Sens. Jim Risch (R-Idaho) and Ben Cardin (D-Md.), chairman and ranking member of the Senate Committee on Small Business and Entrepreneurship, sent a letter last week to Small Business Administration (SBA) Administrator Linda McMahon to examine strategies for improving the content and delivery of cybersecurity assistance for small business owners.
Their letter follows a recent committee hearing on cybersecurity preparedness, where these ideas were discussed.
“In 2015, the National Small Business Association found that 42 percent of small businesses were victims of cyberattacks,” the senators wrote. “On average, cyberattacks cost small businesses approximately $7,000, and when their bank accounts were hacked, the average loss skyrocketed to $32,000. While small businesses are concerned about cybersecurity, it’s clear they are not doing enough to prepare for and respond to cyber threats.”
Risch and Cardin highlighted testimony from small-business owners in Idaho and Maryland and recommendations from hearing witness Daniel Castro with the Information Technology & Innovation Foundation that the SBA could make to further protect American small business owners from cyber threats, and to provide better assistance after one occurs:
- Establishing a Certification Program for “Part-Time” Cybersecurity Professionals: To help fill the shortage of cybersecurity professionals available to help small businesses with their IT (and encourage small business owners to not delegate this sensitive task to an unqualified employee), the SBA should work with existing professional certification organizations and the private sector to develop a low-cost, vendor-neutral certification program for small business employees who act as their company’s designated cybersecurity expert.
- Creating a Cybersecurity Boot Camp for Small Businesses: To replace the overload of cybersecurity information that federal agencies provide for small businesses (much of which is outdated or incomplete), the SBA should offer a free online “Boot Camp” in cybersecurity. This boot camp should be updated regularly and provide small businesses with “concrete steps” to raise the baseline level of security for participants.
- Forming a Small Business Cybersecurity Co-Op: Since many small businesses avoid cybersecurity measures due to high cost, the SBA should establish a “cybersecurity cooperative” that would create a large pool of willing buyers for various cybersecurity products and services. By opening up participation in a co-op to any small business interested, members could have access to services that were previously unattainable and negotiate better rates.
“We urge you consider the ideas from this hearing to begin bolstering your cybersecurity opportunities for small businesses as soon as possible,” Risch and Cardin added. “As the leaders of the Senate Committee on Small Business & Entrepreneurship, we have a responsibility to do all that we can to assist small business owners and individuals across the country who need access to a variety of services.”
