The U.S. Small Business Administration (SBA) could soon get a boost in helping small to mid-sized enterprises cope with information security concerns, under new legislation being introduced in Congress that is aimed at helping users identify potential information security breaches to protect them and their customers.

Small businesses represent nearly 95 percent of all American businesses. And according to a recent Small Business Technology Institute survey, more than half of all small businesses in the United States have experienced a security breach.

Bill sponsor Senator Olympia J. Snowe, R-Maine, a ranking member of the Senate Committee on Small Business and Entrepreneurship said in a statement, "Nearly one-fifth of small businesses do not use virus-scanning for email, over 60 percent do not protect their wireless networks with encryption, and two-thirds do not have an information security plan. We must get serious about helping firms protect themselves from cyber predators.”

The bill, called the Small Business Information Security Act of 2008, would create a Small Business Information Security Task Force to help:
  • Identify information security concerns and the services that address those concerns;
  • Make recommendations to the SBA regarding how it can better assist small businesses to both understand cybersecurity issues and identify resources to help meet those complex challenges; and
  • Promote current programs and services that will help small businesses protect their customers' information.
The proposed task force would be composed of representatives from the SBA and other key federal agencies, as well as industry experts, IT vendors, IT security academics, small business trade associations, along with state and local agencies involved in cybersecurity.

After the task force has scrutinized security issues facing small businesses, it will present a report to Congress on its findings and recommendations.

It is hoped that the legislation will help small companies better understand the resources available to them so they can use their data more safely, Wally Hsueh, staff director for Snowe, told Wednesday.

“How small businesses fundamentally tool and train for cybersecurity drives in large part how they properly deal with their customers and all security matters,” Roger Cochetti, group director of U.S. public policy for the Computing Technology Industry Association (CompTIA), said in a statement.