As a small business that recently went live to focus on enhancing the cyber security and privacy posture of the clients we serve, Rising Sun Advisors, like many other service providers (i.e., vendors), could potentially pose a large threat to the very clients they serve. As a professional services firm with a focus on management consulting at the intersection of business and cyber security, we are in the business of selling one thing – our brains. The critical problems that our clients face require the intellectual capacity, knowledge, expertise and experience to create solutions that will reduce the burden and stress of managing information and cyber risks. As such, we are trusted to maintain basic hygiene within the environment we work in (whether in the office, on the train, in a hotel room, or at home) so that our clients’ information is not compromised due to lack of care or lapse in judgement by our personnel. The advantage that Rising Sun Advisors has as a cyber security-focused firm versus other types of vendors (e.g., technology providers, HR outsourcing firms, etc.) is in how we behave in the day-to-day lives. For example, I know that I shouldn’t leave my screen unlocked when I’m walking away from the laptop – even if I am going to close the office door behind me! We need to minimize a bystander’s level of curiosity in snooping around, in addition to making it as tough as possible for the malicious-minded individuals to access the systems! Sometimes all it takes is a curious individual who stumbles upon information that they could leverage for their gain.
The challenge is that small businesses are not required to self-certify, as a basic measure, to a certain level of cyber security and privacy compliance at the onset of forming a legal entity (e.g., Sole Proprietorship, LLC, LLP, etc.) in order to operate in the United States. I personally know of many start-ups that began their journey in the garage of a friend’s home, or in a room of their family’s home, and their “cyber security hygiene” has not always been a priority. The States, in partnership with Federal government and Small Business Administration (SBA), have a responsibility to address this growing challenge as all businesses, no matter which industry (salons, restaurants, gas stations, professional services, restaurants, not-for-profit, etc.), leverage technology to enhance or further enable their businesses. From a national policy perspective, a tactical solution could be to develop and implement a “Cyber 101” training and awareness program that all who are interested in conducting commerce in the United States must complete, and certify their completion, prior to being granted a legal entity status.