The National Institute of Standards and Technology (NIST) has developed a standard framework designed to reduce cybersecurity risks to critical infrastructure, including ERISA employee benefit plans.
The NIST cybersecurity framework includes the following five components:
1. Identify cybersecurity risks.
The weakest cybersecurity links can present the greatest risks. Often the weakest link is employees who haven’t been properly trained in how to handle sensitive data or who are careless in handling this data.
2. Protect sensitive data.
This starts with creating a culture of awareness within your organization about the importance of data security. Ideally, data protection will incorporate both technology solutions such as encryption and human solutions such as ongoing training in how to handle sensitive data.
3. Detect data breaches.
This is critical given the fact that experts say cyberattacks aren’t a matter of if, but when. Perform penetration testing before an attack happens so you’ll be able to detect one when it occurs.
4. Respond to cyberattacks.
Your framework should detail specifically what your organization’s response to a cyberattack will be in order to minimize any damage from the attack.
5. Recover from cyberattacks.
The framework should also detail how your organization will recover from any damage that does occur from a cyberattack.