The Main Street Cybersecurity Act is a bill currently making its way through the U.S. House of Representatives that could lead to more tools geared specifically toward helping small businesses improve their cybersecurity. A similar bill has already passed in the Senate. And industry experts are confident some version of the bill will become law in the near future.
Cybersecurity issues have led to myriad problems for small and large businesses alike. Data breaches can cost businesses money in damages, legal and PR fees, and perhaps most importantly — customers.
“Cyberattacks can have catastrophic effects on small businesses and their customers,” said Republican South Dakota Sen. John Thune earlier this year. He helped introduce the Senate version of the bill. “This legislation offers important resources, specifically meeting the unique needs of small businesses, to help them guard sensitive data and systems from thieves and hackers.”
But the tools currently available through the National Institute for Standards and Technology and other entities are largely geared more toward big corporations due to the cost and how complicated it can be to understand and implement those resources. Small businesses are usually less likely to have team members completely dedicated to cybersecurity. So the tools and resources need to be simplified in order for small businesses to realistically benefit from them. And that, basically, is what this bill aims to provide.
Small Business Trends recently spoke with two experts on the subject to gain some perspective about what the bill would mean for small businesses. Kendall Burman is a partner at Mayer Brown who formerly served as Deputy General Counsel for the U.S. Department of Commerce. And Todd O’Boyle is the CTO of cybersecurity company Strongarm. Here’s a rundown of the bill and its potential impact.
What is the Main Street Cybersecurity Act?
Basically, the law would require the National Institute for Standards and Technology to provide more tools and resources specifically geared toward small businesses. The agency already offers a Cybersecurity Framework, a Computer Security Resource Center, IT resources and more. But many of the tools were created with large corporations in mind. So even though the framework is flexible and could certainly benefit small businesses, those companies with limited resources might not have the ability to decipher and grasp the full potential of those tools.
O’Boyle says of the bill, “It directs the National Institute of Standards and Technology (NIST) to focus more of its resources on cybersecurity for small businesses. Right now, NIST’s cybersecurity programs are focused on enterprise-size companies and cybersecurity is not a one-size-fits-all kind of problem.”
Currently, the National Institute for Standards and Technology offers a Cybersecurity Framework that businesses can use and customize to support their cybersecurity goals. The agency estimates that about 30 percent of U.S. companies are using the framework to manage cyber risk. But officials would like to see that number climb to 50 percent by 2020.
What Would the Main Street Cybersecurity Act Mean for Small Businesses?
Going forward, the bill could lead to creation of some supplementary resources to help small businesses actually understand and make use of the framework and other tools the National Institute for Standards and Technology.
O’Boyle says, “I’d anticipate videos and one-pagers on phishing, basic information technology (IT) hygiene, and cybersecurity incident response.”
But it’s important to note the bill, if passed, wouldn’t actually require any extra work on the part of small businesses. There will be more tools and resources available. But there isn’t a mandate for small businesses to use them.
Burman says, “One of the most important things to remember is that this guidance is voluntary. It’s not a regulation, not designed to be a sticking point for business. It’s just intended to be resources that you can look at and use as a tool to implement improved security.”
What is the Outlook for the Main Street Cybersecurity Act?
The bill is currently making its way through the U.S. House of Representatives. So it’s not law just yet. But it does have bipartisan support and the support of the U.S. Chamber of Commerce. A similar version of the bill also recently passed in the U.S. Senate.
Burman described the outlook for the bill as “optimistic.” So even if the House and the Senate need to make a few minor adjustments to pass an identical bill, it seems small businesses will soon have access to better resources to improve cybersecurity.
Main Street Photo via Shutterstock
More in: Cybersecurity