Skip navigation links

Online Safety and Cybersecurity Fundamentals for Small and Medium Sized Businesses

Most plant operations managers are not cybersecurity experts, but can benefit from a basic understanding of cybersecurity risks and mitigation activities. A guidance document provided by NIST, NIST Small Business Information Security: The Fundamentals, provides a thorough and easily readable overview of cybersecurity basics.

As a first step, organizations need to understand their cybersecurity risks, to determine where the organization is vulnerable and may be subject to disruption of systems and processes. Organizations can use helpful checklists from the NIST document, or other cybersecurity assessment tools, to conduct the following activities:

  • Identify what information your business stores and uses.
  • Determine the value of your information.
  • Develop an inventory of technologies used to store and process information.
  • Understand your threats and vulnerabilities.

Once risks are understood, organizations can determine appropriate mitigation activities. Example activities are shown below, grouped into the five broad categories of the NIST Cybersecurity Framework:


Identify and control who has access to your business information Conduct background checks Require individual user accounts for each employee Create policies and procedures for information security.


Limit employee access to data and information Install surge protectors and uninterruptible power supplies (UPS) Patch your operating systems and applications Install and activate software and hardware firewalls on all your business networks Secure your wireless access point and networks Set up web and email filters Use encryption for sensitive business information Dispose of old computers and media safely Train your employees.


Install and update anti-virus, -spyware, and other –malware programs Maintain and monitor logs.


Develop a plan for disasters and information security incidents. RECOVER Make full backups of important business data/information Make incremental backups of important business data/information Consider cyber insurance Make improvements to processes/procedures/technologies.