While there’s a lot chatter emanating from Washington regarding the need to improve cybersecurity it may very well turn out that laws being enacted at the state level are about to have the most immediate impact in the U.S.
Delaware has become the latest state to enact a law requiring businesses to be more careful in terms of how the secure data. The new law will require all companies doing business in Delaware to implement and maintain what is described as “reasonable security” to protect personal information. Delaware is one of 14 states that have imposed new or updated data security regulations. The most aggressive of those new cybersecurity laws has arguably been enacted in New York, which among other things require companies to appoint a chief information security officer (CISO) by the end of this month.
As well intentioned as all these state laws may be, however, collectively they wind up creating a byzantine set of statutes that organizations conducting any type of business in those states will need to navigate. If history is any guide it’s not too long after states start enacting laws to address the same issue that the Federal government acts. The only thing most business leaders hate more than new regulations are laws at the state level that are inconsistent with one another. Before too long business leaders start lobbying Congress to make a national law that can be consistently applied. But that national legislation may not be as strict as, for example, the cybersecurity regulations enacted by New York. But at the very least legislation at the national level should improve the overall state of cybersecurity compared to the current status quo.
Of course, this assumes that anything can be accomplished at the National level at all. Both President Trump and politicians on both sides of the aisle are calling for more cybersecurity. But calling for something versus being willing to act on it are not always one in the same thing in Washington. It also doesn’t seem as the Congress is able to concentrate on more than one issue at a time. That means sometime after healthcare and tax reform issues are addressed politicians in Washington might have time to turn their attention to cybersecurity.Sometime after healthcare and tax reform are addressed, Congress might have time for #cybersecurity.Click To Tweet
In the meantime, cybercriminals acting at the behest of nation states around the globe will continue to target organizations that have not shored up their cybersecurity defenses. Organizations based in states led by politicians that are committed to rolling back regulations are not especially keen to enact new cybersecurity laws. Unfortunately, many of those businesses have relationships with government agencies and other agencies that essentially make them the weakest link in an information supply chain that can be easily exploited.
The good news is that businesses are exerting more pressure on each other to address cybersecurity issues. Rather than waiting for the government to impose a minimal cybersecurity standard, businesses are actively moving to reduce their risks by implementing a consistent set of robust security protocols that extend to across all their suppliers and business partners. Naturally, those businesses don’t always appreciate the time, money and effort required to implement those protocols. But whatever the cost implementing those protocols sure beats the alternative.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.