Meet the NIST Cybersecurity Framework Protect function

Maximizing cybersecurity is a top priority for businesses of all sizes. But as larger organizations leverage their big budgets and robust in-house IT teams to protect themselves, small and medium-sized businesses have become a favorite target of cybercriminals.

Fortunately, the National Institute of Standards and Technology (NIST) developed the Cybersecurity Framework, which gives businesses a clear, structured approach to managing and mitigating risk.

The Cybersecurity Framework is structured around five primary functions: Identify, Protect, Detect, Respond, and Recover. Each represents a category of activities that are essential for a comprehensive cybersecurity program. In our last webinar, we focused on the Identify function. Now, we’re turning our attention to the Protect function, and its processes for securing your organization’s valuable assets and critical operations.

The Protect function is designed to help you avoid – or at least limit the impact of – a cybersecurity issue, mitigate your overall risk, and ensure the continuity of your business. We can break down the function’s recommendations into six main categories, each with relevant activities. Let’s take a look at what each entails.

Identity Management, Authentication, and Access Control

Ensuring only authorized people can access your systems and data is fundamental to your cybersecurity posture. Strong processes, such as multi-factor authentication, and regular reviews of who is able to access your systems are essential practices in this category. Key activities include:

• Issuing, managing, verifying, revoking, and auditing credentials for all devices, users, and processes
• Managing remote access
• Protecting network integrity through network segregation or segmentation - security techniques that restrict access to sensitive data and services

Awareness Training

Plenty of cybersecurity incidents are the result of human error. According to Verizon’s 2023 Data Breach Investigations Report (DBIR) 74% of incidents stem from some human element. Educating your team about risks and best practices through regular training sessions, phishing simulations, and clear communication of your security policies can help create a culture of security awareness. Key activities here include:

• Ensuring your entire team is informed, trained, and consistently updated
• Educating all users on their specific security roles and responsibilities
• Holding third parties, like suppliers, accountable for meeting your security standards

Data Security

Taking measures to secure the confidentiality, integrity, and availability of your data is critical. Encryption, data masking, and regular backups are all vital practices. Activities in this category include:

• Maximizing protections for “data at rest” – anything stored on your devices or servers
• Maximizing protections for data in transit – anything being transmitted between two systems or devices (like email)
• Implementing mechanisms that verify the integrity of software, firmware, and information

Information Protection Processes

This category involves establishing and maintaining policies and procedures for information protection. The goal is to ensure consistent implementation of security measures across your organization. Regularly updating your security policies, conducting security audits, and keeping an accurate inventory of your assets are all best practices in this area. Key activities include:

• Creating and updating a baseline configuration of your entire IT system
• Initiating control processes for all configuration changes
• Communicating the strength and effectiveness of your protection processes with appropriate parties – like customers

Regular Maintenance

Keeping your systems and hardware up to date is crucial to ensuring your security measures are always as effective as possible. Scheduling regular maintenance, installing patches as soon as they’re available, and keeping a log of all maintenance activities are good habits to form. Other key activities include:

• Performing and documenting all maintenance and repair of assets
• Using approved and controlled tools for any maintenance and repairs
• Approving and logging any maintenance activities conducted remotely to guard against unauthorized access

Protective Technology

Firewalls, intrusion detection systems, and regular reviews of security logs can all help secure your assets. To ensure these technologies remain effective, it’s important to establish a process to keep them up to date. Other key activities include:

• Documenting and regularly reviewing all logs and records for all systems in accordance with your policy
• Configuring systems to provide only the capabilities that are essential for their function – also known as the “principle of least functionality"

Ready to learn more about protecting your business?

You’re invited to join us on for the next session of our Cybersecurity Webinar Series based on the NIST Cybersecurity Framework, where we’ll be taking a deeper dive into the Protect function. CompassMSP CEO, Ari Santiago, and VP of Sales, Matt Tomlinson, will discuss effective methods for safeguarding your critical assets, measuring your protection levels through a Protect Readiness Health Score, and much more. We hope to see you there!

Protect: Securing Operations and Strengthening Foundations for Business Success.

You're invited to join us on July 25th at 1:00 PM EDT for "Protect: Securing Operations: Strengthening Foundations for Business Success," the third of a series of informative webinars. We'll discuss the current cybersecurity landscape, a roadmap to effective, holistic protection, and much more.