Big Security for Small Business
by Matthew Schroeder and Matt Sievers, with support from Olivia Erickson and Alexander Romero
Small businesses face a difficult challenge — they are held to similar cybersecurity standards as large enterprises but lack similar resources. They are also frequently the targets of automated exploitation by cyber criminals. As such, small businesses are at high risk for business failure in the event of a breach. This project recommends updating government procurement policies — especially at the state and local levels — to require minimum cybersecurity standards for all contracts, including small businesses. Additionally, it recommends the adoption of curated tools specifically designed to help small businesses meet these minimum standards. By simultaneously increasing the cost of non-compliance and reducing the friction of implementation, these proposals will improve the overall cybersecurity posture of many small businesses.
Click below to view various resources for both businesses and policy makers, including a draft cyber policy document, a policy brief, templates for small businesses to self-certify and to plan out their cybersecurity, as well as a website resource guide for small businesses to self-educate and assess their own cyber security risk.