BALTIMORE, MD (April 30, 2024) — Forty small and midsize Maryland businesses have each received assistance worth up to $22,000 each to help with targeted cybersecurity training and knowledge. The grant funds come from the Maryland Department of Commerce’s Small Business Cybersecurity Resilience in Maryland (SCRIM) program, which was established in 2022 after the state received funding from the U.S. Small Business Administration (SBA) to help create a statewide cybersecurity initiative.
The SCRIM program provides the selected businesses with direct services to help mitigate against future cyber attacks and improve upon existing cybersecurity infrastructure through employee training and advanced hardware and software installation. Eligible businesses include those in the retail, restaurant, finance, healthcare, and manufacturing industries that have been in business for no more than three years with 50 or fewer employees.
Maryland Commerce worked in partnership with the Maryland Small Business Development Center (SBDC) and the Cybersecurity Association of Maryland (CAMI) to develop the SCRIM program as part of the SBA’s ongoing Cybersecurity for Small Business Pilot Program. The SBA’s pilot program provides grants to state governments to help emerging small businesses across America develop their cybersecurity infrastructure. In addition to Maryland, Arkansas and South Dakota also received funding.
“We are thrilled to work alongside our partners at the Maryland Small Business Development Center and the Cybersecurity Association of Maryland to create a stronger cybersecurity safety net in Maryland,” said Maryland Commerce Secretary Kevin Anderson. “As the world and technology evolves, cybersecurity training is becoming increasingly important, and Maryland is doing its part to ensure everyone has the resources they need to stay secure.”
As part of the program, the selected businesses and its employees will receive an initial cybersecurity audit of existing security protocols and postures. Findings from the audit will then be followed by remediation and mitigation efforts, making adjustments as needed to aid with vulnerabilities found during the cybersecurity assessment. All security scans of existing cybersecurity systems will be performed by in-state contracted service providers; mitigation service contractors will also supply and install the highest priority cybersecurity hardware and software, as identified on the security audit at up to $10,000 per business.
Employees of each business will also receive industry-specific cybersecurity hygiene training completed by representatives of Maryland SBDC. Training will include password creation, data backups, physical security, detection of phishing scams, and incident response. Selected employees, as identified by the original security audit, will complete more extensive training regarding cybersecurity fundamentals, tailored to their level of knowledge. Additionally, these selected employees will complete industry-specific training regarding issues of particular concern to their business.
"Supported by the Maryland Department of Commerce, CAMI, and the Maryland SBDC, the SCRIM program is an active gateway to cybersecurity resilience. In a world where digital threats loom large, hesitation is understandable, but action is essential,” said Maryland SBDC IT Coordinator Alivin Brown. “Embracing free training, scanning, and mitigation services fortified by expert guidance and support will help elevate defense strategies, safeguarding data and the entire small business community."
"We know cybersecurity is more important than ever for small businesses, but can be overwhelming and confusing for leaders. The SCRIM program removes some initial barriers for small businesses on their cybersecurity journey while empowering them with the knowledge and roadmaps to create a more cyber resilient organization in the future," said CAMI Executive Director Tasha Cornish.
Over the last several years, cybersecurity initiatives in the small and local business community have gained momentum, bringing attention to the need for national and statewide resources and policy. The development of SCRIM and other small business oriented cybersecurity programs is expected to make a direct impact on the improvement of the overall safety climate of local business communities.