Usually my Sunday submission is a bit more genuinely humorous, but not so much today. Other titles I considered were “Your Tax Dollars At Work” and “Government Seeks to Tax Cyber-Crime Victims,” but the real title should be:
Congress to Enact Legislation To Make Bad Cyber Security Illegal
This is sort of the same as making being the victim of a mugging illegal. But related reports on TechDirt and Sophos are reporting the the Congress is trying to get legislation passed that would make failing to provide adequate computer and network security a crime that can be punished with fines. As reported in Sophos:
The bill, AB 1710, would make retailers responsible for notifying customers of any data breach incident, as well as hold them liable for reimbursing customers’ financial damages.
The bill would require the business that maintains the data to notify affected people within 15 days of the breach. As it now stands, banks and credit card companies are also liable for consumer losses caused by data breaches.
FTC Seeks to Penalize Companies for Cyber-Breaches
In a separate story, the Federal Trade Commission has prevailed in a case they started against the Wyndham Hotels for failing to secure customer data properly. Wyndham claimed the FTC did not have jurisdiction or authority to pursue action against them by the Court recently sided with the FTC.
So my warning to small business owners everywhere: If you get fleeced by cyber-criminals get ready to have the double whammy of fines from the Federal government. This is truly adding insult to injury, but when we hear the stories and realize how culpable the victim are in so many cases, we have no difficulty understanding how a group of duly elected lawyers could come to the conclusion that THERE NEEDS TO BE A LAW, and that somehow this will improve cyber-security.
Pretty sure I disagree with the need for legislation, but there does need to be some real attention paid to the issue of cyber-security and many businesses continue to ignore the problem and hope that they are “too small to be a target.” And maybe the threat of government fines will get a few more business owners of the schneid and do something.
Share
APR
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com