Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

How Does the NIST Small Business Security Act Affect Your SMB?

By Heather Paunet
small business cyber
February 7, 2019

2018 brought a lot of change to small business. In the wake of many new cybersecurity threats and breaches, the National Institute of Standards and Technology (NIST) Small Business Cybersecurity Act was passed into law in August 2018, and it requires NIST to provide cybersecurity resources to small and medium-sized businesses (SMBs) to help protect them against future problems.

With the exponential increase in cyberattacks, it is great to see a continued investment in cybersecurity initiatives. Small businesses are not immune to threats and are often not equipped with the IT resources or personnel to protect their networks. The NIST Small Business Cybersecurity Act will provide SMBs with a simplified cybersecurity framework as a starting point for any efforts to protect their businesses from threats.

What is NIST?

NIST is a United States government agency, under the Department of Commerce, that promotes industry competitiveness in all nationally important areas, from communications and cybersecurity to advanced manufacturing and disaster resilience. NIST provides standards and guidelines for the federal government. The Small Business Cybersecurity Act is based on NIST’s Framework for Improving Critical Infrastructure, which provides standards and best practices to protect the nation’s critical infrastructure. This framework, launched in 2014, is also voluntary, but it provides organizations a simple methodology to identify, assess and manage cybersecurity risks. By taking the same simple approach from the framework, the Small Business Cybersecurity Act provides small and medium businesses a simple risk assessment to understand where their vulnerabilities lie, and which actions to take to fix those vulnerabilities.

Why Is This Good News for SMBs?

Small and medium businesses are just as likely to be targeted by hackers as large enterprises and corporations. However, due to their size and limited budgets, they often lack the IT expertise and resources to adequately protect their networks and employees. This new framework will provide SMBs a variety of resources to help them understand the evolving cybersecurity risks, including worksheets and best practices for basic security measures and tools they can implement, as well as methodologies to educate and train employees on cyberthreats and various attack vectors so they can adequately identify and stop attacks. The law also specifies that NIST must provide resources specifically for SMBs in any industry with any type of data or devices in their networks and be technology-neutral.

Many small businesses may not even realize that their data is at risk. SMBs utilizing third-party vendors to manage their networks and data may assume they are not responsible in the event of a breach. However, the authorities and governing bodies will hold the business owner responsible for any breach, no matter who’s fault it was. With third-party breaches taking over the news recently, it is crucial for SMBs of any industry and size to take cybersecurity very seriously and put the right tools in place to protect their network, data and customer information. This new NIST framework will help SMBs take note of the risks third-party vendors can bring, educating business owners to take their time when selecting one.

What Does This Mean for Customers?

Customers of SMBs that implement the NIST Small Business Cybersecurity Act can breathe a sigh of relief knowing that their data is being proactively protected from hackers. Customers may take note of businesses that are not doing enough to protect their personal data, and may start shopping and utilizing companies that do take cybersecurity protection seriously.

As more and more companies experience large-scale breaches, customers are increasingly becoming savvy to which organizations are protecting their data. Companies that aren’t taking adequate measures may come under fire and be less appealing to customers.

Here's What SMBs Should Know:

This framework will be a great resource for SMBs to compare their current network security protection (or lack thereof) to and see what additional security measures they should implement or consider. Since this framework is only voluntary and not required, it may be that not enough small businesses utilize these resources. If more and more breaches are to occur, specifically targeting SMBs, we may see NIST take action and make this framework into a standard that companies must abide by or face penalties.

What Does This Mean for Vendors’ SMB Security Solutions?

Since the framework will not specify security solutions, each security provider will need identify how their solutions fit into the NIST guidelines. Compliant companies are likely to tout their solutions as being in line with NIST recommendations, which will be a key indicator for SMBs as they look for credible solution providers.  SMBs should take their time and research options before selecting a vendor to work with. Vendors that specifically cater to SMBs are often more keenly aware of the needs of SMBs and often provide affordable, flexible solutions that simplify complex cybersecurity issues.

The NIST Small Business Cybersecurity Act is a step in the right direction as we continue to encounter an increasingly diverse and rapidly changing threat landscape. Small businesses are particularly susceptible. It’s increasingly important that we offer them more guidance and options for security – and potentially more regulations to protect their customers – in the future. While this law only instructs for the creation of information at this point, this information can be vital to small businesses who have previously lacked the basics to properly protect their company and customers. 

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

 

KEYWORDS: cyber risk management NIST cyber security framework security compliance security framework small and medium business (SMB) security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Heather Paunet is the Vice President of Product Management at Untangle, responsible for building the right products for customers, taking into account customer needs and market trends. She has over 15 years’ experience driving the development and go-to-market of software solutions. Prior to joining Untangle, she held product leadership roles at Cisco Systems, and was Vice President of Product at various high-tech security and networking companies in the Silicon Valley. She has a Bachelor of Science in Computer Engineering and spent the first few years of her career as a software engineer.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Security’s 2025 Women in Security

Security’s 2025 Women in Security

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber7-900px.jpg

    House Approves the NIST Small Business Cybersecurity Act

    See More
  • cyber 2 feat

    How Does the "Heartbleed" Vulnerability Affect You?

    See More
  • surveillance responsive default security

    How Does AI Affect License Plate Recognition?

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!