The National Institute of Standards and Technology Cybersecurity Framework—NIST Cybersecurity Framework for short—is a set of best practices to help companies better identify, detect, and respond to cyberattacks. While the framework was intended to be used by internal IT teams, its five major themes—identify, protect, detect, respond, and recover—can be used to create a handy network security assessment tool for MSPs.
Below, we’ve broken down each category into relevant questions you can ask your clients to assess their current network security practices. If they receive a check mark for every question, they’re in great shape! If they’re missing any, that’s where you can step in to help close any outstanding gaps, and really up your reputation as a proactive MSP!
1. NIST Cybersecurity Framework – Identify
Identification is about knowing what’s out there—including using network visibility to inventory and document everything, including people and physical assets like PCs, mobile devices, switches, firewalls, and more.
- Who has access to the network? Any given client will have in-office employees, remote workers, independent contractors, office visitors, and more with some level of access to the network and the sensitive data stored on it. Every user should be accounted for and assigned appropriate levels of access based on their position, and inactive accounts should be shut down.
- Are all network devices accounted for? Unknown and unsecured devices—like hidden switches, private access points, and IoT devices—is an easy attack vector for cybercriminals, and you may not see them all just by looking. Old devices that were decommissioned but left connected to the network also pose a unique risk. Since a device still has a digital pulse and hasn’t been patched or upgraded in some time, hackers can enter the network through them without being noticed
- Are any devices using default credentials? When your clients’ login credentials and SNMP strings are left unchanged from device defaults, all a hacker needs to do is look up the default password for a device’s configuration header. When they plug that in, they get full access to the rest of the network.
- Is software and firmware up to date across devices? As network device vendors issue vulnerability warnings for software and firmware versions, your clients need to identify any devices that are at risk and update them to the most recent version. If a bug goes unnoticed, it will create a huge vulnerability and leave a device open to manipulation. Remote management is a killer way to keep on top of this!
2. NIST Cybersecurity Framework – Protect
Protection includes developing and implementing safeguards to prevent a potential security breach and ensure the delivery of business-critical services.
- Are users sharing accounts? With 81% of hacking-related breaches taking advantage of weak or stolen passwords, this is a bad habit your clients need to nip in the bud by requiring individual user accounts for every employee.
- Is two-factor authentication enabled? If an authorized user’s password is compromised through sharing, guessing, or phishing, two-factor authentication will force an app or website to send a push notification to the actual user through another channel. If it’s them, they can confirm it’s them. If not, they can deny it. Talk about a lifesaver. This is the first step in moving toward a zero trust security posture.
- Are email filters in place? 1 in every 99 emails is a phishing attempt, meaning every employee receives an average of 4.8 phishing emails every work week. If every fraudulent email makes it into an inbox, all it takes is one click to compromise the network. With 30% of phishing emails making it past default security, implementing extra spam filters can help.
- Are employees receiving security training? 30% of phishing emails are opened by users, and 12% of those users will click on a malicious attachment or link in the email. In general, 90% of data breaches are caused by human error. If employees aren’t receiving regular training about security best practices, the likelihood that your client becomes a statistic increases.
3. NIST Cybersecurity Framework – Detect
Detection covers your client’s ability to identify a cybersecurity incident.
- Is security software installed and up to date? Anti-virus, anti-spyware, and anti-malware software are designed to help your clients detect and respond to unusual or malicious activity on the network. If they haven’t installed software—or haven’t updated it to its latest version—they’re a step behind any cybercriminal who successfully breaches their network.
- Are audit logs being monitored? Audit logs will show you a history of all remote terminal and tunnel connections—including inbound and outbound, successful and unsuccessful—that have been established on the network. By checking audit logs, you can ensure only authorized users are connecting to the network.
4. NIST Cybersecurity Framework – Respond
Response is about taking action when a cybersecurity incident is detected.
- Does your client have a plan to handle a security breach? As the number of security breaches year over year continue to skyrocket, companies who aren’t prepared will suffer severe consequences. To fight back, they need an effective incident response plan that outlines all of the steps they need to take as soon as a security threat is identified.
5. NIST Cybersecurity Framework – Recover
Piggybacking off of the last step, recovery is about minimizing downtime—and expenses—for your client if a security breach happens.
- Do they have full backups of important business data and device configs? If your client experiences a cyberattack, you’ll need to reset their system and its devices to the most recent configurations before the attack. To do so, your clients need their network configs and data backed up every time a change is made and stored in a version index.
- Do they have cyber insurance? Even after your client takes as many precautions as possible, they still may experience a security breach of some kind. It’s important to have some safety nets—like cyber insurance—in place so a breach doesn’t signal the end of your client’s business.
- Can their processes, procedures, and technologies be improved? If your client hasn’t checked each box in this blog post, it’s safe to say “Yes, my client’s processes, procedures, and technologies can be improved.” Where do you start? That’s up to you.
Want to take a deeper look into the NIST Cybersecurity Framework and bulk up your network security assessment? Check out NIST’s Framework for Improving Critical Infrastructure Cybersecurity.
Auvik’s powerful features can help your clients at every step in the NIST assessment. From network visibility, to real-time alerts, to automated backups.
Very informative, well written article. Thank you!