10/01/2020

COVID-19 Made a NIST Cybersecurity Framework More Critical for Ohio Businesses

Insights from OSAE Member thinkCSC

In 2018, Ohio implemented the Ohio Data Protection Act. The Act is a comprehensive measure that allows businesses to limit their liability in the event of a data breach. They do this by having a NIST cybersecurity framework in place. COVID-19 may have disrupted your organization’s plans to meet these standards. Yet, the pandemic also revealed serious gaps in security. These gaps make a comprehensive cybersecurity framework essential. If you have yet to establish your framework, or revisit it based on the changes your company has experienced because of the pandemic (like supporting a remote workforce), we urge you to consider prioritizing your cybersecurity strategy before it’s too late.

The Ohio Data Protection Act

As a refresher, the Ohio Data Protection Act provides businesses that store or transmit personal information a safe harbor in the event they experience a breach. However, you can only qualify if you follow the NIST cybersecurity framework. This act is a significant step forward for all organizations interested in limiting their liability should a data breach occur. It offers clear steps to organizations on what they must do to qualify for safe harbor under the act. With or without a pandemic, minimizing risk of liability while simultaneously establishing better protocols to protect your customers and your data is a win-win.

Principals of a NIST-based Cybersecurity Network

The threat landscape continues to grow more complex. As a result, cyberattacks are more sophisticated than ever. New threats are discovered daily. The NIST framework is designed to help you have a comprehensive cybersecurity strategy in place to protect your organization, your people, your data and your members.

Please select this link to read the complete blog post from OSAE Member thinkCSC.