Complete Story


COVID-19 Made a NIST Cybersecurity Framework More Critical for Ohio Businesses

Insights from OSAE Member thinkCSC

In 2018, Ohio implemented the Ohio Data Protection Act. The Act is a comprehensive measure that allows businesses to limit their liability in the event of a data breach. They do this by having a NIST cybersecurity framework in place. COVID-19 may have disrupted your organization’s plans to meet these standards. Yet, the pandemic also revealed serious gaps in security. These gaps make a comprehensive cybersecurity framework essential. If you have yet to establish your framework, or revisit it based on the changes your company has experienced because of the pandemic (like supporting a remote workforce), we urge you to consider prioritizing your cybersecurity strategy before it’s too late.

The Ohio Data Protection Act

As a refresher, the Ohio Data Protection Act provides businesses that store or transmit personal information a safe harbor in the event they experience a breach. However, you can only qualify if you follow the NIST cybersecurity framework. This act is a significant step forward for all organizations interested in limiting their liability should a data breach occur. It offers clear steps to organizations on what they must do to qualify for safe harbor under the act. With or without a pandemic, minimizing risk of liability while simultaneously establishing better protocols to protect your customers and your data is a win-win.

Principals of a NIST-based Cybersecurity Network

The threat landscape continues to grow more complex. As a result, cyberattacks are more sophisticated than ever. New threats are discovered daily. The NIST framework is designed to help you have a comprehensive cybersecurity strategy in place to protect your organization, your people, your data and your members.

Please select this link to read the complete blog post from OSAE Member thinkCSC.

Printer-Friendly Version