By Bret Piatt
Apr 7, 2017
This week, the Senate Commerce Committee passed the MAIN STREET Cybersecurity Act, which would help small businesses protect their digital assets from cyber threats. According to The Hill, “the legislation would require the National Institute of Standards and Technology (NIST) to give simplified resources to small businesses that choose to use the institute’s cybersecurity framework.”
Development of a cybersecurity policy is hard work that requires specialized expertise. Most industries have some aspects of a policy pushed on them either via PCI Compliance, HIPAA, or other regulatory framework. Those frameworks all have flaws as they’re focused on the security of a specific data target (ex. In PCI, it is credit card data or in HIPAA it is protected health information) and not on the overall security of the business still leaving potential vulnerabilities elsewhere outside of the cardholder data environment or the ePHI storage system. This new framework from NIST has the potential to provide a comprehensive, yet simple to implement, policy for businesses of all sizes.
In this bill Congress makes a number of important statements, about small businesses and the potential cybersecurity risks that they face:
Small businesses play a vital role in the economy of the United States, accounting for 54 percent of all United States sales and 55 percent of jobs in the United States.
Attacks targeting small and medium businesses account for a high percentage of cyberattacks in the United States. Sixty percent of small businesses that suffer a cyberattack are out of business within six months, according to the National Cyber Security Alliance.
The Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7421 et seq.) calls on the National Institute of Standards and Technology to facilitate and support a voluntary public-private partnership to reduce cybersecurity risks to critical infrastructure. Such a partnership continues to play a key role in improving the cyber resilience of the United States and making cyberspace safer.
There is a need to develop simplified resources that are consistent with the partnership described in paragraph (3) that improves its use by 24 small businesses.
At Jungle Disk, we provide software and services to solve hard cybersecurity problems in an easy to implement form. Ask us for a demonstration or check out one of our videos on data backup, network security and the three fundamental aspects of a data security policy. We’re pleased to see Congress taking cybersecurity seriously as a business risk moves from physical paper systems of records to digital storage at an ever increasing rate.