IT professionals are continually assessing if they're doing enough to secure their company against the threat of cybercrime. Or, at least, they should be.
Unfortunately, many small businesses still aren’t taking the cybersecurity threats seriously, as 51% of small business leaders believe their business is not a target for cybercriminals. This comes from a new report we’ve recently released which surveyed over 600 full-time small business employees and 100 C-suite level leaders that shows small businesses aren’t thinking about cybersecurity enough.
Let’s take a look at some of the results of the study and see if your business shares any of these misconceptions.
According to our study, 91% of cyberattacks originate with a phishing email, and companies are doing little to prevent employees from falling for these schemes.
Phishing, an attack method where hackers distribute malicious links via email, is a highly effective scheme employed by thieves to extract valuable information from victims. Effective phishing emails can be hard to recognize as they usually mask themselves as an authentic message from a fellow employee or business contact, only to contain a malicious link.
For employees, all it takes is a split-second reaction click to cause a heap of trouble for your organization.
Routine phishing tests are an effective way to gauge an individual’s ability to recognize and respond to fake emails. Designed to simulate a real phishing attack, these test emails contain a link that monitors who falls for the scam. Unfortunately, 65% of small business employees have never received a phishing test during their tenure, despite the fact that routinely reminding employees to be careful about what they click on will help keep the business safe.
While the reactive click is hard to combat against, there are cybersecurity measures that can be put in place to control the damage. Certain programs will ask the user if they’re sure a link is secure before it takes them to a potentially malicious web page, for example.
Adding an extra step after a link click will help prevent muscle memory from causing a data breach.
Our study confirms that despite paying lip service to cybersecurity, the actions of small business employees and leaders reveal little is actually being done to address the lax attitude toward security. Negligent employees are the number one cause of data breaches at small businesses across America.
Most employees aren’t aware that their seemingly innocent actions are putting their organization at significant risk of a data breach. For example, employees who do work on the weekends at a coffee shop are susceptible to hackers waiting to launch man-in-the-middle attacks or distribute malware due to these employees accessing private servers through open wireless networks.
It’s likely employees aren’t considering the ramifications of such actions. Instilling proper cybersecurity practices through training is a good first step to help your employees and leaders become more conscious of cybersecurity best practices. Receiving instruction from an independent managed services provider or reaching out for help in setting up your training program will pay off once your organization thwarts a disastrous cyberattack.
Of course, there is always more that small businesses can do to help with preventing attacks. The first step is to understand is that cybersecurity requires effort in today’s world. There’s no easy solution, and security practices are always changing. The sooner your leaders recognize the threat, the better off your organization will be.
To see all the areas your small business is at risk for a data breach and the steps you can take to fix the gaps, download the full report here.
Written by Nik Vargas