The 5-Step Approach

Cybersecurity for your business is not only about adding layers of security technology. It starts with understanding and managing your cybersecurity risks. The 5-Step Approach to Better Business Cybersecurity, based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, represents an approach that applies to the specifics of your business, helping you understand how best to identify and protect your business’s vital data and technology assets, and how to detect, respond to and recover from a cybersecurity incident.

This training program is a collaboration between BBB and the National Cyber Security Alliance (NCSA). The goal of this approach is to empower SMB owners and principals to begin to assess what business assets need to be protected from cyber attacks and encourage them to make their business more resistant to cyber attacks or other incidents, and more resilient if an incident occurs.

Step 1: Identify
Take inventory of key technologies you use and know what information you need to rebuild your infrastructure from scratch. Inventory the key data you use and store and keep track of likely threats.

Step 2: Protect
Assess what protective measures you need to have in place to be as prepared as possible for a cyber incident. Put protective policies in place for technologies, data and users, and ensure that your contracts with cloud and other technology service providers include the same protections. 

Step 3: Detect
Put measures in place to alert you of current or imminent threats to system integrity, or loss or compromise of data. Train your users to identify and speedily report incidents.

Step 4: Respond
Make and practice an Incidence Response Plan to contain an attack or incident and maintain business operations in the short term.

Step 5: Recover
Know what to do to return to normal business operations after an incident. Protect sensitive data and your business reputation over the long term.

The 5-step approach follows guidance from the “Framework for Improving Critical Infrastructure Cybersecurity” Version 1.0, National Institute of Standards and Technology, February 12, 2014.

For additional resources see: and

About The National Cyber Security Alliance
The National Cyber Security Alliance (NCSA) is the nation's leading nonprofit public-private partnership promoting the safe and secure use of the Internet and digital privacy. NCSA leads initiatives for STOP. THINK. CONNECT., Data Privacy Day, and National Cyber Security Awareness Month. For more information on NCSA, please visit