It wasn’t reported in the mainstream media and it doesn’t pertain to most people. But when you see the start of litigation after years of warning, you kind of wonder “what took so long” and then realize this is one of those moments that will change how business is conducted. The “wave” is the start of litigation about cybersecurity compliance and privacy. It is coming and it will be big.
At the end of May, defense contractor Aerojet was found being fraudulent of falsifying cybersecurity practices and compliance regulations. Aerojet needs to provide “adequate security” on all “covered defense information” (CDI) as defined by the National Institute of Standards and Technology (NIST) regulation known as 800-171. The regulation requires safe guarding of data and cybersecurity practices to protect sensitive data from cyber-warfare and includes 110 security requirements. As a defense contractor, their ability to keep sensitive data safe is no laughing matter. Aerojet was caught being misleading with their statement on cybersecurity compliance. This is the first time the NIST 800-171 cybersecurity standard is being legally enforced.
Where this becomes the start of a bigger wave, is the number of cyber-attacks on business is increasing dramatically. Plus, in California, personal privacy is becoming a bigger and bigger issue as new legislation is slated to take effect in 2020 that will give California a law similar to the GDPR. There will be much more news about the new law as legislators finalize the details of the California Consumer Privacy Act, A.B.375. This law is intended to protect consumers from the abuse of private information companies can collect and distribute. It gives broader definition to what is “private” including personal identifiers, geolocation, biometric data, internet browsing history and psychometric data and inferences a company may make about the consumer.
What most business owners don’t understand is that there is a current cybersecurity standard that applies to EVERY business in California. Companies MUST provide “reasonable security” to protect Personally Identifiable Information (PII). EVERY business has PII they need to protect. This can be employee, vendor or customer information. The “reasonable security” standard is compliance with the Center for Internet Security (CIS) 20 Controls.
For small and medium sized business, you may falsely think you are flying under the radar of hackers and cybercriminals. The facts are that 60% of SMB’s will come under cyber-attack each year. It is only a matter of time before there is an attack that will most likely put many businesses out of business.
To help small and medium business owners in the Inland Empire, Tech Guardian is offering a FREE Cybersecurity Threat Analysis and CIS 20 Report that shows exactly what needs to be done to ensure your business is compliant with the “reasonable security” standard required by the California State Attorney General Office. To schedule your FREE Cybersecurity Threat Analysis, simply call Tech Guardian at