Main Street America is on the front lines in the fight against cybercrime. Although major hacks of large corporations regularly fill the news, our small businesses are actually being attacked more regularly–and with increasing frequency. In fact, about 71 percent of data breaches occur in businesses with fewer than 100 employees.
Individual criminals, foreign entities and “hacktivists” create increasingly sophisticated ways to come after intellectual property, finances and personal information. Because small businesses often use shared resources, such as group offices and public Internet, and because they lack the luxury of dedicated IT teams, they have become easy targets for hacking and phishing scams.
Small businesses also stand to lose the most when sensitive personal and financial information is compromised. Recovering from a cyber-attack is more difficult for small businesses which have limited resources or depend on their reputations to keep customers. It is hard enough to keep a small business afloat without cybercrime, which many times cause businesses to go under after a single attack.
More than half of Americans prefer to shop online. In rural areas, like those in my home state of Idaho, growing a small business practically requires using the Internet to market goods and services to a larger customer base. Nearly half of American small businesses do not have a website; 74 percent of those that have websites still lack the capacity to do eCommerce. If we do not help make it safe to grow business online, then rural small businesses lose the opportunity to expand.
Having owned and operated a small business and as the chairman of the U.S. Senate Committee on Small Business and Entrepreneurship, I am well aware of the unique relationships small businesses develop with their customer base and the value of trust and confidence that comes with operating a successful small business. It is a serious concern of mine and many of my colleagues that small business owners may not have the awareness or the tools needed to keep their businesses safe and to recover from attacks.
That is why I have introduced the Small Business Cyber Training Act. American entrepreneurs depend on the local resource partners of the Small Business Administration (SBA) to provide the necessary information to start and grow small businesses. This legislation would allow existing Small Business Development Centers (SBDCs) to teach potential entrepreneurs about ways to keep their new business safe as part of the initial business plan– before a problem arises.
Another important education tool in the fight against cyber-attacks is the voluntary procedures developed by the National Institute of Standards and Technology (NIST). The research and coordination of technology standards NIST has done across the government is already working to increase America’s industrial competitiveness. Now, I am co-sponsoring the MAIN STREET Cybersecurity Act, to call on NIST to provide resources designed specifically for small-business use. The bipartisan bill will provide a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats.
Our country relies on small businesses to fuel our economy, and small businesses need a strong offense against the increasing threats to eCommerce, online finance and personal information. Research shows most attacks on small businesses are unknowingly facilitated by employees. With the right education for entrepreneurs, I am confident we can prepare our small businesses to outsmart hackers and prepare them to survive an attack and to thrive.
Senator Risch is chairman of the Senate Committee on Small Business and Entrepreneurship.