SIFMA Issues Guidance for Small Firms on Cybersecurity

SIFMA issued guidance titled "How Small Firms Can Better Protect Their Business," which builds upon National Institute of Standards and Technology’s ("NIST") Cybersecurity Framework. The NIST Framework is derived from existing industry standards to help small firms improve their cybersecurity and ensure customer protection.

In the guidance, SIFMA explained that as more small firms become increasingly dependent on technology, they become targets for cyber criminals. The percentage of cyberattacks targeted at businesses with fewer than 250 employees jumped from 18 percent in 2011 to 31 percent in 2012.

The guidance stated that the first step to assess what protections are needed is to determine the likelihood of different cyber threats and their potential impacts. The guidance classified "cyber threat actors" into four categories: crime, hacktivism, espionage, and war. The greatest threat that small firms face, according to SIFMA, is crime which occurs primarily through a cyberattack that involves data theft, fraud or extortion.

In order to create an effective cyber protection program, SIFMA explained that NIST created a cybersecurity framework for firms to improve cybersecurity. In addition to the framework, the guidance outlines an action item checklist to assist firms in protecting themselves against the most common attacks, and identifies third party business solutions to further help firms monitor and address cybersecurity needs.

See: SIFMA Report "How Small Firms Can Better Protect Their Business".See also: SIFMA Issues Statement on Cybersecurity Legislation (July 22, 2014); Secretary Lew Discusses Cybersecurity (July 16, 2014); Trade Associations Submit Letter to Senators Regarding Cybersecurity Information Sharing Act of 2014 (July 8, 2014); SIFMA Executive Vice President Snook Delivers Remarks Regarding Cybersecurity (June 18, 2014); SIFMA CEO and President Bentsen Delivers Remarks on Cybersecurity and Current Market Structure Reform (June 17, 2014).