Small business cyber security has always been an important concern for owners and employees alike. Unfortunately, companies are now facing escalated security threats, as hackers have stepped up their efforts during the pandemic. With more employees working from home without sophisticated in-office security measures, there are more opportunities for fraud or computers to fall victim to phishing scams.
The federal government is working to help solve this small business cyber security problem. In early November 2021, the U.S. House approved two bills to increase cyber security protections for small businesses. While business owners still need to take responsibility for their own cyber security protection, it’s clear that the government is trying to do what it can to help.
Let’s take a closer look at these two important bills — the Small Business Administration Cyber Awareness Act and the Small Business Cyber Training Act — as they make their way through the legislative process.
Small Business Administration Cyber Awareness Act
The Small Business Administration (SBA) Cyber Awareness Act, would require the SBA to issue a report on its cyber security capabilities and notify Congress in the event of a cyber security breach that could potentially compromise sensitive information. This is likely because earlier in 2021, the SBA experienced a security breach that may have exposed the personal and financial information of 8,000 small business owners who had applied for SBA funding.
Another breach of this kind — or one of greater magnitude — could be financially devastating for small businesses, their owners and their employees. This bill aims to require accountability for cyber security protection at the SBA, which will, in turn, provide more protection for all the small businesses that rely on the SBA for funding.
Small Business Cyber Training Act
Another important resource for small businesses is the system of non-federal Small Business Development Centers (SBDC) in communities across the country. These centers are located in every state, providing training and other resources to small businesses at little or no cost. The second bill passed by the House addresses SBDCs specifically, calling on each to enhance their small business cyber security knowledge and skills.
The Small Business Cyber Training Act would establish a cyber security counseling certification program to help existing SBDCs better assist businesses with cybersecurity needs. This bill would authorize the SBA to reimburse SBDCs for employee certification costs up to $350,000 per fiscal year.
Because small businesses often lack the resources or technical knowledge to prevent cyber attacks — and it can be very costly to hire specialized employees or cyber security experts — it can be especially difficult to guard against breaches. Sponsors say this bill would help businesses get the resources they need to implement their own cyber strategy and take appropriate steps in the aftermath of a cyber attack against their business.
Both of these bills have passed the House and will now move to the Senate. So if you’re interested in boosting cybersecurity protection in your business, keep an eye on their progress.