The United States House of Representatives and United States Senate both passed an historic cyber bill. The bill is on its way to the President’s desk to be signed into law. The bill, Cyber Incident Reporting Act, is historic as it will require organizations and businesses in critical sectors to report cyber incidents or payments for ransomware. A critical sector organization will have 72 hours to report a cyberattack. The bill also requires organizations, including businesses with over 50 employees, to report a ransom payment within 24 hours.
The bill, written with bipartisan support, passed with bipartisan support. Once signed, this bill will take effect.
Timeline for your business
According to TheRecord.Media, the Cybersecurity and Infrastructure Security Agency (CISA) will have up to two years to publish the proposed rules and regulations to implement. Small businesses, with over 50 employees need to monitor this. The new law will impact your business if you fall victim to a ransomware attack and pay the ransom.
What you need to do
It is important to stay knowledgeable of the rules that CISA will propose for implementation. This will help you better prepare for the steps you will need to take if you pay a ransom for a ransomware attack. You can do this by regularly checking out CISA’s website.
Additionally, a written policy in support of this new law is recommended. This way if your small business does fall victim and pays the ransom, you have a game plan in place to communicate to CISA. Policies play an important role in aiding your cybersecurity program.