We believe that the cyber threat to small business is real and continuing to grow. Everyday each of us hear of the multiple incidents of cyber attacks hitting businesses around the country. Whether the attacks are criminal in nature, initiated through state actors, or from a lone hacker sitting at their computer, they each can have a devastating effect on a small business.
Through all of this discussion on cybersecurity, we also believe that there is an opportunity emerging for those small businesses that proactively address their online cyber presence now. By taking the lead to create a more secure cyber/online presence, we believe that a small business can begin to better position themselves in the marketplace to be a more trusted resource for their customers and that a strong plan will open up to them a growing market for Federal contracts and vendor relationships with larger corporations.
Here at the University of Georgia SBDC, we are setting the context of our initiative to be more of an incentive based approach to building a cybersecurity plan versus a defensive based reaction to malware, a hack, ransomware or some other form of a cyber attack. Thus, our program will be known as CyberStrength as opposed to CyberSecurity. We want the business clients we work with to become CyberStrong, to assist these businesses to continue to grow and to allow the owners to focus on the benefits of setting a strong cyber plan as they deal with the current threat environment (as opposed to focusing more on the threats out there). One article that relates to this topic from the Harvard Business Review is: Good Cybersecurity Can Be Good Marketing
The other issue we see on the horizon relates to a new requirement coming up December 2017 for businesses doing business with the Federal government (focusing on protecting controlled, unclassified information) , NIST SP 800-171. This standard will require businesses securing Federal contracts that have access to controlled, unclassified information (CUI) to have a certain level of cybersecurity (to include a cybersecurity plan) in place in order to obtain the contract. One of the primary reasons for this requirement is that cybercriminals and cyber state actors are using the small and medium business contractors as a backdoor into the DOD/Federal systems. We also anticipate larger companies adopting a similar requirement going forward and it is our goal to proactively assist our clients in preparing their online presence to meet these requirements. If you are, or plan to be doing business with the Federal government in the next year (and after), you need to understand this requirement better now and begin to put into place the necessary processes to satisfy the standard of compliance. Stay tuned for more information that will be coming to this site. If you have questions on this standard, please contact us here and we will work to put you into contact with the appropriate resource: Contact Form Link
Consider bookmarking this site for updates on additional resources and information. This site will continue to develop over the coming months as we work to put together the best resources and information we can find to help the small businesses we work with continue to strengthen their cyber presence. We are under attack, folks, and you can choose to be either a victim or proactively take charge and implement these changes. Join with us and let’s all become #CyberStrong.
(Source: Mark Lupo, MBCP, Area Director, UGA SBDC in Columbus)