Congress looking to make resources available to help small businesses increase their cybersecurity efforts
Cybersecurity has been a big problem facing businesses of all sizes throughout the United States. Lawmakers responded to the threat in 2014 with the Cybersecurity Enhancement Act. Small business cybersecurity getting the attention of Congress.
The Cybersecurity Enhancement Act of 2014 called for the National Institute of Standards and Technology or NIST to provide big businesses with a voluntary set of guidelines to follow that are designed to reduce and manage their cybersecurity risks. It was with this legislation that cybersecurity became the primary focus of NIST.
Developing a Small Business Focus
Hackers are not only targeting big businesses. Attacks directed at small businesses have been increasing as well. Experts estimate that half of all small businesses or 14 million small businesses have been hacked in the most recent 12-month period. Many of these small businesses are not even aware that they were hacked and many of those that were aware, did not disclose the breach for fear of embarrassment or public retribution.
The Main Street Cybersecurity Act introduced in March 2017 seeks to take over where the Cybersecurity Enhancement Act of 2014 left off. The proposed legislation directs NIST to create a simple, voluntary cybersecurity framework for small businesses to help them implement cybersecurity defenses for their data and computer networks.
Small businesses are vulnerable
Small businesses are an increasingly lucrative target for hackers. According to the 2016 State of SMB Cybersecurity Report, most small businesses don’t have the capital to afford their own IT resources. As a result, they are at risk of phishing attacks via email, hacks on their ecommerce shops, or any number of malicious activities.
Small businesses are vulnerable to hacks in several regards. Not only are they physically vulnerable, they are also economically vulnerable as well. A severe hack can render a business inoperable preventing them from making money for an extended period of time. For many small businesses, this can be a deathblow.
Many of the nation’s 28 million small business owners are not even thinking Cybersecurity. Manta published a survey in March 2017 showing that 87 percent of small business owners don’t feel that they are at risk of a cybersecurity attack. The same survey found that 1 in 3 small businesses don’t have the tools in place to protect against an attack. Tools include firewalls, antivirus software, data encryption tools and spam filters to protect themselves.
A lack of awareness and resources
Most small businesses have many spending priorities that compete for financial resources. Operating costs, new equipment, inventory, growth are often take priority over computer network maintenance and investment. As a result, many businesses rely upon themselves to update their software and check for security patches.
For those business owners who take it upon themselves to maintain their computer systems, they often times don’t know where to start to protect their computers from hackers. When small business owners learn what we do, the first question I am often asked is ‘What can I do to prevent my website from being hacked?”
A focus on small and medium-sized businesses
These days, hackers seem to be shifting their focus away from large corporations and turning their attention to small and medium-sized businesses. They will attack smaller e-commerce shops to try to steal credit card information. Stolen digital data will be held hostage to extract a ransom. Small and medium-sized business owners won’t have the money to pay to investigate a cybersecurity attack but they will have the funds to pay a small ransom of several thousand dollars.
In 2013, Target was attacked that resulted in the theft of the personal data of 70 million clients. The attack was thought to be the result of a prior breach where hackers were able to obtain access to Target’s computer network through a vulnerability in a smaller supplier’s network, a heating and air-conditioning company.
Cyberattacks a very real threat to small business
Cyberattacks on small businesses are a very real threat. Around 60 percent of small businesses that suffer a cybersecurity attack go out of business within six months.
What is a good first step that a small business can take to protect themselves from hackers?
According the John Swanciger, CEO of Manta, the No. 1 most overlooked thing that small business owners don’t do is “perform their software updates”.
Small businesses need to be aware that they are the targets of hackers. A big reason why is because they are the most uninformed and unaware of a potential attack.
Don’t wait for the Main Street Cybersecurity Act of 2017
Small and medium-size business owners shouldn’t wait for Main Street Cybersecurity Act of 2017 to pass to take action. Business owners should start now by:
- Update their software regular
- Taking regular backups of company data
- Creating stronger passwords
- Changing their passwords every couple of months
- Installing antivirus software on their computer
Recently, I have written about cybersecurity for WordPress. I have been very surprised to find that despite all of the media coverage surrounding the importance of updating to WordPress 4.7.3, I am still finding a surprisingly large number of website owners who are still running outdated versions of WordPress. An informal review of 53 WordPress websites this past weekend, found 5 websites running everything to WordPress 3.6 to 4.3. This is almost 10 percent of WordPress websites reviewed.
Perhaps, it is a good thing that small business cybersecurity getting the attention of Congress.