14 Mar Cyber Resources for Small Business: What the Government Offers
Eighty-one percent of small businesses feel the government should be doing more to stop cyberattacks, according to a survey by Carbonite. Perhaps not a surprising statistic given that 43 percent of cybercrimes target small businesses, and those attacks can be lethal. Stopping attacks is tough, but helping companies defend against them is certainly doable. So what help is the government offering to small businesses? A congressional hearing held last week titled, “Small Business Cybersecurity: Federal Resources and Coordination” examined the issue. The testimony revealed that there are a variety of federal resources available to small firms that may prove useful.
CYBER RESOURCES AT FEDERAL AGENCIES
TECHPol has reported on the efforts by the National Institute on Standards and Technology (NIST) to give guidance to both government and the private sector on best practices for cybersecurity. In November, NIST issued a report titled, “Small Business Information Security: The Fundamentals” that serves as a plain-language reference for small businesses to assess and develop their cybersecurity strategies.
In addition to NIST, the Federal Trade Commission (FTC) is an important cybersecurity resource. The FTC is a regulator of cybersecurity best practices and enforces laws that require companies to adhere to certain data protection standards. In addition to enforcement, the Commission engages in education. Several FTC publications and initiatives are designed to help businesses avoid and respond to breaches, including “Protecting Personal Information: A Guide for Business,” “Data Breach Response: A Guide for Business” and “Start with Security: A Guide for Business,” to name a few.
The Small Business Administration (SBA) offers cybersecurity training via its website along with other tips. The agency has also partnered with NIST and the FBI to offer workshops on IT threats specifically designed for small businesses and non-profits. A provision of the recently enacted National Defense Authorization Act of 2017 requires the SBA to work with the Department of Homeland Security (DHS) to develop a strategy to leverage resources at SBA, DHS and the national network of Small Business Development Centers to provide additional training and assistance to small companies.
DHS is another lead agency on cyber matters and continues to gain responsibilities in this area. In terms of assistance to small companies, the department’s Critical Infrastructure Cyber Community (C3) voluntary program offers a toolkit for small and mid-sized companies, as well as a Cyber Resiliance Review (CRR) assessment tool “to evaluate an organization’s operational resilience and cybersecurity practices.”
The Federal Communications Commission (FCC) is in on the action too. The commission created a publication to help small businesses guard against cyberthreats titled “The Small Biz Cyberplanner,” although the most recent 2.0 version was last updated in 2012.
This is not a comprehensive list of federal cybersecurity resources for business, but it’s a healthy sampling. Whether these efforts could be better coordinated is another question the Small Business Committee hearing sought to address. Surely the short answer is “yes.” Regardless, there are some good nuggets of information among these publications that small businesses may find useful as they navigate a growing threat to their livelihoods.