The last several years have brought an onslaught of cyberattacks on individual persons, businesses, and federally managed critical infrastructure. Some days it feels like we have entered the golden age of cybercrime, and we have managed to do so in the middle of a worldwide COVID pandemic.

Well-known attacks on businesses include the Colonial Pipelines attack and the attack on the meatpacker JBS. In the state of Washington, the State Auditor’s office was the victim of a hack that exposed the unemployment claims of more than 1 million Washington state residents. Cybercriminals threatened national security when they gained access to email systems at the Treasury and Commerce Departments late last year.

As cybercriminals grew more and more sophisticated, bipartisan lawmakers in Washington unveiled legislation intended to educate the American public about cybersecurity and to raise the average level of “cyber literacy.”

The legislation, formally dubbed the American Cybersecurity Literacy Act (ACLA), can be described as a “wear your seatbelt” safety campaign for internet use. The ACLA requires the National Telecommunications and Information Administration (NTIA) to establish a public information campaign that focuses on cybersecurity risk awareness and education. The campaign will also include a series of best practices to avoid becoming a victim of a cyber attack, for private persons and businesses alike.

The main sponsor of the legislation is Rep. Adam Kinzinger (R-Ill.) with support from Reps. Gus Bilirakis (R-Fla.), Marc Veasey (D-Texas) and Chrissy Houlahan (D-Penn.). It was introduced in June, and had its first hearing in July.

What is the Purpose of the American Cybersecurity Literacy Act?

The main goal of the ACLA is cyber education. As technological advancements increase and we all become more interconnected no matter what we do for a living or how old we are, the need for information security (protection of your data) and cybersecurity become more urgent.

As explained in this piece by Security Magazine, the ACLA wants to raise public awareness around cybersecurity issues, to help stop further attacks from happening. As we all know, cyber attacks are costly to businesses and to private persons, who must spend time and money recovering from a data breach, while trying to get back to doing business.

What Does the American Cybersecurity Literacy Act Entail?

The cybersecurity literacy campaign would focus on educating internet users about how their everyday internet use may put them at risk for ransomware attacks and other common cybersecurity risks, and explain how they can make internet use safer for themselves and their families and businesses. Some areas the campaign will focus on are:

  • Multi-factor authentication. Users may find this annoying, but it is a big step toward better cybersecurity.
  • Password hygiene. Many people use the same password for dozens of accounts, leaving them vulnerable to hacking in case that one password is exposed.
  • Risk associated with public wifi networks. These are frequently used by younger users who access the internet from public locations, and may not be aware of any risks associated with the use.
  • Regularly review mobile apps and accounts. Delete what is no longer used and update passwords to improve your personal security.
  • Beware of free downloads and email scams. Phishing emails have become quite sophisticated; so has “vishing” (voice phishing). Many people still don’t fully understand the harm that may be caused by responding to a message from an unknown source.
  • Explaining safety protocols and apps. People should know how firewalls work and why they should be updated, and also educate about software that will alert you to a cyberattack.
  • What to do if you do get hacked. Everyone should have a plan for what to do, both on a personal and corporate level, in case of a cyber attack.

What Is Next for the ACLA and What Does That Mean to Your Business?

The American Cybersecurity Literacy Act is still in its infancy. It’s important to keep an eye on new developments and potential compliance requirements.

For instance, internet providers and application developers may be required to alert consumers to certain risk levels associated with their applications. The same goes for online banking and credit card transaction systems (at least for those who have yet to upgrade to multi-factor authentication).

Compliance requirements may change as the American Cybersecurity Literacy Act comes online.

ZenGRC Helps You Maintain Your Cybersecurity

ZenGRC’s compliance, risk, and workflow management software is an intuitive, easy-to-understand platform that keeps you up to date on changing policies and new compliance requirements.

ZenGRC also works 24-7 to detect malware and cyber threats so you can focus on your business.

Worry-free compliance management is the Zen way. For more information on how ZenGRC can enable your compliance and cybersecurity, contact us for a demo.