Congress approached cybersecurity from a different perspective last week. A House subcommittee had a hearing on cybersecurity and small businesses.
In most cases, I think we are better off not thinking about cybersecurity in terms of the size of a company because a) all businesses get hit with cyberattacks and b) software and employees are equally vulnerable, whether it is in a global corporation or your home office. However, there is still a dangerous school of thought that it is only large companies that get hit and small businesses are immune to cyberattacks. The reason, in part, is because the media focuses on the large companies, where an attack can affect millions of people. If it’s happening elsewhere, and we aren’t hearing about it, it is easy to believe it never happens.
In explaining why the hearings were held, House Small Business Subcommittee on Health and Technology Chairman Chris Collins was quoted in Contact Centers Solutions:
Cyber-criminal attacks on small business intellectual property and personal financial information present a serious threat that could potentially impair a business, and the threat is growing as many small firms explore new technologies such as the cloud and mobile computing. . . . Although attacks on small businesses don't make the headlines, a recent report shows nearly 20 percent of cyber-attacks are on small firms with less than 250 employees. Unlike a large company, small businesses may not be able to survive a cyber attack.
Collins’ last point there is vital to why all small businesses need to emphasize cybersecurity – an attack could cost thousands and bring down the entire business.
Unfortunately, the Catch-22 is that the businesses that can least afford an attack are also the businesses that can least afford security resources. Luckily, steps can be taken that don’t cost much (if anything) at all – making sure employees are educated on cybersecurity issues and concerns, enforcing stronger passwords and regular password changes, and using encryption.
Will Congress take any steps to improve cybersecurity for small businesses? I doubt it, seeing their current record on enacting any substantial cybersecurity legislation. However, the hearing did bring the need for improved cybersecurity for SMBs to the forefront, and if it leads to SMBs rethinking their approach to security, that will be a good thing.