At the end of September, the Senate passed the MAIN STREET Cybersecurity Act for Small Business. This is an effort to help small businesses deal with the technical aspects and costs associated with creating a cybersecurity program and protecting their digital assets from attack or compromise. The Act instructs NIST to create a plan for small businesses that is based on the NIST Cybersecurity Framework (NIST-CSF), but simpler and less expensive to implement.
Businesses with fewer than 100 employees are targeted by cyber-criminals 71% of the time. Often small businesses are targeted for the user credentials they use to access networks of larger customers or suppliers. Their are also targets for email account hijacking and related invoice, bank account, and wire transfer fraud. 50% of small businesses have suffered some sort of data breach. 60% of small businesses who suffer a significant breach go out of business.
Small businesses represent a large percentage of employment and economic activity in the United States, and they need to develop strategies to protect themselves from cyber-attack and cyber-crime. This act is design to stimulate this process. This bill has passed the Senate and is expected to make it through the House and into law. We will keep you informed as this bill progresses.