It is no secret that small businesses are far from immune to cyberthreats and data breaches. In fact, small businesses are often prime targets for hackers, based on the assumption that cybersecurity strategies are less than optimum for organizations that have limited resources. Unfortunately, many small businesses lack the tools and support to create a prevention strategy that will adequately mitigate cyberthreats. The federal government, through the implementation of the MAIN STREET Cybersecurity Act, plans to change that.
What is the MAIN STREET Cybersecurity Act?
The MAIN STREET Cybersecurity Act of 2017 is important legislation designed to help small businesses improve cybersecurity, by requiring NIST (National Institute of Security & Technology) to provide crucial resources to guide small businesses in protecting sensitive data affordably. Cybersecurity is not a one-size-fits-all approach, and current available resources are typically geared towards helping larger businesses, and smaller businesses simply do not possess the dedicated resources or personnel to take advantage of existing initiatives. The MAIN STREET Cybersecurity Act of 2017 will require the National Institute of Standards and Technology to provide resources specific to small businesses and promote a more flexible framework based on international standards.
What will it do for small businesses?
Only 30 percent of businesses utilize the available framework to help manage cybersecurity risk, and it is important that more businesses take advantage of resources that prevent cyberattacks. With this bill in place, small businesses would have access to up-to-date cybersecurity strategies, as well as assistance in understanding why and how to implement these strategies.
A similar bill has recently passed in the U.S. Senate, but The MAIN STREET Cybersecurity Act of 2017 is not a law just yet. It is currently up for discussion in the U.S. House of Representatives, who have passed their own version of the bill. It is expected that the House and Senate will work together to bring some version of the bill to pass in 2018.
Although the guidance available from the National Institute of Standards and Technology is only voluntary, it is crucial to improving the cybersecurity strategies for small businesses. A cyberattack could cripple a small business, and it is not uncommon for financial damage to result in complete loss of a company. With better access to a strong cybersecurity framework, small businesses are more likely to see success, and consumer data is better protected.
Following NIST standards, thinkCSC has developed new levels of security monitoring for our clients – increased levels of monitoring and detection that are designed to help keep your organization – and your data – even safer than it already is. The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA).