- January 13, 2021
-
Georg Dauterman
- 3 min
How can a small business differentiate itself to create a competitive advantage? Depending on your industry, the answer may seem unlikely at first: adopt and implement a security framework.
A cybersecurity framework is the starting point in creating a plan to mitigate risk, align your technology with business processes and policies, and quickly respond to an incident with minimal interruption to operations. It’s a competitive advantage because it allows you to meet or exceed any regulations you or your customers may be subject to, and likely in a way that is faster and more transparent than your competition.
The current risk environment dominated the news over the past several months, covering high-level breaches of large companies like SolarWinds and even cybersecurity companies such as FireEye. Risks are on the rise, more regulations are on the way, and now is the time to align your business with industry regulations.
NIST Cybersecurity Framework
Many US-based businesses follow the NIST Cybersecurity Framework, also known as NIST CSF, a scalable, policy-based system meeting or exceeding most compliance needs, including ones related to the NY Shield Act, California’s Customer Privacy Act (CCPA,) and HIPAA.
Established regulations offer specific protections based on industry or location, and NIST CSF handles many needs out-of-the-box. Many apply to businesses that merely have customers in a particular state. Adhering to NIST CSF helps cover needs you may not be aware of.
The real competitive advantage comes from three areas:
- Providing robust, comprehensive security attestations (proof) for customers and prospects
- Delivering attestations more quickly for faster go-to-market strategies without having to rewrite them with each effort
- Demonstration of awareness and expertise, especially when serving regulated industries or customers concerned with cybersecurity
Ultimately, you are attesting to the accuracy and enforcement of your compliance-related efforts, improving security for your business and customers, and making it easier to respond to customers with compliance needs faster than your competition. It’s an advantage that becomes more apparent when you begin reviewing contracts, master service agreements, and other documents that contain previsions to safeguard data.
Adopting NIST CSF Within Your Business
Cybersecurity frameworks offer small businesses many benefits but putting one in place can be a challenge. Having a starting point makes any process easier, and I suggest you:
- Review your current written policies if you have any, asking yourself if they apply to your business’s needs and can be executed effectively when necessary
- Review what your clients have asked for over the past two years. If they haven’t, is there a specific reason why?
- Review the data you’ve received from customers over the past two years and question how you would classify it i.e., personal vs. non-personal information
- Ask your partners about their own cybersecurity needs and program
Most importantly, work with a partner that offers cybersecurity programs and training designed for your industry to implement a NIST CSF program within your business. Combine their expertise with your industry knowledge to build a comprehensive program that protects both you and your customers.
Adopting a cybersecurity framework is a complex, and ongoing, endeavor that is well worth the effort that will pay off in dividends as your approach to security translates into an advantage over your competition.
