Charlotte, NC – A new federal law is expected to bring “clear and concise” resources to help small businesses protect against the growing threat of cyber attacks.
Signed on Aug. 14, the NIST Small Business Cybersecurity Act requires the National Institute of Standards (NIST) to “disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.”
The law requires NIST to provide such material within one year and is being cheered by security advocates in the small business community.
“Small businesses run the greatest risk of a cyber attack permanently closing their doors. They need help, but the best security frameworks are intended for huge enterprises. Small companies do not have the resources needed to bring them to life nor the expertise needed to translate them into smaller, practical controls,” said Ben Yarbrough, CEO, Calyptix Security.
“This law is a welcome step toward helping small businesses – a pillar of our economy – protect against the growing threat of cybercrime. Knowing the guidance will come from NIST lends it the highest level of credibility. We very much look forward to seeing the resources and their effect on the standard of security throughout the country.”
Within its library of national standards, NIST publishes and maintains cyber security standards for protecting federal information systems (NIST SP 800-53) and non-federal systems (SP 800-171). They are among the most widely used security frameworks worldwide.
The NIST Small Business Cybersecurity Act also sets requirements for the resources, stating that they shall:
The law also stipulates the resources are to be made publicly available online, that their use is voluntary, and they must be reviewed and updated as necessary.
Calyptix Security helps small and medium-size businesses secure their networks so they can raise profits, protect investments, and control technology. The company’s flagship product, AccessEnforcer UTM Firewall, makes it easy to protect SMB networks so companies can forget about security and focus on winning. Developed, built, and serviced in the U.S., AccessEnforcer is a flexible solution for MSPs and VARs to deliver security that keeps clients safe and saves time.