Share this article on:
New legislation to help small businesses protect their data and digital assets has been approved by the Senate Commerce, Science and Transportation Committee this week. The new bill, which was introduced by Sen. Brian Schatz (D-Hawaii) last week, will now head to the U.S Senate.
The legislation – the MAIN STREET (Making Information Available Now to Strengthen Trust and Resilience and Enhance Enterprise Technology) Cybersecurity Act will require the National Institute of Standards and Technology (NIST) to develop new guidance specifically for small businesses to help them protect themselves against cyberattacks.
New NIST guidance should include basic cybersecurity measures that can be adopted to improve resilience against cyberattacks and mitigate basic security risks.
Guidance and security frameworks have been developed by NIST to help larger organizations protect their assets and data, although for smaller businesses with limited knowledge of cybersecurity and a lack of trained staff and resources they can be difficult to adopt.
What is needed is specific guidance for small businesses that can easily be adopted to improve cybersecurity defences. If the new legislation is passed, NIST would be required to develop simplified guidance specifically tailored to the needs of small businesses.
Many small business owners do not believe they are at risk because of the size of their organization. Yet, breaches at small to mid-sized businesses are all too common. In the past two years, cyberattacks on small businesses have significantly increased.
A 2016 survey conducted by Keeper Security – 2016 State of SMB Cybersecurity – suggests half of small businesses experienced a breach in the past 12 months. The main threats are phishing and social engineering attacks on employees, although the survey revealed numerous vulnerabilities exist which could all too easily be exploited by cybercriminals. The survey, which was conducted on 600 SMB IT leaders revealed only 14% of those businesses had cybersecurity defenses that were considered to be very effective.
When it comes to preventing cyberattacks and improving cybersecurity defenses many small businesses – including small healthcare organization – do not know where to start. Many small businesses do not have a dedicated IT person and are unaware of what is required to prevent cyberattacks. Cybersecurity guidance is sorely needed.
If passed, the new legislation would require NIST to suggest commonly used, off-the-shelf products that can be easily implemented in a cost-effective manner to mitigate common cybersecurity risks.
Sen. Maria Cantwell, D-Wash, one of the bill’s five sponsors, said “By creating a simple, voluntary cybersecurity framework for small businesses, the Main Street Cybersecurity Act will help them protect their data.”