Senate Bill Aims to Clarify Security Solutions for Small Businesses
By Adam Janofsky
By approving a cybersecurity bill meant to help small businesses last week, cybersecurity experts said the U.S. Senate has taken the first step toward encouraging businesses of all sizes to use basic security practices that can help fend off sophisticated cyberattacks.
The bill’s core provision directs the National Institute of Standards and Technology to “disseminate clear and concise resources for small business concerns to help reduce their cybersecurity risks.” NIST publishes a widely-used cybersecurity framework that recommends best practices for securing data, including installing antivirus software, backing up business data, and requiring multi-factor authentication to sign in to sensitive applications.
“The act itself isn’t going to prevent future cyberattacks, but it might motivate a bigger percentage of small businesses to take action,” said Jon Loew, chief executive of AppGuard LLC, a security software company that helps small businesses protect themselves against cyberthreats. “Small business are probably least prepared for this--they might not have dedicated information technology staff, and they certainly don’t have a dedicated information security person--but the ramifications are more serious than at larger companies”
The bill, which received early support from lawmakers from both parties, was passed after several weeks of major data security disclosures, including a breach at Equifax Inc. that compromised the information of 143 million U.S. consumers and an attack on the U.S. Securities and Exchange Commission’s system for storing public-company filings.
When the bill was introduced in March, Ann Beauchesne, senior vice president for the Chamber of Commerce’s National Security & Emergency Preparedness Department, told WSJ Pro that the act would drive growth in the economy by helping businesses with limited resources protect themselves from cyberthreats.
The bill also received early support from the Information Technology Industry Council, an advocacy group whose members include Apple Inc., the security vendor Symantec Corp., and International Business Machines Corp.
“Small businesses often don’t have the resources they need to guard against sophisticated cyberattacks, and this legislation can be the helping hand small businesses need to help reduce their cybersecurity risks,” said Andy Halataei, ITI’s senior vice president for government affairs. “By offering small businesses federal agencies’ resources and coordinated support, they can better manage risks, protect customer privacy, and focus on growing their ventures.”
The House will likely vote on the bill in the next few months, according to a policy expert who helped craft the legislation. Florida Rep. Daniel Webster introduced a similar bill in April called the NIST Small Business Cybersecurity Act to the House’s Committee on Science, Space, and Technology.