HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Small Business Cybersecurity Bill Heads to Senate

New legislation to help small businesses protect their data and digital assets has been approved by the Senate Commerce, Science and Transportation Committee this week. The new bill, which was introduced by Sen. Brian Schatz (D-Hawaii) last week, will now head to the U.S Senate.

The legislation – the MAIN STREET (Making Information Available Now to Strengthen Trust and Resilience and Enhance Enterprise Technology) Cybersecurity Act will require the National Institute of Standards and Technology (NIST) to develop new guidance specifically for small businesses to help them protect themselves against cyberattacks.

New NIST guidance should include basic cybersecurity measures that can be adopted to improve resilience against cyberattacks and mitigate basic security risks.

Guidance and security frameworks have been developed by NIST to help larger organizations protect their assets and data, although for smaller businesses with limited knowledge of cybersecurity and a lack of trained staff and resources they can be difficult to adopt.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

What is needed is specific guidance for small businesses that can easily be adopted to improve cybersecurity defences. If the new legislation is passed, NIST would be required to develop simplified guidance specifically tailored to the needs of small businesses.

Many small business owners do not believe they are at risk because of the size of their organization. Yet, breaches at small to mid-sized businesses are all too common. In the past two years, cyberattacks on small businesses have significantly increased.

A 2016 survey conducted by Keeper Security – 2016 State of SMB Cybersecurity – suggests half of small businesses experienced a breach in the past 12 months. The main threats are phishing and social engineering attacks on employees, although the survey revealed numerous vulnerabilities exist which could all too easily be exploited by cybercriminals.  The survey, which was conducted on 600 SMB IT leaders revealed only 14% of those businesses had cybersecurity defenses that were considered to be very effective.

When it comes to preventing cyberattacks and improving cybersecurity defenses many small businesses – including small healthcare organization – do not know where to start. Many small businesses do not have a dedicated IT person and are unaware of what is required to prevent cyberattacks. Cybersecurity guidance is sorely needed.

If passed, the new legislation would require NIST to suggest commonly used, off-the-shelf products that can be easily implemented in a cost-effective manner to mitigate common cybersecurity risks.

Sen. Maria Cantwell, D-Wash, one of the bill’s five sponsors, said “By creating a simple, voluntary cybersecurity framework for small businesses, the Main Street Cybersecurity Act will help them protect their data.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.