#StartupsEverywhere: Asheville, N.C.

#StartupsEverywhere Profile: Jeremiah Smith, Co-Founder & CEO, Edison Marks

This profile is part of #StartupsEverywhere, an ongoing series highlighting startup leaders in ecosystems across the country. This interview has been edited for length, content, and clarity.

Simplifying Cybersecurity for Small Businesses

Edison Marks makes small-and medium-sized enterprise owners more aware of the cybersecurity threats facing their businesses by creating personalized reports and simplifying the issue. Co-Founder and CEO Jeremiah Smith spoke to us about his company, his experience with the Small Business Association (SBA) and the Small Business Technology Council (SBTC), and what he thinks policymakers should consider when thinking about cybersecurity.

Tell us about your background. What led you to create Edison Marks?

My grandfather started a small business after he came back from the Korean War, and I began working there at 12 years old. My grandfather’s business drove our entire family's livelihood for years, but in 2007, the business suffered a cyber attack and 180 days later we lost the company we had for 45 years. That experience, coupled with my background working with startups, brought me to co-found Edison Marks. In my previous work, in the cybersecurity space, I noticed that there's a last mile problem for small- and medium-sized businesses: cybersecurity wasn’t being managed effectively. There's all this amazing tech and all these incredibly intelligent people and information in the world of cybersecurity, but its impact on small- and medium-sized enterprises is extremely limited because the systems are not built for the average owner, who runs a pizza restaurant or owns a flower shop, for example. That   mistake hurts small businesses and limits their ability to grow. So, my co-founders and I built Edison Marks to close the gap on that last mile. We decided to focus on taking complex cybersecurity concepts—bits and bytes and confusing acronyms—and boil them down to the easy-to-understand basics that your average small- and medium-sized enterprises could implement. The idea is to use proven behavioral science strategies and tactics to get small businesses owners’ attention, get them to engage, and help implement achievable solutions as it relates to cybersecurity. 

What is the work you all are doing at Edison Marks?

We proactively find businesses and have a platform that assesses their digital systems’ cybersecurity capabilities. One way we do this is by partnering with businesses looking to join SBA and SBTC programs. The SBA and SBTC have the budget and the resources to educate business owners on cybersecurity, but we take that work a bit further by going in and passively scanning businesses’ online environments. Then, we take that complex information and build a report. The report compares a business to, for example, a hundred other businesses in their area and assesses their vulnerability compared to their neighbors. We then share the report with the business owner and, through the peer comparison, the owners start to become more interested in their own cybersecurity position. If we see weaknesses in their security, we tell them they're at risk and provide them with steps to improve their defenses. 

Tell us about your experience working with agencies like the SBA and STBC. How can policymakers better incentivize the adoption of better cybersecurity measures?

I’ve seen more attention being appropriately given to cybersecurity. More funding is being directed toward making sure small- and medium-sized enterprise operators are aware of the importance of protecting their online environments. Most small business owners start off unaware of the threats they face, so addressing that issue is step one. The government has a role here—and does devote attention —in terms of funding mechanics, but the second step is to get them to take action, allowing them to understand their environment and what they can do to protect themselves. Here, there is still a disconnect between the SBA and SBTC and business owners. 

Last year, the SBA appropriated funding through the SBTC to create more cybersecurity resources. The issue is that people don’t immediately think about cybersecurity when they start a business. When they go to the SBA, the questions that are top of mind for them are: “How do I get funding?” or “How do I fill out a lease?” or “Where do I find an attorney?” They think of cybersecurity as a down-the-road issue and the SBA still hasn’t figured out how to engage small business owners on the topic earlier on. The government is putting extremely complicated academic studies on their .gov websites and then they wonder why they fail to engage small businesses. That's where we've stepped in. Our mission is to get everyone to start asking cybersecurity-centered questions, and understand the weight cybersecurity has on businesses in the first place. 

A lot of business owners think, “Why would anybody want to hack my environment?” or “What do I have that they want?” For hackers, it's not about “taking”, but about holding businesses hostage and extorting them. Hackers play the long game and businesses need the proper defenses in place to protect themselves. We break these facts down for small business owners, and offer them simple ways to ensure their business is in a better position to be protected against cybersecurity threats.

What should policymakers keep in mind when thinking about cybersecurity?

We teach a class with the local Chamber of Commerce where we go over the basics and fundamentals of cybersecurity. One of the core elements of that class is teaching business owners the importance of encrypting their data. Data encryption is good cybersecurity hygiene. The overwhelming majority of people practicing cybersecurity and encrypting their data are not doing it for bad reasons. There are so many reasons to encrypt your data as a defense mechanism. If a bad actor is able to access your environment, encryption could be that extra defense that gets them to walk away. 

What are your goals for Edison Marks moving forward?

Over the last several months, we've started running what we hope will be one of the largest behavioral science experiments in the world. And it's starting to work. Hundreds of ordinary business owners are beginning to take steps to increase their systems’ cybersecurity. In the 120 days since we launched, we’ve shared our system’s scores and reports in 5 states. We’re opening an office in Italy this fall and plan to begin helping business owners in the E.U. reduce their cybersecurity risk.

We're simply motivating people to pay attention and change their behavior—something long proven valuable across nearly all sectors, with the exception of cybersecurity. Too many simply don’t pay attention to their own cybersecurity risk. Our goal is to make sure every last business is asking the question, “what should I do to reduce my risk of a cyberattack?”



All of the information in this profile was accurate at the date and time of publication.

Engine works to ensure that policymakers look for insight from the startup ecosystem when they are considering programs and legislation that affect entrepreneurs. Together, our voice is louder and more effective. Many of our lawmakers do not have first-hand experience with the country's thriving startup ecosystem, so it’s our job to amplify that perspective. To nominate a person, company, or organization to be featured in our #StartupsEverywhere series, email advocacy@engine.is.