Just ask Fazio Mechanical Services, the mid-sized HVAC company that was hacked leading to the 2013 Target hack that compromised millions of credit cards.
"The hackers went into that small business with a phishing scam, someone clicking on something they shouldn't have clicked on, and as they began to move through the system they found this doorway to Target and produced a hack that affected more than 20 million people," said Guy Garrett, an associate professor of cybersecurity at Gulf Coast State College.
"What does this mean for small business people?" he continued. "Well they need to make sure when they are hiring that one- or two-person IT shop ... that the person comes in trained in cybersecurity."
The government is trying to help make it easier. The U.S. House of Representatives recently passed H.R. 2105, the National Institute of Standards and Technology (NIST) Small Business Cybersecurity Act, which will set guidelines for small businesses.
Rep. Neal Dunn, R-Panama City, who sponsored the bill, said it will help improve security for everyone in the country.
"It will set up standardized guidelines — just guidelines, not mandatory requirements — to help small businesses in their cybersecurity needs," Dunn said. "Every small business as well as large businesses has cybersecurity needs, and these days there's a critical shortage of expertise."
The program Garrett runs at Gulf Coast helps to create "keyboard-ready" cybersecurity employees, who enter the workforce ready to handle the growing threat.
Dunn said 60 percent of small businesses go out of business within one year of being hacked.
The bill has been sent to the Senate for debate. The guidelines currently are being "pulled together," according to Dunn, who said many of the guidelines already exist but needed to be vetted and put together by the National Institute of Standards and Technology.
©2017 The News Herald (Panama City, Fla.) Distributed by Tribune Content Agency, LLC.
