Interview: GCA CEO Phil Reitinger on the Small Business Toolkit

Hello and thanks for joining. We’re here with our CEO Phil Reitinger as we celebrate the one-year anniversary of the Cybersecurity Toolkit for Small Business.

Good morning, afternoon or evening everyone.

Phil- GCA launched the Cybersecurity Toolkit for Small Business in February 2019, what systemic cyber risk was it designed to address?

Krista: There are two very significant risks that the Cybersecurity Toolkit for Small Business was designed to address. First, the massive local, regional, national and global risks that small businesses present in the aggregate. Imagine a widespread attack that takes many small businesses offline, or causes them to cease operations. Given the importance of small businesses to any economy, the effect could be very significant - small businesses are the lifeblood of the global economy. Second, small businesses are a part of many businesses’ supply chains, including critical infrastructure.

Taking out a small business can adversely affect critical services, like banking, and small businesses can also be used as vectors of attack for larger businesses. On top of these risks, small businesses often lack the resources and expertise to secure themselves. So, small businesses are critical. The Cybersecurity Toolkit for Small Business was designed to mitigate these risks in a way that small businesses can actually use.

That’s great, very much in keeping with GCA’s mission of making practical solutions available. How has the toolkit developed over this past year?

In several ways. First, we have continued to refine the tools and guidance in the toolkit on a regular basis. We have external advisors, we get feedback, and we have a Change Control Board to continuously improve the toolkit. Second, we have now added French as an official language - that’s not using a translation program, but a full translation with review of content. More languages are coming. Third, we have been directly communicating with users and helping them deploy through workshops. Fourth and last we have built a community forum,, both to support users and to help users support each other.

Wow, a lot of great work accomplished! What are the plans for the toolkit moving forward?

We have listened to feedback, and going forward, we are working on Toolkit Version 2.0 that will be a full redesign intended to make the toolkit even easier for users. We will make the flow even better and improve the guidance. We will be adding new languages. We will be providing guidance in additional ways, such as webinars and bootcamps, and we will train the trainer. We may also be working to tailor the guidance and use of the toolkit. We intend to stay busy.

Busy indeed! How can the community help?

The most important thing is to use the toolkit. Ensure you have implemented cyber hygiene to protect yourself, and be an example for the entire community. In addition, help spread the word and let people know about the toolkit and how it can help your peers. And use the community forum, If you have a question, ask it. If you have solved a problem, share your expertise. That would be very helpful!

This concludes our chat today. Thank you so much Phil. It’s great to hear about the success of the toolkit and plans for the future.

Krista, thank you. I’ve turned on “notifications,” and I think that means that if anyone else would like to ask a question later I’ll find out about it, and I’d be delighted to answer.

That’s great, thank you.

Hi Phil, Krista, thanks for the interesting discussion.

I know that many small business use a plethora of SAAS web applications to manage their business activities, rather than a single monolithic or self hosted solution. Does GCA have any tools for monitoring how a company’s employees interact with the sensitive data stored within these web apps?

The reason I’m asking is because this is a gap that we identified and built a tool to help small companies mitigate that risk. I’d be interested to learn more about how we can promote this tool at GCA. Perhaps our tool or similar tools could be part of Toolkit 2.0?

Congrats on the good work done to date!

Mick - I think the answer is we don’t include a tool that does that specifically, yet. The tools in the toolkit are focused on hygiene, and application of that to systems within a small business’s control. To that extent, things like a protective DNS service can help. For cloud services of hosted email, protections like the use of DMARC can apply specifically to the cloud service. And mutli-factor authentication, which is in the toolkit, is also important for protecting access to cloud services. As for the tool you have developed, we’d be happy to take a look at it.

Excellent, thanks Phil, great advice indeed. We’d be happy to share what we have built. Let us know the best way to connect.

Hi Mick, We are developing a website based application to enable us to capture and review potential tools and partners. We are expecting this to be available April timeframe, I have DMed a suggested interim. Thank you for your interest and contribution. Gill