The COVID-19 crisis has shown — among so many other things — that our modern, day-to-day business is as adaptable as it is vulnerable. Different times call for different measures, and many companies are showing that they’re willing and able to adapt to wildly different working conditions than they’re used to.
Nobody knows how this will end. But even so, there are still steps you can take today to mitigate the damage to your business. And that starts with implementing the kind of security solutions that the new situation demands, with the help of 3 essential NIST resources covering business contingency planning, ensuring remote work security and protecting private information.
Why Are NIST Guides Helpful for Business Planning and Recovery?
As part of its library of cybersecurity framework (CSF) resources, the National Institute of Standards and Technology (NIST) includes a huge variety of documents designed to help organizations overcome common but sophisticated security risks. From protecting your critical infrastructure from natural disasters to ensuring cybersecurity for your virtual network, these documents offer specific guidance and workable models you can start using today.
Though designed for federal agencies and the businesses that work with them, the NIST guidelines are useful as comprehensive guides on how to bring any business up to the top level of security and preparedness — which, as the current crisis is revealing, should be more of a priority than ever before.
These free guides can also help you build your own security policies and contingency plans to allow people to work from home while keeping privacy as protected as possible. Use them to help bolster your cybersecurity infrastructure to mitigate damage caused by the economic shutdown — and to develop a competitive advantage for facing whatever comes next.
3 Critical NIST Business Planning & Recovery Resources You Should Be Using
1. Business Contingency Planning
The NIST Guide to Industrial Control Systems (ICS) Security offers specific, actionable guidance for establishing secure industrial control systems (ICS), configurations often found in industrial control sectors.
It may be overkill for more modest businesses seeking smaller-scale solutions. But for those looking to dive into business recovery on an industrial scale — including an exhaustive overview of typical topologies and threats — this document is the holy grail, offering ideas and methods for plans on any scale.
2. Ensuring Remote Work Security
NIST’s Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security provides a detailed framework for successfully — and securely — implementing remote access technologies for employees, contractors, business partners, vendors and other associates.
With most businesses now working virtually, the security of all those external networks should be top of mind. Yet the change came so quickly that that data protection may not have caught up. It’s an understandable oversight, but one that needs to be amended asap — and this NIST guide can provide a valuable blueprint for that process.
3. Protecting Private Information
The Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) provides guidance for protecting against theft, blackmail or other similar damage caused by the loss of sensitive data.
Published in 2010, this one’s an oldie but goodie, offering an exhaustive system of PII assessment and use — including when to audit events, determining context of use, and how to evaluate the sensitivity of each type of data. This is a kitchen-sink, line-by-line takedown of how to protect every last bit of personal data you encounter.