[BreachExchange] No Quick Fixes for Small Business Cybersecurity
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Mar 9 19:33:46 EST 2017
http://www.nextgov.com/cybersecurity/2017/03/no-quick-fixes-small-business-
cybersecurity/136007/
Small businesses are frequent targets for cyberattacks and their results
can be devastating, but there’s no quick fix, advocates told lawmakers
during a Wednesday hearing.
There’s no uniform standard small businesses can adopt to ensure they won’t
suffer a cyber breach, denial-of-service or ransomware attack or to ensure
they won’t be pummeled with financial losses and lawsuits when they do.
Even when small companies want to protect themselves, they often don’t know
where to turn for help. Or they may lack the financial resources for
security that goes beyond basic antivirus protection and making sure their
systems are reliably patched.
“The average small business owner is what we call trapped in a whirlwind,”
Charles Rowe, president of America’s Small Business Development Centers, a
trade association, testified before the House Small Business Committee.
“They’ve got 5,000 things to worry about, and sometimes this is not the
wolf closest to the sled.”
Rowe advocated during Wednesday’s hearing for an interagency committee
designed to help companies adopt cybersecurity best practices, similar to
the Trade Promotion Coordinating Committee, which was created to aid
exporters.
Jim Mooney, cybersecurity chair of the National Association of
Federally-Insured Credit Unions, urged the government to develop national
cybersecurity standards for companies similar to those currently required
for banks and other financial firms under the Gramm Leach Bliley
legislations.
Those standards should focus on providing “flexibility, scalability and
risk-based assessments,” he said.
Companies are notoriously wary of new regulations, however, and cyber
threats often move too fast for firm regulations to keep up.
Companies not bound by specific regulation are currently required to take
“reasonable steps” to protect customer data, according to the Federal Trade
Commission.
That vague standard, however, can be concerning for companies, Rowe said.
“What’s reasonable is shifting all the time and it’s hard to tell if you’re
a small business where the bar has moved to,” he said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170309/71d8230f/attachment.html>
More information about the BreachExchange
mailing list