Cybersecurity is the goliath of tech-related concerns for companies of all sizes, not just large corporations. The Cybersecurity & Infrastructure Security Agency (“CISA”) encourages small and midsize businesses to focus on their risk management policies and procedures to mitigate risks associated with their information and communications systems. While many small businesses do not consider themselves a target for cyber-attacks, CISA states that cyber-criminals are likely to target small businesses.
A few concerns for targeted cyber-attacks include a cyber-criminal’s access to the business’ employee and customer records, access to the business’ finances and bank accounts, and attempts to use smaller businesses to target larger networks.
As we noted in the Porter Hedges Anti-Corruption & Compliance June blog post, the SEC’s new disclosure requirements will also require regular disclosure about a company’s risk management practices. Because smaller businesses may have fewer resources designated for cybersecurity, CISA developed a guide for small business leaders to create an action plan for the best cybersecurity practices, among other resources. Managing cyber…
