Recently, Small Business Administration (SBA) Administrator Linda McMahon received a letter from two US Senators urging more be done to protect small businesses from cyber threats.
Call to Increase SBA Cybersecurity Offerings
The letter (PDF) was written by U.S. Senators Jim Risch (R-ID) Chairman of the Senate Committee on Small Business and Entrepreneurship and Ben Cardin (D-MD), a ranking member of the committee. In it, the senators ask the SBA to improve the content and delivery of cybersecurity assistance for small business owners as the threat environment in the digital ecosystem continues to worsen.
To demonstrate the need for greater focus on cybersecurity, Risch and Cardin shared some troubling statistics. For example, 42 percent of small business owners were victims of cyber attacks in 2015. And the financial costs of these attacks averaged $7,000, but quadrupled to $32,000 if bank accounts were also hacked.
In the letter, they added, “While small businesses are concerned about cybersecurity, it’s clear they are not doing enough to prepare for and respond to cyber threats.”
Other stats pointed out in the letter include the fact only one-third of small businesses have taken pro-active steps to protect against cyber threats and only 12 percent have developed a cybersecurity response plan.
In testimony before the committee, Information Technology & Innovation Foundation Vice President Daniel Castro had some recommendations for making small business cybersecurity practices just as robust as those at large organizations.
The three steps Castro suggested are:
Establish a certification program for ‘part-time’ cybersecurity professionals to address the shortage of cybersecurity professionals in the marketplace and make it available to small businesses.
Create a cybersecurity boot camp for small businesses (which Castro says should be free) to bring them up to date with the latest information available from federal agencies.
Form a small business cybersecurity cooperative to help lower costs, negotiate better rates and provide access to previously inaccessible services.
According to Castro, there should be an effort to raise the baseline level of security for participants, which begins with increased awareness.
On the official Information Technology & Innovation Foundation website, Castro explained, “The greater challenge for the U.S. government is to reform its national cybersecurity policy to move away an emphasis on relative offensive capabilities and instead prioritize absolute defensive capabilities, including prosecuting cybercrime.”
He added, “In addition to these recommendations, this committee, through its oversight, can insist that the Small Business Administration provide small businesses timely and effective training materials about mitigating cybersecurity threats.”
Photo via Shutterstock