Last year, Attorney General Mike DeWine launched CyberOhio, an initiative aimed at helping businesses protect themselves from hackers and other cyber threats. This was a unique effort to bring together cybersecurity and privacy industry experts with businesses. A major component of CyberOhio was the creation of the advisory board that now provides the Attorney General’s Office with guidance on various cybersecurity issues. A handful of Ohio Chamber member companies were appointed to, and still serve on, the advisory board.
Another goal of CyberOhio was to explore potential legislative approaches to improving the legal cybersecurity environment. Since last year, the Attorney General’s Office has been exploring draft language that would incentivize businesses to enhance their cybersecurity platforms and ultimately protect consumers. Just this afternoon, Senate Bill 220 was introduced as a way of accomplishing that goal. If SB 220 is enacted, businesses that choose to invest in cybersecurity programs will have the added benefit of a legal safe harbor in the state of Ohio.
Last Thursday, the Attorney General held his annual law enforcement conference at the Hyatt Regency Columbus. This year the conference included a special opportunity for small business owners. An afternoon small business roundtable with Attorney General DeWine provided nearly twenty small business owners with the opportunity to share their viewpoints and challenges related to cyber threats. DeWine’s office invited small business members of the Ohio Chamber and the Ohio Small Business Council (OSBC) to attend the 90 minute session. Bill Bishop, President of Associated Insurance in Westerville, Ohio, represented OSBC as the past chairperson of the committee.
“It was a great chance to hear how the Attorney General’s office is focused on helping the businesses of Ohio by addressing current and future challenges while also providing resources,” Bishop said on attending the roundtable.
During the roundtable, a few simple (and free) safeguards were also discussed:
- Not sharing passwords with co-workers
- Not writing down passwords or placing a post-it note with passwords under your keyboard (yes, this one is more common than you might think)
- Not allowing employees to access personal e-mails or files on the company network, but instead setting up another network/server for personal usage
Many employees do these seemingly harmless things without even thinking about it. While big business data breaches (Target, 2013) become the highest profile cases, it is still a critical issue for smaller businesses to address. Many small businesses have outgrown their current network infrastructure, as it is difficult for them to keep up with the ever-evolving world of technology. Furthermore, small business owners do not have the time and financial resources to worry about their information technology.
As discussed at the roundtable, business versions of internet security, antivirus and firewall software that you can purchase in stores may be enough for many small businesses. However, as businesses grow, especially if they are transacting with businesses in foreign nations, they should truly consider more comprehensive cybersecurity options.