The single biggest weak link in the small business landscape is the fact that most employees who work for smaller companies are woefully uneducated about the dangers, how to identify them and how to avoid them. The study noted that among small business employees, more than a third (35 percent) haven’t changed their passwords in over a year. In addition, 19 percent of small business employees share their passwords with colleagues, with a similar percentage using weak passwords based on personally identifiable information. Put those elements together, and it’s a recipe for disaster.
The authors of the report had this to say on the matter:
“Today’s cyber criminals employ a variety of complex attack methods to exploit business weaknesses and target employees with bad cyber hygiene, whether it’s the CEO or an intern, bypassing the basic security measures most companies have in place.
Until they recognize they are prime targets for hackers and adjust their security strategies, small businesses will continue to fall victim to rampant cyber attacks.”
Unfortunately, there are no easy solutions, but the report clearly points to two areas where you can make immediate improvements:
- Currently, 65 percent of small to medium sized businesses have never run a phishing email test.
- Only 21 percent of small to medium sized businesses provide cybersecurity training to their employees.
Both of these are incredibly easy to remedy, and if you perform these two simple steps, you’ll be miles ahead of your peers.