Real World Risk Management Practical HR Resources
Are you a new user?


New NIST Guidance: How Does It Help Against Cybercriminals?

The National Institute of Standards and Technology (NIST) recently published new draft guidance to help organizations defend against, manage, and recover from a ransomware attack.

The draft guidance, The Cybersecurity Framework Profile for Ransomware Risk Management, is intended to be used with the NIST Cybersecurity Framework as well as other guidance from NIST, the Department of Homeland Security, and the Federal Bureau of Investigation. Organizations can use the draft guidance to improve their risk postures or implement a risk management framework that includes addressing ransomware. Planning can also help organizations that fall victim to a ransomware attack recover more quickly.

A revised copy of the draft guidance will be released based on feedback received before July 09, 2021. A second commentary period will occur before the final document is published. Sarah Coble "NIST Publishes Ransomware Guidance" (Jun. 22, 2021).



The NIST’s new ransomware draft Guidance recommends that organizations do the following:

  • Keep computers fully patched
  • Install antivirus software
  • Block access to sites known to contain ransomware
  • Only allow the use of authorized apps
  • Conduct automatic scans of emails and flash drives
  • Restrict the use of personal devices
  • Limit accounts with administrative privileges
  • Prohibit personal apps
  • Provide security awareness training to employees to teach them about the danger of opening files or clicking on links in emails sent from an unknown source
  • Develop an incident recovery plan and a comprehensive backup and restoration strategy and
  • Maintain a list of internal and external ransomware attack contacts that is kept updated.
Finally, your opinion is important to us. Please complete the opinion survey:

Lax Password Practices Continue To Put Employers At Risk

Employees continue to ignore best practices for protecting and selecting passwords. What can be done to change the pattern?

read more

Employee Training Continues To Be The Best Medicine For Ransomware Exposure Prevention

A recent cybersecurity report shows how ransomware has become the most significant malware threat. Read how employee training is your best prevention tool.

read more

The Right And Wrong Way To Monitor Employee Internet Use

A recent announcement creates controversy over privacy rights. Employers often use technology to monitor employees. However, they must do so wisely. Read more.

read more

Why Implementing "Zero-Trust Principles" Can Help Prevent Credential Hijacking

With cybercriminals relying less on malware, organizations must protect their networks, devices, and data with zero-trust security. Learn more.

read more