Small business owners need to protect their digital assets just as strongly, if not more so, than they protect their physical and financial assets.  Who is going to manage small business cybersecurity?

Adding full cybersecurity responsibility to the to-do list for the already busy small business owner might seem like piling on.  After all, small business owners are already responsible for customer acquisition, customer satisfaction, hiring, payroll, facilities management, tax and regulation compliance, and on it goes. 

But small business owners didn’t invent the internet and don’t manage it now.  The origin of the internet actually stems from a government initiative decades ago.  Furthermore, the original infrastructure of the internet that was designed way back when couldn’t envision the usage scenario that evolved.  

Since the government was responsible for the way the internet was created, shouldn’t the government shoulder some of the responsibility for the cybersecurity crisis?

Maybe the better questions are: Can the federal government just solve the cybersecurity crisis for small business?  After all, if small business cybersecurity is such a big deal, why doesn’t the government do something about it?

Here’s the response from Congress.  A bill was signed by President Trump last week intended to help small businesses with “resources” to fend off cyberattacks.  In this case resources are defined as “guidelines, tools, best practices, standards, methodologies, and other ways of providing information” provided by the Director of the National Institute of Standards and Technology.  Here’s the most effective part of the bill:

The Director, in carrying out section 2(e)(1)(A)(viii) of the National Institute of Standards and Technology Act, as added by subsection (b) of this Act, in consultation with the heads of other appropriate Federal agencies, shall disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks.

The effect of this bill is that the Director of NIST plans to send the small business community information to help the small business owner protect the small business IT. 

Ultimately, the responsibility for small business cybersecurity lands right in the lap of the person responsible for everything else at the small business:  the small business owner. 

Does that mean that every small business owner will need to become a certified cybersecurity expert?  No. It means that the every small business owner who doesn’t want to become a small business cybersecurity expert needs to hire someone who is a small business cybersecurity expert – someone that they trust.