View Full Version : Small-business cybersecurity bill becomes law

Harold Mansfield
08-20-2018, 12:12 PM
Finally some good news and some help from the government. It's not a magic button, but at least it's some assistance and resources to help small businesses.
According to Symantec and The National Cyber Alliance

Almost 50 percent of small businesses have experienced a cyber attack.
More than 70 percent of attacks target small businesses.
As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.

For small business owners this is a critical issue.

[The President] recently signed into law the NIST Small Business Cybersecurity Act, which requires the National Institute of Standards and Technology (NIST) to develop and provide resources to protect small businesses’ digital assets from cybersecurity threats.
According to the bill, the resources must be implemented using technologies that are commercial and off-the-shelf, be based on international standards to the extent possible, include case studies of practical applications, and must include elements that promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships.

Source: https://homelandprepnews.com/stories/30019-small-business-cybersecurity-bill-becomes-law/

For those of you who are concerned about your businesses security, do you think this well help?

08-28-2018, 11:28 AM
What type of hack are we talking about? I honestly do not know what types there are. Ransomeware? I am moderately concerned. We do use Mac which I believe adds a little protection.

Harold Mansfield
08-28-2018, 01:46 PM
What type of hack are we talking about? I honestly do not know what types there are. Ransomeware? I am moderately concerned. We do use Mac which I believe adds a little protection.

The most common delivery method is phishing. Emails designed to trick you into taking an action like go to a website, open a document or attachment, or social media links to sites with malware or tracking on them.

What is delivered varies. Depends on who is doing it and what they want. Generally money is the motivator.
Ransomware is still big because you can't get out of it so a lot of people pay it. But "getting" someone's personal or company information, however you can get it, is also profitable. It's harder than phishing, but the success rate is higher because you don't need the other person to do anything except be an easy target.

Macs have a good record against viruses, but they are not immune and whether you're on a Mac or a PC doesn't matter when it comes to getting phished or clicking on the wrong thing out in the wild.

Up close and personal, war driving has made a come back. Riding around neighborhoods to see who has crap wifi security, and then infiltrating their home network. If you have a home office that could be pretty detrimental.

I know knocking the Government is good for laughs, but departments were set up during the last administration and they are actually on their game. NIST (National Institute of Standards and Technology) has a wealth of information and very detailed Cyber Security Framework available. That is what this new bill is based on. Directing NIST to provide more resources to small businesses based on that framework. And the framework is actually good.

The problem is getting people to take it seriously, and get those who do up to speed, and not enough security professionals with the skills and knowledge.

This is one of those things that the Government can't just throw money at and fix it for you. It's really up to each man, woman and child to learn how to be safer and secure in how they use the web, their devices and companies to tighten things up to protect themselves better.

08-28-2018, 09:06 PM
I will say that within the last year I believe about four or five of my customers have been been hacked. I receive what looks like a legitimate email with PO from them but what I click on it nothing happens. I let them know this and they let me know they have been hacked. I have become wise to this because the email in question will always have many email addresses in the body of the email.

My run-ins with both city and federal gov. regrettably validate knocking. I cannot agree with you enough, that is up to us to always take care of ourselves.