FCC Chairman Julius Genachowski Monday plugged an online tool -- the Small Biz Cyber Planner -- which will help small businesses protect against cybersecurity attacks. October is National Cybersecurity Month.
Genachowski hosted a cybersecurity roundtable in May at the FCC in which he heard from small businesses who had suffered online security breaches.
Genachowski Monday said the FCC's planner will be a simple way to create a cybersecurity protection plan by answering some simple questions like, "Do you use credit cards?" or "Do you have a public web site?" Genachowski led off a morning conference on cyber security hosted by the U.S. chamber of Commerce and including representatives from the Department of Homeland Security and Symantec.
Symantec released a report Monday that showed that 52% of small businesses do not have a cybersecurity plan in place. Genachowski said that made them low-hanging fruit for cybercriminals, potentially costing them billions of dollars and preventing them from reaping the job and revenue creation harvest of broadband deployment.
He said small businesses generate the majority of net new jobs -- about two-thirds -- and increasingly rely on broadband. He called the online marketplace America's new main street. "More than a million entrepreneurs are selling on eBay and Amazon," he said, from places like Indian Trail, N.C. He said the new planner would help businesses that can't afford a dedicated staffer or consultant to help create a cybersecurity plan.
The chairman said the FCC was on track to vote this week on a Universal Service Reform proposal that he said would get broadband to millions more people, which means even more potential online customers for small businesses.
The FCC has already created a cybersecurity tip sheet in coordination with public and private partners. Genachowski said DHS would not include that in its informational material on cybersecurity, and that HP was now including it in the info packets with its devices.
Michael Chertoff, former director of DHS and now head of The Chertoff Group, said as the owner of a small business, he was a customer as well as a backer of the effort. He gave the FCC a shout-out for the effort.
Chertoff said the public and private sectors have to work together to fight the threat. While the high-profile stories may be about attacks on Google or major government agencies, the fact is that the problem and threat are very much a concern for small businesses. Chertoff, who was at the FCC's May roundtable on small business, said that the theft of information can cause reputational damage or legal problems for small businesses. Those are often the ones least able to handle those problems.
He said not to consider cybersecurity is like leaving money lying around on a table and assuming it is secure. And there are increasing opportunities via use of USBs and personal mobile devices at work, and employees working from home, and via social networks, said Symantec exec Cheri McGuire.
Chertoff said the cybersecurity vulberability is often not the firewall, but the person who is phished into letting their guard down. He said one of the keys is educating people about what not to do, like just sticking a thumb drive into their computer. "We should not become our own worst enemy in securing our networks," he said.
Michael Kaiser, executive director of the National Cyber Security Alliance, outlined data from the new Symantec study. He said that there is a significant gaping hole in the online ecosystem that needs mending.
He said 38% of respondents in the study said that losing access to the Internet for a day or two would be "extremely disruptive." And while they say that 76% of their employees use the Internet daily, more than two thirds of the companies don't have a formal policy on cybersecurity for those employees, and 45% don't provide any training and only 34% of the companies have a plan for responding to or reporting breaches if they happen.
That may be because 85% say they believe their business is secure from hacks and attacks, which Kaiser said anyone in the field recognizes is a misplaced trust. "We have some work to do here," said Kaiser. He suggested one way to approach it was through the finding that 57% say a strong cybersecurity policy is good for their brand.