You know those pop-ups on our computer warning of a bug, or malicious phone calls claiming your insurance is expiring? They’re getting smarter.
Many scams, like these, have been around for so long they are easy to spot and are now just a nuisance to our daily routine. Yet, con artists are constantly creating new ways of scamming, robbing and attacking us.
Your business is a prime target for these cybercriminals. They want to steal your funds, manipulate data and shut down your business.
Fortunately, there are laws and regulations in place to protect you and your business against these cyber crimes.
What is cybersecurity?
Cybersecurity is the fuzzy blanket that protects businesses and individuals against the cybercriminal monsters under the bed.
Unlike the monster that plagued you when you were five, these monsters are real. They’re after information, servers, networks, software, applications, computers and personal devices—everything that is intended to be private and vital to keeping your business running.
You’re already familiar with a lot of cybersecurity steps to take such as having strong passwords, firewalls, anti-virus protection, encryptions and data protection.
These are essential items to have in place to protect against cyberattacks, malware, phishing scams and other malicious unauthorized access.
But where your passwords and firewalls leave off, the U.S. government takes over.
What is your company’s liability in the event of a breach?
Not that long ago, these crimes and laws only affected a select few. However, today, just about every business relies on the Internet for operations, making these laws much more relevant to you.
Cybersecurity laws and regulations address the criminal activity, jurisdiction and insurance matters relating to Internet cyber crimes. But these laws might end up costing you even more after an attack.
There are penalties and substantial fines for non-compliance with these laws. However, with a little understanding, these four cybersecurity laws do in fact keep you and your business safe.
1. Gramm-Leach-Bliley Act
We start back in 1999, when Michael Jordan first announced his retirement from basketball and Star Wars thought it was a good idea to reveal Jar Jar Binks to the world.
The Internet was becoming more popular for consumers and con artists alike, and the federal government determined that certain safeguards were necessary.
The Gramm-Leach-Bliley Act (GLBA) enacted a set of rules that all companies dealing with finances must follow:
- You must conduct background checks, require security training and receive signed confidentiality agreements from all employees dealing with customer information.
- You must create policies for security and data encryption, and disclose how you store and protect your customers’ private information. This includes transferring, transporting and disposing of information.
- In addition, you must implement timed lock-screens for all devices, and require frequently changed passwords.
- Finally, you must discipline any security violations.
You most likely already follow these rules, but this law is the foundation to the security of your business. Any failure could result in disaster for your clients' information and your company.
2. Homeland Security Act and FISMA
Violent terrorist attacks fueled this security act, which resulted in the creation of the Department of Homeland Security to protect against domestic and foreign terrorism.
But, this was 2002. Broadband was becoming more in demand than dial-up, and Internet speeds were dramatically increasing.
Lawmakers shook their Magic 8 Ball and predicted that cybersecurity was a matter of national security, too.
The Federal Information Security Modernization Act (FISMA) requires every government agency to develop a method to protect their information systems against cyber attacks.
The results of this act provide an overarching wave of protection against IT security risks, which can be a huge benefit for you and your business.
3. Cybersecurity Information Sharing Act
The Cybersecurity Information Sharing Act (CISA) was passed in 2015 to provide additional security and make prosecuting cybercriminals easier.
Many cyber crimes are never reported, and if they are, evidence is often difficult to collect in order to do anything about them.
CISA provides a way for technology, manufacturing and other companies to share Internet traffic and cyber threat information, so it can be used as evidence to prosecute cyber crimes.
The sharing of personal information between private companies and the U.S. government isn’t as scary as it sounds—there are provisions in place to protect privacy and information unrelated to these crimes.
So think of it this way: The more CISA prosecutions, the fewer criminals are left to attack your business.
4. State Cybersecurity Laws and Regulations
Okay, this is cheating a little, but these laws deserve your attention, so they’re getting shoehorned in here.
With the increase in cyber threats in recent years, there have been attempts at further federal laws like the 2017 Consumer Privacy Protection Act, or the Consumer Data Privacy and Security Act of 2020, but none have actually been enacted.
Some individual states have taken matters into their own hands to create policies that help protect businesses and consumers.
In 2018, California became the first state to pass its own cybersecurity law. The California Consumer Privacy Act allows consumers to demand all information a company has saved on them, as well as what outside parties their information has been shared with.
New York followed closely behind passing the SHIELD Act in 2020, which mandates companies disclose data breaches, but also detects, prevents and responds to cyberattacks. This law applies not just to companies who conduct business in New York, but also to anyone who owns or licenses computerized data that holds New York resident information.
Many other states have laws in place, and there are more than 300 bills and resolutions in the works around the country for future regulations.
Click here to learn more about your state’s proposed cybersecurity bills for 2021.
The future of cybersecurity law
The laws that were once ahead of their time now leave us playing catch up. In order to stay one step ahead of these criminals, there must be perpetual measures of modernizing cybersecurity and data protection.
This is proven by recent data breaches such as the SolarWinds hack in the spring of 2020, in which Russia compromised about 100 companies, including Microsoft and Intel, and a dozen government agencies including the U.S. Department of Treasury and the Pentagon.
As a response, President Biden signed an Executive Order that will affect all commercial business and will have immediate effects on government and those closely affiliated with government branches such as contractors, suppliers and critical infrastructure. It would not be surprising to see more federal legislation regarding data privacy and security in the near future.
How do you stay safe?
While proposed cybersecurity regulations are stricter and more advanced than ever, there is an unfortunate inevitability of cyberattacks.
These cybercrooks are always looking for new ways to weasel private information away from you for their own personal gain, no matter how damaging it is to you and your clients.
The laws mentioned above certainly provide means to help keep your business safe from threats, but you still have to be proactive in protecting what matters to you.
Contact us to learn how Marco’s Managed IT solutions can help provide your business with even more security.