Within the past couple months, the government has taken big steps towards addressing cybersecurity in the small business sector.
As of August 17, 2018, President Trump has signed the NIST Small Business Cybersecurity Act into law. The law is designed to help small businesses strengthen their cyber defenses utilizing guidance from the National Institute of Standards and Technology.
SMBs are not obligated by law to adapt cybersecurity defenses and often times, they do not have the resources available to invest in suitable defenses making them more vulnerable for cyber hackers. This newly enacted law will assist in providing dependable, relevant and comprehensive guidance needed to deal with the growing concern for potential cyber threats in the SMB sector.
According to a survey conducted by international specialist insurer Hiscox, in the past year 47 percent of SMB respondents experienced at least one cyberattack and 65 percent of respondents said they have failed to respond following a cybersecurity incident. The NIST Small Business Cybersecurity Act will provide SMBs with the tools needed to promote awareness and provide guidance to properly combat cyber threats.
In addition to this legislation, the FTC hosted a series of roundtable discussions last year to discuss the most common cybersecurity concerns of small business owners. The biggest concerns addressed by SMB owners were employees running into phishing schemes, ransomware attacks, and other scams.
One small business owner even stated, “I have spent hours sifting through materials trying to develop a Best Practices policy for security and privacy and everything has been geared towards big business with mega dollars to spend. The small businesses are just as likely to get “attacked” as the larger businesses and some of us care about keeping our systems safe.”
In response to the table discussions, in April of this year the FTC announced plans for a new cybersecurity education program geared specifically for small business owners. The program will address the discussed concerns with the goal of educating small business owners and their employees on helpful strategies to keep their computer systems and business data safe.
The government is taking major actions for strengthening SMB cybersecurity. These actions really emphasize the importance of ensuring that small businesses are adapting a viable cybersecurity program. Evidence shows that about 60% of SMBs that suffer a breach will go out of business in 6 months. These newly available resources are a major win for small businesses and it is important to embrace the guidance to defy these odds.