Florida House Bill 7055 was designed to address cybersecurity vulnerabilities in local Florida governments. It was passed unanimously 38-0 by the Senate and 110-0 by the House. Governor DeSantis signed the bill into law on June 24, 2022. It has been in effect since July 1, 2022.
Local and state officials were concerned about the level of cybersecurity in Florida offices and sought to improve the standards by which they deal with it. The bill had three primary goals:
- To expand state-level cybersecurity leadership and give it oversight of local government entities.
- Establish cybersecurity readiness and reporting procedures to be adopted by state and local offices.
- Combat increasing ransomware attacks.
How did these goals translate into legislative action, and what can your Florida business learn from the bill’s passage? Read on for more information.
What’s in Florida Bill 7055?
A 2019 report on local government cybersecurity preparedness from the University of South Florida’s Cyber Florida suggested that government offices were woefully unprepared for cyberattacks. The new cybersecurity bill in 2022 was written with a comprehensive list of measures and actions that Florida offices will institute to remedy this. Bill 7055:
- Adopts the same standards for local governments as state agencies, including training employees and reporting cybersecurity incidents
- Prohibits state agencies and local governments from complying with any ransomware demand
- Requires after-action reporting of all low-level cybersecurity ransomware incidents to Florida Digital Service (FLDS)
- Requires notification to the Presidents of the Senate and Speaker of the House about all high-level incidents, including an overview of the incident and its likely effects
- Requires all state and local government employees to attend cybersecurity training within 30 days, along with annual follow-up education
- Requires local governments to adopt established cybersecurity standards to protect their data, information technology and IT resources
- Creates a council to examine cybersecurity incidents, develop best practices and advise state and local offices
- Creates new criminal penalties for ransomware offenses against a government entity
What the Florida Cybersecurity Bill Could Mean for Your Business
If you work for a government office, you have your work cut out. For Florida’s private sector, let’s look at what you might learn from the bill and how to apply it to your business.
Ransomware
The bill's hard line on ransomware is perhaps its most significant measure. Ransomware is the practice of hackers disabling or hiding data until a ransom is paid.
In 2019, Riviera Beach was hit with a $600,000 ransom attack, and Lake City was hit with a $460,000 ransom. Both were covered by insurers, which paid the ransoms, but it’s uncertain if insurance would step in with a government attack.
How this applies to your business:
With the government's anti-ransomware stance and increased security measures, hackers will likely target more vulnerable private businesses. Prevention is your strongest defense against ransomware. Ensure all your systems are protected with the proper updates and your employees are trained in cybersecurity best practices.
Reporting
Identifying and reporting is a big piece of the new bill. Along with the reporting comes the accountability of ensuring the proper parties know about all incidents and that steps are taken to prevent future attacks.
How this applies to your business:
Increased accountability is good. Has your business been breached? Maybe you didn’t realize it. Now is the time to ensure that your employees understand the different types of cyberattacks and how to identify them. Ensure that you have a recovery plan in place if you experience an attack and understand the business leader’s role in tracking and thwarting attacks.
Budget Allotment
The cybersecurity bill beefs up funding for state and local cybersecurity measures substantially. Before the bill, less than 5% of local government entities included cybersecurity as part of their budget. Now they will have the necessary resources to train and prepare against attacks.
How this applies to your business:
Is cybersecurity part of your business’ budget? You likely have a technology spend. Cybersecurity should be considered with any technology upgrade or integration. You may think cybersecurity is expensive, but the cost of an attack could be catastrophic.
Advisory
Florida’s cybersecurity bill mandates the creation of an advisory council to track and examine ransomware and other cyberattacks across government entities. It creates a central oversight committee to advise on best practices and to communicate potential threats.
How this applies to your business:
Who monitors your cybersecurity? A dedicated IT team should stay on top of the latest security practices and threats to protect your business. This includes updating software, closing ports and securing your firewall. Create your own “advisory” committee to communicate cybercrime issues to you and your team.
Your Florida Cybersecurity Experts
Thriveon is a full-service IT firm serving the businesses of Florida. Let us be your cybersecurity counsel. We manage your systems, align your technology with your business goals, and most importantly, protect you against attacks. You’ve seen what can happen when cybercriminals attack local Florida offices; don’t let it happen to you.
Schedule a consultation with our experts at Thriveon today. Let’s talk about your business systems and how to make them work as best as possible for you and your team.
Sources:
https://www.floridatoday.com/story/opinion/2022/04/12/cybersecurity-time-florida-governments-cyber-ready/9488495002/https://www.flsenate.gov/Committees/billsummaries/2022/html/2864