Negligent employees remain the number one cause of data breaches at small businesses across America. So why do small businesses continue to struggle with good cyber security practices and what can they do to correct those habits?
This article originally appeared on ZDNet.
Small to medium-sized businesses are hit with nearly 4,000 cyber attacks per day -- and that number is only expected to grow, according to a new report. Small businesses are even more likely to be targeted by malicious hackers, but the actions of small business employees and leaders reveal little is actually being done to address the negligence towards security.
Chicago, IL-based IT consultancy for SMBs, Switchfast surveyed over 600 small business leaders - VPs to the C-suite - and small business employees about their cyber security habits.
It wanted to discover how employee behaviours contribute to the rising number of cyber attacks against small businesses - and how companies can begin to address poor cyber hygiene and mitigate risk.
SEE: Network security policy template (Tech Pro Research)
Cyber attacks have huge consequences for business. The survey found that three out of five (60 percent) of small businesses that suffered a breach are likely to go out of business within six months.
Unfortunately small businesses take risks in relying on their employees to not fall victim to lurking hackers. They do not have the manpower that enterprises have to handle things like IT and security.
They do not prioritize security education and best practices: Thirty-five percent of employees, and 51 percent of leaders are convinced their business is not a target for cybercriminals.
This relaxed attitude towards cyber threats, often leads to reactive policies that can not mitigate damage when disaster strikes.
The survey found that two-thirds (66 percent) of SMB leaders connect to public Wi-Fi for work, while 44 percent of SMB employees do the same. Connecting to a Wi-Fi hotspot at a coffee shop or hotel lobby, can cause immense damage to a small business.
Hackers can launch man-in the-middle attacks or distribute malware when users connect to private servers over open Wi-fi networks.
Over three out of five (62 percent) of leaders and managers use their work computer to access social media accounts, while only 44 percent of employees do this.
Encouraging employees to bring their own device into work means that businesses can implement filtering software to control what content is viewed on their network. This could protect companies from sites carrying malicious payloads like malware, Trojan horses and spyware.
One in five (22 percent) of leaders and 19 percent of employees share their email password with co-workers or assistants. Collaboration software, delegate access and shared storage means that employees should never need to do this.
Fixing poor behaviour is paramount to ensure that employee's habits do not leave vulnerabilities in a company's defences that could be easily exploited by hackers.
- A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
- Security warning: Your suppliers are now your weakest link (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- SMB-focused cybersecurity marketplace Whitehawk to list on ASX (ZDNet)
- 4 ways SMBs can protect their networks from hackers (TechRepublic)