High-profile data breaches have become common in the headlines, but it’s not just big businesses that are the targets of hackers.  According to the 2018 Hiscox Small Business Cyber Risk Report, 47% of small businesses had at least one cyber attack in the past year.  Yet, barely 52% of small businesses have a clearly defined strategy for cybersecurity.   Even more alarming is the fact that 65% of small businesses failed to act after experiencing a cybersecurity incident.

Cyberattacks are costly.  The Ponemon Institute reported that average costs in 2017 related to a malware attack on small and medium-sized businesses  were $1.03 million due to damage or theft of IT assets, and $1.21 million due to disruption of business operations. 

The good news is that free resources are available to small and medium-sized businesses to beef up their cybersecurity.  The Global Cybersecurity Alliance (GCA), a non-profit organization backed by the New York City District Attorney’s Office and the City of London Police, recently released a free cybersecurity toolkit.  The toolkit is great for business owners who want to reduce common cyber risks. 

The GCA Cybersecurity Toolkit is built around the Center for Internet Security Controls framework.  GCA claims that addressing just the first five CIS Controls can reduce the risk of cyberattack by 85%.  Geared toward a nontechnical audience, the GCA Cybersecurity Toolkit takes users through six “toolboxes,” each one designed to address an aspect of cybersecurity:

  1. Know what you have – take inventory of hardware and software
  2. Update your defenses – updating systems, applications, and security settings, and securing your website
  3. Beyond simple passwords –selecting strong passwords and implementing two-factor authorization
  4. Prevent phishing and viruses – preventing malware and phishing attacks
  5. Defend against ransomware – using backup tools to guard against ransomware infection
  6. Protect your brand – preventing others from spoofing your brand name and email addresses

If you’re a business owner looking for a user-friendly way to begin building a cybersecurity program, the GCA Cybersecurity Toolkit is a good starting point.

It’s time to roundup the bills related to computer technology that the Hawai‘i legislature is considering in its 2014 regular session.  Click here for a chart summarizing the proposed legislation.  Here are the highlights:

Social Media and Internet Account Passwords:  Several bills to prohibit improper requests for access to personal social media accounts of employees and students were introduced in the 2013 session.  None of the them passed.  This year, HB2415 renews the effort to outlaw improper social media password requests.

Internet Sales Tax:  HB1651 would require online companies with arrangements with Hawaii merchants for referral of business  to collect use taxes on sales made in Hawaii.  This bill would affect online retailers like Amazon, who allows local merchants to sell their products through Amazon Marketplace.

Restrictive Covenants:  In an effort to encourage the development of technology business in Hawai‘i, a state with a relatively small geographic area, two bills (HB2617 and SB3126) would prohibit technology businesses from requiring employees to enter into noncompete agreements and restrictive covenants.  “Technology business” is defined as “a trade or business that relies on software development, information technology, or both.”

Cybersquatting: SB2958 would put the burden on a cybersquatter to prove that it did not register a domain name in bad faith or with intent to use it in an unlawful manner, provided that the person claiming cybersquatting can demonstrate the potential of immediate and irreparable harm through misuse of the domain name.

Cybersecurity Council: SB2474 would establish the Hawai‘i cybersecurity, economic, education, anfrastructure security council.

Mobile Devices: Three bills (HB1509HB1896, and SB2729) would make it a State offense to use a mobile electronic device while operating a motor vehicle.  Certain counties already have similar laws.

3D Printing: In response to the rising availability of 3D printers, HB1802 would make it a crime to create, possess, sell, trade, or give another person a firearm made with digital manufacturing technology.

Computer crimes: A series of bills criminalizes various kinds of computer activity, including unauthorized access to a computer or network and damage to a “critical infrastructure computer” (HB1640); theft of a computer (HB1644);  or personal electronic device for storing or retrieving personal information (HB2080); and revenge porn (SB2319).

Now that the 2013 legislative session in Hawai‘i is in full swing, let’s take a look at what new measures are in the pipeline to regulate Internet activity.  A chart of relevant information about each bill is available here.  Here’s a summary of the Internet-related proposals working their way through the legislature.

Social Media and Internet Account Passwords

A set of bills (SB207 and HB713) proposes to join other states in banning employers from asking employees or job applicants to disclose the passwords to their personal social media accounts.  Another set of proposals (HB1104 and HB1023) would extend the ban to educational institutions and their students or prospective students.

Privacy Policies

Two bills (HB39 and SB729) would make it a legal requirement for operators of a commercial website or online service to post a privacy policy on their website.

Cyberbullying

Three bills (HB1226, SB525, and HB397) would require the board of education to adopt various policies and programs to combat cyberbullying in public and charter schools.

Teacher/Student Interactions

Apparently responding to incidents in which teachers and students conducted inappropriate relationships online, HB678 would allow a teacher in a public or charter school to engage in electronic communication with a student (including cell phone calls) only on Department of Education networks and systems.

Identity Theft

SB325 would require businesses to implement a comprehensive, written policy and procedure to prevent identity theft and train all employees in implementation of the same.

Cybersecurity

HB462 would establish a statewide cybersecurity council to identify and assess critical computer infrastructure, identify cybersecurity “best practices,” recommend incentives for voluntary adoption of such best practices, evaluate the efficacy of such practices, and report annually to the legislature.

We’ll be tracking these bills, reporting on their status periodically, and posting revisions to the chart.  Stay tuned!