Yesterday we shared the reality that business needs to focus on cybersecurity and not wait for government as it is very difficut for local, state or federal governments to reach hackers in far-flung countries with no relationship with the U.S.

We further reported New York Attorney General Letitia James said, “Unfortunately, you know, New York State laws have not caught up to the 21st century, and it is critically important that we review the laws in the state legislature to ensure the privacy of New Yorkers is protected.”

It looks like governments are trying to catch up.

The U.S. Small Business Administration is working with the U.S. Department of Homeland Security and the Information Technology Coordinating Council to attract respondents to a confidential cybersecurity survey for small and mid-sized businesses.  October is designated National Cybersecurity Awareness Month.

“Cyber attacks are a growing concern for small business owners and our economy. The SBA is encouraging entrepreneurs to participate in this survey to help identify best practices that reduce threats to small and mid-sized business’ data and information, two items central to their operations,” said SBA Regional Administrator Steve Bulger, who oversees the agency’s operations throughout New York, New Jersey, Puerto Rico and the U.S. Virgin Islands.

DHS’ Cybersecurity & Infrastructure Security Agency and the ITCC are the primary agencies coordinating this survey with assistance from the SBA and its Office of Advocacy. 

In 2018, the FBI reported the cost of cybercrimes reached $2.71 billion with almost $1.3 billion occurring from business e-mail/e-mail account compromises, approximately $270 million in losses from data breaches, $362.5 million in confidence fraud and $70 million in spoofing.  In fact, New York and New Jersey were among the top 10 states where the most victims of cyber crimes live according to the report.

“Cybersecurity is an issue that effects all businesses, but many small and medium businesses do not have the resources or even the awareness to adequately protect themselves.  This survey will provide critical data to the federal government to assess these issues and our state of preparedness,” said SBA Regional Advocate Christine Myers from the Office of Advocacy.

The voluntary survey is open to all small businesses and will not publish confidential or identifiable information from respondents.  Participation in the survey will help inform the Cybersecurity Framework being developed by the National Institute of Standards and Technology in addition to other federal agencies.

Survey results are intended to produce data about which sources small and mid-sized businesses use to reference cybersecurity best practices, the specific assets and management practices of each company, such as physical access management, as well as the benefits of, and the cost of the NIST’s framework use and implementation.  Cybersecurity awareness and current cyber risks to small businesses will also be covered.

The survey data will be collected and anonymized by ACT | The App Association.  Questions or concerns regarding the survey can be addressed to Brian Scarpelli at [email protected](link sends e-mail) or Alexandra McLeod at [email protected].

Until the government finds a way to protect us all - which likely, can't happen - how do you stay secure or at least drastically reduce the risk?

Just follow these three steps. Good luck!

1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.

3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.