Small Business Cyber Security & Why Be Concerned
Small business cyber security & attacks rarely make the news, but small businesses are among the biggest targets. Having had to deal with one ourselves, we know. In fact, “43% of cyber-attacks target small businesses” according to the Verizon 2019 Data Breach Investigations Report (DBIR). The most common is ransomware.
Why are small businesses so vulnerable? Simple, time. Most of us are so busy running our day-to-day operations. Who has time to focus on Phishing scams or other cyber-attacks?
Small Business Cyber Security Assistance Act
While it sounds great, it sadly underdelivers.
It authorizes the nation’s Small Business Development Centers (SBDCs) to “work with” the Department of Homeland Security to, according to The Hill, “provide consulting to small businesses on how to strengthen their cybersecurity protocols.” New materials and education programs are also tools?. -Small Business Trends
Sounds good, right? Not quite. While the bill has good intentions, the policy execution has problems.
Problem #1: Have You Ever Heard of SBDC?
Right. I didn’t think so. So, how can they provide “consultation” on small business cybersecurity if you don’t know they exist? Sadly, this bill does not include funds to drive awareness of SBDC. Therefore, if you don’t know about it now, you’re not likely to learn about them in the future. The idea that the centers will be sufficient to “provide consulting to small businesses on how to strengthen their cybersecurity protocols” is like pouring money down the drain.
Problem #2: Raise Your Hand if You Own a Server?
Again, didn’t think so. Most small companies have switched to, or started with cloud-based applications. We do. I bet you do, too. This makes our data security dependent upon big tech companies. While this bill is focusing on us, where is the accountability for those hosting the data – Microsoft, Google, Amazon, and others?
Small Business Cyber Security Assistance Act Alternatives
Solution #1: Make Tech Companies Liable for Small Business Losses
While you could sue them for data losses, good luck! The playing field is completely imbalanced. If this bill really wanted to help small businesses, it should require big data companies to provide compensation to their small business customers when they screw up. Regulation of the tech industry is sadly lacking. Congress is not known for being tech-savvy.
Solution #2: Cyber Insurance
Who has heard of cyber insurance? Few have. It is available, and it’s probably the best option to protect yourself. It’s just an added cost. This bill could help small businesses if it would provide some financial guarantees for insurance companies, similar to what they do for the Small Business Administration loans. Some assistance to help pay for cyber insurance would make it more affordable and accessible.
If this legislation passes, it’s unlikely to do much in terms of helping reduce small business cyber-attacks. In this jump-start application world, you have two options. First, put your faith in tech companies acting responsibly with your data, or alternatively, invest in some cyber insurance.
In summary, Congress is woefully behind the times in tech. This is nothing new. This is one area where infrastructure improvements could significantly help small businesses cyber security, but in the mean time, we should take precautionary steps to protect ourselves.