It has been a hot topic for governments around the world as cybersecurity comes to the forefront of the latest agendas in countries such as Italy, France, India, China, Russia, USA, and the UK.
All of these countries have seen the percentage and the amount of money syphoned off by criminal gangs that target business IT systems as a means to make money. With many cyber-attacks resulting in costing companies financially, the losses are written off against tax meaning the governments have had to get involved. World economy is not exactly at its strongest right now, and governments need all the tax they can get.
It has been reported that many of the businesses that have suffered at the hands of organised crime groups were not properly prepared. Their back up systems were either non-existent or outdated. Their IT security an open door. Plus, their internal IT security policies were not enforced or quite simply the business had no IT security policy.
Many of these companies do not have any insurance policies that protect them from theft of data or financial funds. One unnamed US official said “Insurance against cyberattacks is something most small to medium size businesses have never considered, but in this day and age it should be mandatory”.
This means that there is a strong belief within government departments that something needs to be put in place to force these businesses to protect themselves. Afterall, if a business fails because it suffered from a cyberattack, then it is not just the business owners that suffer, but those employed by the business whom the firms have a responsibly towards.
What Would Mandatory Cybersecurity Be?
One idea is that governments would issue a permit to businesses. Every business would have to obtain the permit within a set time period. If they do not, then there would be a financial penalty or any losses from a cyberattack cannot be written ff against tax.
To qualify for permit issuance the companies would have to pass a cybersecurity test similar to one used in the financial services sector. Tests would mean proving that the company actively uses anti-virus software, provides encrypted VPNs to employees with laptops, issue cybersecurity manuals to all staff, and prove employees have been trained on internet security such as the use of navigazione in incognito, local file encryption, deleting temp files and so on.
Another idea was to forced businesses to take out insurance policies against cyberattacks. This approach would save governments time as well as taxpayers money, which would be used to set up a government department to control and govern the issuance of permits. Insurance companies will not cover a business that cannot prove it has done all it can to protect itself from a cyberattack. In short, the same training and security software stipulate in the rules to obtain a government permit would be required by the insurance companies.
Right now there are numerous small businesses that are not using any kind of security or protecting. They are at risk, but do not realise it. Even training employees to use something as basic as navigazione sicura would make a huge difference.