Rosen, Moran Introduce Bipartisan Improving Telework Cybersecurity for Small Organizations Act

WASHINGTON, D.C. – Today, U.S. Senators Jacky Rosen (D-NV) and Jerry Moran (R-KS), members of the Senate Committee on Commerce, Science, and Transportation, announced the introduction of their Improving Telework Cybersecurity for Small Organizations Act. This bipartisan legislation would work to strengthen the cybersecurity capacity of small organizations to defend against telework-related cyber threats.

“We put our nation at risk if we don’t work to strengthen our nation’s cybersecurity infrastructure,” said Senator Rosen. “Large parts of our nation’s workforce have transitioned to telework due to COVID-19, and as a result, these organizations face an increased threat of cyberattacks. I’m proud to introduce this bipartisan bill to ensure small organizations, which are particularly vulnerable, have access to federal resources, and remain secure while working remotely. I will continue to pursue forward-thinking legislation that improves our cyber and infrastructure security in order to keep Americans safe.”

“Millions of Americans have transitioned to working from home during the COVID-19 pandemic, and without the proper cybersecurity measures, our nation’s workforce is at a greater risk of cyberattacks,” said Senator Moran. “This legislation would provide educational materials and resources for small organizations to safeguard their employees from cyberattacks while working remotely, helping to secure Americans’ personal information during this time of increased telework.”

BACKGROUND: With millions of workers navigating the transition from an office environment to home during the COVID-19 pandemic, maintaining cybersecurity while teleworking is imperative for our national security. Small organizations, in particular, face challenges like resource constraints in protecting themselves from increasingly sophisticated cyber threats.

The bipartisan Improving Telework Cybersecurity for Small Organizations Act (S.4920) builds the capacity of small organizations to defend against telework-related cyber threats by:

  • Directing the Cybersecurity and Infrastructure Security Agency (CISA), in consultation with the Federal Trade Commission (FTC), to publish a resource of best practices for small organizations (defined as a small business, small nonprofits, or small governmental jurisdictions, including counties, cities, and school districts) to boost cybersecurity with respect to teleworking, as a result of COVID-19. This website would include basic steps that have the most impact in improving the security of teleworking for a small organization and configurations and settings for commonly used software that can help improve their cybersecurity. The resource would be consistent with NIST guidance; and


  • Requiring the FTC to establish a program to help educate consumers and small businesses on improving their cybersecurity for distance learning, telemedicine, and telework.