SBA should develop a free online “Cybersecurity Boot Camp” that provides small businesses the concrete steps they need to create a basic cybersecurity program to address the most critical cyber threats they face.

To Do: Create a Cyber Boot Camp for Small Businesses

SBA should establish a cybersecurity cooperative to create a large pool of willing buyers for various cybersecurity products and services, including cyber risk insurance.

To Do: Form a Small Business Cybersecurity Co-op

A proposal on cybersecurity certification will offer few benefits, introduce burdensome costs to the government and the private sector, and not address the root cause of most cybersecurity vulnerabilities.

The Role of Professional Certification in Securing Information Systems

An op-ed in Federal Computer Weekly discussing the problems with relying on professional certification to improve the security outlook of government agencies.

Certifications Are Not a Panacea for Cybersecurity Woes

One of the biggest challenges that organizations face as they try to keep up with the growing number of cyberattacks is finding workers with the right skills, ITIF’s Daniel Castro writes for Government Technology Magazine.

Boosting the Cyberworkforce

The FTC should use the ruling in LabMD v. FTC as an opportunity to recalibrate its strategy for promoting strong cybersecurity practices among businesses, Daniel Castro writes in Morning Consult.

LabMD Ruling Gives FTC Chance for Course Correction on Cybersecurity

Passing the National Community College Cybersecurity Challenge Act would be an important step forward in improving U.S. cybersecurity.

ITIF Commends Introduction of National Community College Cybersecurity Challenge Act

Daniel Castro writes in The Hill that a relatively simple step that Congress could take to jump-start cybersecurity in the fledgling Internet of Things is to require companies to publish a security policy.

How Congress Can Fix ‘Internet of Things’ Security

How Congress Can Fix 'Internet of Things' Security

Given the scope and sensitivity of the personal information that the U.S. government collects, doing a job that is “good enough for government” is no longer acceptable when it comes to information security.

To Do: Establish a Program for Part-Time Cyber Professionals

Recommendation

Details

Editors’ Recommendations

Testimony to the U.S. Senate on Preparing Small Business for Cybersecurity Success

Related

To Do: Create a Cyber Boot Camp for Small Businesses

To Do: Form a Small Business Cybersecurity Co-op

The Role of Professional Certification in Securing Information Systems