Cybersecurity Regulation and Legislation: What It Means for Your Business

globalCybersecurity is one of the most important challenges that our nation faces. Congress and the Obama administration have been actively discussing the growing needs from a government and business perspective.  Over the past six months, we have not only seen an increase in cyber attacks from all over the world, but also an array of achievements from the U.S. government to combat those attacks. There has been an executive order to develop Information Sharing and Analysis Organizations (ISAO) to enhance public/private collaboration on cybersecurity, as well as the creation of the National Cybersecurity Center of Excellence, the Cyber Threat Intelligence Integration Center (CTIIC) and the Federal Trade Commission’s website, identitytheft.gov (consider hyperlinking the word “website” with this URL). Congress is still considering and hoping to pass legislation to support the sharing of information through the ISAOs with significant benefits for participating businesses. 

How does this legislation affect your business? Companies need to be proactive in educating themselves on cybersecurity, understanding the benefits of the legislation, as well as the requirements of many of the current regulations will help every business prepare for and hopefully prevent attacks against their infrastructure.  A few “best practices” recommended as you become more educated on cybersecurity include:

Understand that International legislation is different than U.S. legislation

For any company wanting to take their business international, they need to be aware of proposed and current laws established in other parts of the world. The robust information privacy and security schemes in other countries is vastly different from the laws currently in the U.S.  The Cybersecurity Forum is a fantastic avenue to gain more information surrounding international developments in cybersecurity across the globe, particularly between the U.S. and Israel. Cyber is a broad term. It can mean different things to different people. Some believe that cyber legislation is all about creating a national standard for reporting federal data breaches, whereas others believe it’s all about information sharing designed to assist in preventing future attacks.

Stay up-to-date on current cybersecurity issues and policies

Though there are multiple proposed policies and changes in progress, that doesn’t mean they will all be approved by Congress. However, it’s important to stay informed on these issues in order to strategically stay ahead of potential cyberthreats in your organization. Businesses need to be aware of significant cyber legislation to better prepare for what is being anticipated in the industry and educate themselves on what they can do to secure their data in the process.

Participate in knowledge sharing

The proposed ISAO legislation surrounding information sharing is aimed at encouraging private and government entities to share critical cybersecurity information with one another. Without this kind of outlet, companies lack the opportunity to share their knowledge or learn from each other. Currently, Information Sharing and Analysis Centers (ISACs) are where a majority of private sector information sharing is taking place. ISACs allow businesses to share information about cyberthreats within their industry, but many companies aren’t tied to a specific industry and cannot participate.  Businesses should be well aware of whether or not they are eligible to participate.