Small businesses will soon receive much-needed help with cybersecurity. The National Institute of Standards and Technology (NIST), which previously developed the 2014 NIST Cybersecurity Framework and 2016 publication “Small Business Information Security: the Fundamentals,” has been intricately involved in building our nation’s cyber-resiliency.
Earlier this month, the 2017 NIST Small Business Cybersecurity Act passed in the House of Representatives. The NIST Act’s companion bill in the Senate, the MAIN STREET Cybersecurity Act of 2017, passed late last month.
The House bill directs NIST to develop and disseminate “clear and concise resources for small business concerns to help reduce their cybersecurity risks.” These resources include elements that will help “promote awareness of simple, basic controls, a workplace cybersecurity culture, and third-party stakeholder relationships, to assist small business concerns in mitigating cybersecurity risks.”
In other words, small businesses will have the opportunity to begin implementing cybersecurity best practices by obtaining free, voluntary guides developed by industry experts. These guides can help businesses mitigate the ever-growing risks of cyber threats with simple “cyber hygiene” tips and basic enterprise risk management strategies.
After the Senate bill and House bill to go through the reconciliation process, small businesses can expect to see new resources from NIST within a year after the President signs the bill into law.