The threat of a cyberattack is something all businesses must be cognizant of, but unfortunately, many are not. As it has become increasingly challenging to understand and implement cybersecurity best practices, states across the US are beginning to roll out cybersecurity initiatives aimed at helping businesses combat advancing cyber threats. While we’ve touched on the innovative cybersecurity initiatives like the ones that New York has implemented, Ohio is paving the way for state-sponsored cybersecurity initiatives with the CyberOhio initiative.
What is CyberOhio?
CyberOhio is a cybersecurity initiative spearheaded by Ohio’s Attorney General, Mike DeWine, implemented in August of last year. Similar to other cybersecurity initiatives of its kind, CyberOhio aims to help businesses defend themselves against the ever-changing threat landscape through three key areas: education, new data privacy legislation, and information sharing.
Education is Key
When it comes to implementing cybersecurity best practices, education is key. If businesses aren’t aware of the threats they’re faced with, how can they prepare for an attack? How will they ensure that the data they hold remains secure? Ohio’s Attorney General recognizes this and, as part of CyberOhio, put an emphasis on educating businesses on cybersecurity threats and ways to mitigate them so that consumer information can remain protected. How do they do it? The Ohio Attorney General’s Office has partnered with local and small business chambers to host a cybersecurity basics course, where business owners and their employees can learn about common types of data breaches and how to prevent them.
New Data Privacy Legislation
Lawmakers and business owners are continuously recognizing the new, complex risks that come from doing business in cyberspace. That’s why so many states are moving towards creating their own data privacy laws, such as California’s Consumer Privacy Act (CCPA), and Ohio is no exception. As part of the CyberOhio initiative, Ohio Governor John Kasich signed Senate Bill No. 220, the Ohio Data Protection Act. This legislation makes Ohio the first state to enact a law that incentivizes businesses to implement a cybersecurity program by providing a safe harbor to businesses that do so.
The law clearly states that the Ohio Data Protection Act is not meant to be a minimum cybersecurity standard that must be achieved by businesses in Ohio. Unlike other states’ cybersecurity laws (like New York’s regulation for financial services companies), the Ohio State Data Protection Act is voluntary. It gives businesses a reason to be proactive with their cybersecurity program instead of introducing additional regulations required of them to follow.
Focusing on Information Sharing
Staying ahead of cybersecurity threats requires a joint effort from government officials, businesses, and community members. As part of CyberOhio, a focus was placed on information sharing because it will help all businesses in Ohio stay abreast of the threats they’re facing. In fact, many smaller organizations have formed throughout the state of Ohio to band together to combat cybersecurity risks. The Northeast CyberConsortium (NEOCC), Columbus Collaboratory, and the Ohio Cyber Collaboration Committee (OC3) all seek to find ways to research and find solutions to the growing cyber threats, develop a stronger cybersecurity infrastructure, and educate individuals so that they’re prepared to enter the cybersecurity workforce and implement cybersecurity best practices.
By creating and implementing cybersecurity initiatives like CyberOhio, businesses are empowered to work together to decrease the likelihood of a cyberattack, making the community a safer place for business owners, their customers, and the data shared between them. If you’re looking to learn more about cybersecurity initiatives in your state or would like more information about how you can implement cybersecurity best practices at your organization, contact us today.