NIST compliance: it’s just good cybersecurity practice

We all know that cybersecurity risks are not going away. The truth is, they’re only getting worse. Cyber-criminality is an industry, with a lot of money to be made. And as we’ve seen from the news about security breaches lately, they’ll take just about anything they can get their hands on!

The government has a plan!

Hmm…that sounds a little scarier than it is and not completely accurate. The National Institute of Standards and Technology (NIST) is a government agency responsible for maintaining cybersecurity standards for all government agencies. As you may know, they have created a set of standards for non-governmental organizations that handle Controlled Unclassified Information (CUI), NIST 800-171. They’ve created the standards, now you have to create the plan.

What is NIST compliance?

A government regulation called DFARS, Defense Federal Acquisition Regulation Supplement, requires that all organizations doing defense work for the government (using CUI) must implement the requirements of NIST 800-171 by December 31^st, 2017. Many of Connecticut’s manufacturing companies are affected by this requirement and are in jeopardy of losing their government contracts if compliance has not been achieved.

5 Important things to know about NIST 800-171 compliance:

1. It’s not above and beyond what you should be doing; it’s really just cybersecurity best practices.
2. It’s much more than just installing some software: It covers everything from your infrastructure to your personnel, to your physical environment.
3. It requires you to define all of your security processes in one place – creating a solid plan for your organization and your environment.
4. Oversight is a huge component of compliance: keeping track of who’s doing what on which machines, who’s accessing which data, who’s giving others access and when.
5. NIST compliance and a strong security plan will give you a competitive advantage. Before long, companies are going to be asking whether your cybersecurity systems are up to date before agreeing to do business with you. Prospective employees will be asking that too. Individuals and organizations want to know how safe their data will be in your hands. NIST compliance is a great standard to follow to prove you’re a company that can be trusted.

Is it really worth your time and money?

There are two things you need to think about when deciding whether NIST compliance is worth your time and money:

1. What are your government contracts worth and could your company survive without them?
2. Are you really doing enough to keep your customers’ and employees’ personal information safe? Are you protecting your company’s intellectual property, data, and systems from cyber attacks?

There are some major financial and reputation risks to your company if you suddenly find that you aren’t doing enough.

The good, the bad and the ugly

The good – You don’t have to do it alone. If you outsource your IT services, 50% of NIST compliance lands squarely on the shoulders of your provider. Change is hard. Your IT managed services provider can help. Some providers, like IT Direct, even have NIST experts on hand that can help you prepare and walk you through the whole process.

The bad – It can be expensive to have all the tools you need to properly monitor all your systems. This is not to say it isn’t worth it…it’s an investment in the future of your organization.

The ugly – what can happen if you don’t upgrade your cybersecurity is ugly! NIST compliance is a great way, but only one way to ensure that your cybersecurity is up to date and strong enough to handle today’s risks. If you decide NIST compliance isn’t for you, remember that you have to do something. Every company of every size in every sector is vulnerable. Don’t let your organization be the next Equifax, Yahoo, Uber, InterContinental Hotels Group, Verizon, or Deloitte – you might not make it through the aftermath. Make sure you’re prepared.

If you would like more information on cybersecurity or are interested in a compliance assessment for your business, please use the form below to reach out to our team.