WASHINGTON D.C. – Today, U.S. Senator John Kerry (D-Mass.) joined Senator Olympia J. Snowe (R-Maine) and U.S. Reps. Michael Michaud (D-Maine) and Donald Manzullo (R-Ill.) in introducing bipartisan and bicameral legislation to help protect America’s 27 million small businesses from computer hackers and other information security breaches. The Small Business Information Security Act of 2008 (S. 3102 and H.R. 6206) would create the Small Business Information Security Task Force within the Small Business Administration (SBA) to help small firms understand and effectively respond to the information security challenges they face.
“In today’s rapidly changing economy, the internet has enabled small businesses to innovate and thrive. But we also must make sure that small businesses are armed to protect themselves and their customers against hackers seeking financial and personal data,” said Senator Kerry, Chairman of the Committee on Small Business and Entrepreneurship. “Since small businesses account for half of our economy and create two thirds of all new jobs, giving small businesses the tools to protect sensitive information helps to strengthen our broader economy as well.”
“According to a 2005 Small Business Technology Institute survey, more than half of all small businesses in the United States experienced a security breach in the last year,” said Senator Snowe, who is also Ranking Member of the Senate Committee on Small Business and Entrepreneurship. “Given that the study concludes that nearly one-fifth of small businesses do not use virus-scanning for e-mail, over 60 percent do not protect their wireless networks with encryption, and two-thirds do not have an information security plan, it is clear that we must get serious about helping firms to protect themselves from cyber predators. By establishing a Small Business Information Security Task Force at the SBA, the legislation we are introducing today would take concrete steps to safeguard small enterprises and their customers.”
“This legislation will help to ensure that the Small Business Administration is playing an active role in providing the resources and knowledge that our small businessmen and women need in order to stay up-to-date with the latest information security technology and practices,” said Congressman Michaud. “Small businesses throughout the country have used information technology to expand their businesses, speed up business processes, and better serve their customers. The Small Business Information Security Act will help small businesses throughout the country protect themselves and their customers.”
“America’s 27 million small businesses are the job creators of our economy and we must do everything we can to help protect them from computer hackers and data thieves,” said Representative Manzullo. “This legislation will help them identify potential information security breaches and protect them and their customers from these cyber criminals.”
The obstacles posed to small businesses by cyber criminals are numerous. The recent breach at the supermarket chain, Hannaford Bros., which exposed 4.2 million credit and debit card numbers to fraudulent use, indicates the ease with which sensitive information can be obtained, regardless of the level of protection that might be in place. Moreover, as more small businesses seek to compete internationally, they must be provided with the tools to protect their information systems from countries with less stringent security laws.
Specifically, the Small Business Information Security Task Force that this legislation would establish would:
- Identify information security concerns and the services that address those concerns;
- Make recommendations to the SBA regarding how it can better assist small businesses to both understand cyber-security issues and identify resources to help meet those complex challenges; and
- Promote current programs and services that will help small businesses protect their customers’ valuable information.