Do you own or operate a small business, and/or do you hope to do so someday? Or are you a freelancer (which I might remind you is definitely a business)? I’m gonna go ahead and assume yes, since you’re reading HER Magazine right now. Well, I hope you’ve been paying attention: A new bill was signed into law by the President this week, and it directly relates to YOU.
Talkin’ about S. 770: The NIST Small Business Cyber Security Act.
See? ‘Small business’ is right there in the title. That’s you!
But it’s really the other part of the title I want to discuss today: Cyber Security.
Small businesses are often targets for hackers — that’s why this bill was introduced in the first place. Small businesses do, after all, make up about half of all American jobs, so it’s pretty economically important that we protect those jobs from attack.
So let me ask you, small business owner: Do you have a cybersecurity plan in place?
I’m going to hazard a guess and say ‘probably not.’ Because the reason small businesses are so often the target of attacks is exactly that: most of them don’t have a cybersecurity plan in place!
That’s what this bill aims to change.
To give you a quick overview, this bill basically charges NIST, or the National Institute of Standards and Technology (a government agency within the Department of Commerce), to provide continual ‘resources’ for small businesses to help them protect themselves from cyber threats. In this case, ‘resources’ means “guidelines, tools, best practices, standards, methodologies, and other ways of providing information.”
Note: “Resources” does not mean ‘funding.’ That’s still your responsibility, of course — but it does seem like this will provide a lot of educational tools designed for small businesses. That’s great, and I’m definitely glad we’re doing this, but I can’t help but wonder:
NIST has a year, according to the bill, to implement this new policy. So…what are you going to do in the meantime?
I sure hope your answer wasn’t “wait for NIST to fix everything.” If you don’t have a cybersecurity plan in place, it’s time to get one — as in, today. Cyber attacks are a very real risk these days; you can lose finances, sensitive company data, or even the use of your computer — a hack can completely shut down your business, and if you don’t have a plan in place, that shut-down could be permanent.
Too often, new business owners ignore cyber threats because it feels like a distant, ‘only-happens-to-someone-else’ kind of risk. But someone else is always someone, and if you’re not prepared, that someone could be you.
There are a few basic steps you should include in any cybersecurity plan: Don’t use the same password for everything. Don’t access public Wifi without a VPN. Never click on links you don’t recognize. And, most importantly, make sure your team is following these steps, too.
But there’s going to be more to it than that for every individual business — more than could probably fit in one article. NIST will be providing a lot of tips and tools coming soon, but even when that happens, it will be up to you to access and implement those tools. In the meantime, get started — make your own solution. Educate yourself. That’s what running a startup is all about, right?
Find out what’s best for YOUR business, find out what YOUR team is doing, and make a plan — together. Then, when NIST provides a whole new set of tools, you won’t be grasping for a lifeline — you’ll be strengthening an already powerful system.
What do you think of S. 770? Does your business have a cybersecurity plan in place? Let us know in the comments!