So what impact will this new Act have on Small Businesses?
My former business (IT Consulting) was purposed built to cater to the small to medium sized business in the DMV. These companies could not afford a full time IT staff and were dependent on companies like mine to keep their tech running so they could do the things that they do best-bake, paint, print, lawyer, etc. I have had a passion for security almost as long as I have had tech. That carried over into the services that I offered to my customers. In the best bake, paint, print, lawyer speak I could use I encouraged the customer to employ best practices as much as possible. That included purchasing tools that were affordable and effective.
I get the interest that the Feds have in Cyber for the SMB. The problem is they have NO clue what that SMB is going through to make payroll, stay ahead of the competition and expand their market. None of this is going to amount to a hill of beans to them. If anything it would be thought of as the Feds trying to meddle more in their affairs.
I read the document and then looked at the contributors to the document. All were feds, Mitre, or other big corporation uppity up muckity mucks. I didn't see John Doe, Owner, Shell Station 123 Maple Street, Anytown, USA listed as a resource.
I think the Feds need to do what the Feds should do, which is worry about the mess they are in and leave the SMB alone. But, sadly, they won't because that is not what the Government is about. It has to be in everyone's knickers daily.
This subject has progressed:
""Small business leaders have to become security champions and communicate it to the staff," he says. "They have to explain to employees that security it not just about protecting the boss's Mercedes Benz. They have to understand that their W2s or tax refunds can be stolen, so cybercrime affects them, too.""
Yes or no? What are your thoughts?
I understand, that the USA states that a Small business is one with under 100 employees and a Medium sized one has under 1,000 employees. In comparison: 80 to 90% of all businesses in New Zealand have less than 100 employees - so does this make them tiny in comparison:
Some good advice from the UK on why Small businesses should adopt secure practices:
Part of my due diligence when I read an article is to see who/what etc is behind it. If you read the second article you linked the above graphic is a link that takes you to a catalog of services that the same governmental organisation wants you to buy from once they have scared the crap out of you. I'll lay down my snarky pen and pick up my analytical one:
1. As mentioned before, lets use one of my former customers as an example. He is a baker. Pastries, cakes, and other baked goods that my cardiologist would frown at are his specialty. His wife, a sweet woman, handles all the back office stuff because he wants to do what he does best which is bake. She is NOT an trained account but she knows that Quickbooks for business can help her run their small operation, handle their small payroll and get their quarterly tax reports to the greedy hands of the government. She know nothing about computers except for the fact that she knows nothing about computers. That is why she hired me. They know nothing about computer security beyond what they may get from the evening news, social media if they have a friend who posts about that sort of thing (like me!) or from the occasional email. But who wants to open that scary email?
2. Rinse repeat bullet point 1 for the owner of the printing company, hotel (not part of a chain), auto mechanic, etc. The same case applies.
I think governmental organisations need to stick to their large enterprise environments and worry about keeping their own house in order. By extension, contractors to the Feds have to adopt increased security measures if they still want to play in that arena. Sub-contractors to federal contractors should have to inherit the same security posture if they want to continue their role as well. This makes sense and should be the norm.
Creating a panic by issuing the dumbed down version for SMB is not practical. It's certainly not in the budget for these SMB's and is only a distraction.
@Flyslinger2 used the phrase "small to medium sized business in the DMV. "
For our International crowd here, DMV across most of the USA means Department (or Division) of Motor Vehicles. and refers to the state agency that registers and licenses vehicles. However, in Mark's usageABOVE it means Delaware / Maryland / Virginia, three contiguous states on the east coast with many regional businesses.
This local usage seems to be increasing rapidly in our area, and more often than not confuses me when I read it as the Motor Vehicle agency (who I had to pay this morning in Virginia). It also ignores the District of Columbia, which sits between Maryland and VIrginia.
Maybe we should use DMDV or DMCV, or DMWV?
My only knowledge of the usage of DMV comes from local print and radio-they all refer to it as District/Maryland/Virginia.
My apologies for not being broader in my scope for responses. Yes, this is an international community.