Small Business and CyberSecurity

Senator Jim Rasich (R-Idaho) wrote in The Hill, that small businesses are particularly vulnerable to cyber crime and are arguably one of the entities least able to combat this.  The article indicates that this is the impetus behind the Small Business Cyber Training Act which would allow existing small business development centers to teach entrepreneurs about cyber hygiene and ways to keep their businesses safe.  This is supplemented by legislation that would result in the National Institute of Standards and Technology (NIST) creation of a framework targeted specifically at small businesses, according to Rasich’s article.  The article concludes by saying that given the proper education, small businesses can outsmart hackers and survive cyber attacks.


Opinion:

It certainly is admirable that Rasich is attempting to help small businesses combat and counter cyber crime.  Given the fact that many breaches arise from poor employee practices and a general lack of training on cyber hygiene.  That is just one part of the puzzle and that will only get you so far.  I would argue that entrepreneurs trying to get a new business running are possibly the least likely to engage in cyber training and education, and I would further argue that their resources might be better directed elsewhere.  Just as an entrepreneur will turn to an attorney to handle the entity creation aspects, will utilize the accountant to manage the myriad intricacies and regulatory and taxing authority issues, so too should they look to cyber professionals to assess, plan, and execute their cyber protection.  This is a specialty and while an entrepreneur could get by doing their own in-house IT perhaps 5-10 years ago, in the age of cyber crime, information security cannot be overlooked.

Again, training is great, and just as an entrepreneur should have a basic, rudimentary understanding of business organizations, accounting principles, insurance and liability, cyber should also not be overlooked.  However, crafting legislation to create a new framework for small businesses and enabling training for small businesses is perhaps akin to offering a course in small business creation and then advising people to draft their own LLC agreements or their own article of incorporation.  There is a reason the cyber workforce is nearing a shortfall 0f 1.5M people.  It is not because you can train someone in the span of a few weeks, or months to gain the skills they need to “outsmart hackers, and survive cyber attacks.”

My solution work with NIST and the SBA to vet cyber professionals and managed security providers so that small businesses can choose from a pool of cyber resources that are proven and trusted.  Allocate funding to the SBA to enable security providers to provide low-cost information security and training to small and mid-sized businesses.  Allow these same resources to be used for larger companies as well — just modify the percent allocation that the entity has to contribute.  Leverage the cyber resources that exist and help augment that by encouraging providers to work with small and mid-sized businesses to enhance the overall cyber hygiene landscape across the U.S. business scene.

Also, involve cyber insurance companies and provide similar incentives so that small and mid-sized businesses can take advantage of reduced rates and lower startup and operating costs once they sign up with an information security group.

Tags:

Leave a Reply

You must be logged in to post a comment.

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic. Full biography

Shelby E. Mann

Ryan D. WhiteShelby is a second year law student at the Syracuse University College of Law. During her final year at the University of Missouri, she served as a full-time news producer for ABC 17 News. Shelby spent her first summer of law school at the Shelby County District Attorney General's Office in Memphis, Tenn., in the Public Corruption and Economic Crimes Unit. She is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and the senior editor for the Syrian Accountability Project. Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

Anna Maria Castillois 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories