Using the NIST Cybersecurity Framework enables your organization to be up to par with the global cybersecurity standard – NIST is recognized as the best practice and has the most detailed set of controls of any framework, so it even allows your organization to plan for incoming blind spots when you expand. This also impacts supplier/vendor and client relationships, as clients look for proper cybersecurity to know that their shipping and payment data are maintained confidential. By ensuring NIST compliance, you open yourself up to more supply opportunities and show these companies that their data can be trusted. Not to mention, the process of becoming NIST Compliant Tier 4 involves almost every aspect of the company and offers new opportunities to collaborate between departments to create a secure environment. Intel learned this in 2015, when creating Framework Profiles for their modified levels of NIST Compliance – they did this by scoring their pilot department on functional areas such as network security, data protection, identity protection, and policy. This process relied heavily on the willingness and openness of both stakeholders and leadership to talk about risk tolerance and strategic risk management. Creating that kind of channel for communication is imperative to maintaining top-level cybersecurity.

As for how I’d use it at a future workplace, I would use it to conduct regular audits of our network security to identify and patch vulnerabilities before they get exploited by potential malicious actors. I’d also use it to enforce proper policies on using devices in the workplace, use Multi-Device Management software to ensure workplace device hardening, create different layers of network security for public/private corporate networks, and run regular training programs to educate employees about best practices.