Burr Alert: Cybersecurity Best Practices Based on NIST Cybersecurity Standards and FTC Enforcement Actions

Articles / Publications

The National Institute of Standards and Technology ("NIST"), an agency within the U.S. Department of Commerce, has produced a number of detailed standards for various aspects of information security. These standards outline baseline information security controls and represent best practices that assist organizations in identifying, protecting, responding to, and recovering from cybersecurity risks. Additionally, the Federal Trade Commission ("FTC") has posted complaints, consent agreements, public statements, and business guidance brochures to provide guidance to companies about the FTC's standards for reasonable and appropriate data security practices, in relation to the FTC's Section 5 power to prohibit "unfair or deceptive acts or practices in or affecting commerce."

Taking the NIST's standards and the FTC's posted enforcement actions together, the following guidelines are some cybersecurity best practices:

1) Security. Start with Security. Don't collect personal information that you don't need. Hold on to information only as long as you have a legitimate business need. Don't use personal information when it's not necessary. Make sure your service providers implement reasonable security measures. Insist that appropriate security standards are part of your contracts, and verify compliance, including through cybersecurity audits of third-party providers.

Update and patch third-party software. Act on credible security warnings, and move quickly to fix them. Securely store sensitive files, e.g., do not keep them in an open and easily accessible area. Protect devices that process personal information, e.g., securing PIN entry devices that may be vulnerable to tampering and theft. Dispose of sensitive data securely. If it is paper, shred it. If it is electronic information, make sure the documents are deleted to the point that they are unreadable and unable to be reconstructed.

Download the full article, "Burr Alert: Cybersecurity Best Practices Based on NIST Cybersecurity Standards and FTC Enforcement Actions" written by Elizabeth Shirley.

Burr
Jump to Page

Contact Us

About Burr & Forman Cybersecurity & Data Privacy Law

Burr & Forman's experienced team helps clients navigate the complex cybersecurity and data privacy landscape with strategies designed to assess current risks, develop a corrective action plan, implement best practices, and provide immediate and appropriate responses to a cybersecurity breach.

We use cookies to improve your website experience, provide additional security, and remember you when you return to the website. This website does not respond to "Do Not Track" signals. By clicking "Accept," you agree to our use of cookies. To learn more about how we use cookies, please see our Privacy Policy.

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.


Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.