It has taken a while, but the President did sign the Small Business Cybersecurity Act into law on August 18, 2018. This Act “requires the Commerce Department’s National Institute of Standards and Technology to develop and disseminate resources for small businesses to help reduce their cybersecurity risks.” Small businesses often have smaller budgets and staff yet fall under the same compliance requirements and threat landscape as the larger corporations. This Act will allow more benefits to be provided to those small businesses to better protect themselves against cyber threats.

The details that are found as part of the proposed Bill (originally put forward back in April 2017) outline the requirements for the Director of the National Institute of Standards and Technology (NIST) to work with small businesses on the topic of cybersecurity risk:

  • By August 14, 2019, or sooner, the Director will publish resources to help small businesses address cybersecurity risks overall.
  • There will be a component of security awareness as well as funding that may be involved from NIST.
  • The information will be made public and can involve various technologies that are available as well.

I’m interested to see where this will take the community as it relates to the small businesses. If this is simply another set of guidelines, I’m not impressed.  I would hope that this will be a set of resources that will be better understood and more easily consumed by small businesses who do not have the ability to staff an entire security team or budget accordingly. I work with small businesses all the time who, as stated above, have the same requirements to protect data as the larger firms. Knowing how to set a cybersecurity and privacy strategy, prioritize and mitigate risk and comply with industry regulations is critical to their success.

NIST provides some good information today, and I am hopefully optimistic that this is a great step forward for small businesses everywhere!