Sam DeLucia
Senior Manager | Risk Advisory Services
Using the NIST CSF Checklist to Assess the Cybersecurity of Your New Workforce Models
For virtually all employers, business continuity and survival have become a function of trying to reorganize people and processes into new workforce models, using technology as a common denominator to maintain some semblance of normality.
Today, employees may spend their entire day working remotely from home, in the office in some sort of flexible arrangement relative to workhours or shifts, delivering forty hours a week onsite just like before the pandemic, or more likely, some combination of all of these models.
While this patchwork solution may be sufficient and functional, it has created opportunities for cyber-attackers who are having a field day exploiting new weaknesses in cyber defenses at all access points in new digital infrastructures and ecosystems arising out of a need to respond to COVID-19.
Interpol tells us that cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defenses might be lowered due to the shift of focus on the health crisis. They cite three main threats that are increasing more than ever before: malicious domains, malware and ransomware.
While the news may appear bleak, you have opportunities to defend your company that go beyond those you used before the pandemic.
Using the NIST CSF Checklist to Assess Cyberthreats, Weaknesses Best Practices in the New Normal
There is a self-assessment tool you can employ to evaluate your cyber defenses, policies processes, procedures and technologies against the four different workforce models – the NIST Cybersecurity Framework (CSF).
The NIST CSF is a collection of cybersecurity best practices, guidelines and industry standards that will facilitate your ability to communicate and discuss cybersecurity outcomes and activities across the firm from the executive level to employees and even vendors. At Freed Maxick, our Cybersecurity Team uses the NIST CSF to deliver a high-level, strategic view of the life cycle of our clients’ management of cybersecurity risks. It is an effective tool for providing a common language that allows staff at all levels within an organization—and at all points in a supply chain—to develop a shared understanding of their organization’s cybersecurity risks.
The NIST CSF is organized by five key function areas (Identify, Detect, Protect, Respond, and Recover) and further divided into 23 categories and 108 subcategories. Our guidance to organizations of all types and sizes is simple and direct: while in the past you may have used a checklist like NIST to assess an on-site/in office work model, today, you need to apply that same assessment and criteria against each of the different workforce models your organization may be using.
The Freed Maxick Cybersecurity Team is pleased to provide a complimentary assessment tool, “Assessing the Impact of Covid-19 on Your Cybersecurity” that’s designed to help executives and managers – particularly those without a deep IT background – understand the risks your organization faces. It’s the first step in a process that can save your organization from significant damage related to cybertheft.
You can get the free assessment tool here.
Additional Resources and Information from the Freed Maxick Cybersecurity Team
Freed Maxick’s Cybersecurity Team provides remote work cybersecurity best practices service to businesses of all sizes and types relative to monitoring, assessment and remediation of cybersecurity threats and incidents.
We are particularly well suited to help you with your cybersecurity concerns and issues related to effects of Covid-19 upon your entire digital ecosystem.
To learn more about what we do and how we can help your for profit or not for profit organization, visit our website or contact Sam DeLucia, Senior Manager at 585.360.1405 or Samuel.delucia@freedmaxick.com.