MAIN STREET Cybersecurity Act to Protect Small Businesses

At the end of September, the Senate passed the MAIN STREET Cybersecurity Act for Small Business.  This is an effort to help small businesses deal with the technical aspects and costs associated with creating a cybersecurity program and protecting their digital assets from attack or compromise.  The Act instructs NIST to create a plan for small businesses that is based on the NIST Cybersecurity Framework (NIST-CSF), but simpler and less expensive to implement.

Businesses with fewer than 100 employees are targeted by cyber-criminals 71% of the time.  Often small businesses are targeted for the user credentials they use to access networks of larger customers or suppliers.  Their are also targets for email account hijacking and related invoice, bank account, and wire transfer fraud.  50% of small businesses have suffered some sort of data breach.  60% of small businesses who suffer a significant breach go out of business.

Small businesses represent a large percentage of employment and economic activity in the United States, and they need to develop strategies to protect themselves from cyber-attack and cyber-crime.  This act is design to stimulate this process.  This bill has passed the Senate and is expected to make it through the House and into law.  We will keep you informed as this bill progresses.

More information:


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.