutions and their service providers are expected to exercise due care in protecting personally identifiable information. NIST cybersecurity frameworks give guidance and structure to assist in this effort.
In short the NIST cybersecurity frameworks are valuable tools to evaluate and standardize information security. Even those organizations who are not legally bound to follow NIST frameworks can benefit via vastly improved security.
