Charlotte, NC – A new federal law is expected to bring “clear and concise” resources to help small businesses protect against the growing threat of cyber attacks.
Signed on Aug. 14, the NIST Small Business Cybersecurity Act requires the National Institute of Standards (NIST) to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
The law requires NIST to provide such material within one year and is being cheered by security advocates in the small business community.
“Small businesses run the greatest risk of a cyber attack permanently closing their doors. They need help, but the best security frameworks are intended for huge enterprises. Small companies do not have the resources needed to bring them to life nor the expertise needed to translate them into smaller, practical controls,” said Ben Yarbrough, CEO, Calyptix Security.
“This law is a welcome step toward helping small businesses – a pillar of our economy – protect against the growing threat of cybercrime. Knowing the guidance will come from NIST lends it the highest level of credibility. We very much look forward to seeing the resources and their effect on the standard of security throughout the country.”
Within its library of national standards, NIST publishes and maintains cyber security standards for protecting federal information systems (NIST SP 800-53) and non-federal systems (SP 800-171). They are among the most widely used security frameworks worldwide.
The NIST Small Business Cybersecurity Act also sets requirements for the resources, stating that they shall:
- Be applicable and useable by a wide range of small businesses.
- Vary with the nature and size of the business.
- Vary with the sensitivity of the data to be protected.
- Mitigate common risks by promoting awareness of simple, basic security controls, workplace cybersecurity culture, and third-party relationships.
- Include case studies of practical applications.
- Be technology-neutral with ability to be implemented with commercial, off-the-shelf technology.
- Be based on international standards (to the extent possible).
- Be consistent with the Stevenson-Wydler Technology Innovation Act of 1980 and with the efforts of the Director as outlined under section 401 of the Cybersecurity Enhancement Act of 2014.
- To the extent practicable, methods included in the Small Business Development Center Cyber Strategy (as defined in the National Defense Authorization Act for Fiscal Year 2017) shall be considered.
The law also stipulates the resources are to be made publicly available online, that their use is voluntary, and they must be reviewed and updated as necessary.
About Calyptix Security
Calyptix Security helps small and medium-size businesses secure their networks so they can raise profits, protect investments, and control technology. The company’s flagship product, AccessEnforcer UTM Firewall, makes it easy to protect SMB networks so companies can forget about security and focus on winning. Developed, built, and serviced in the U.S., AccessEnforcer is a flexible solution for MSPs and VARs to deliver security that keeps clients safe and saves time.