Cybercrime activity continues to increase as IT environments become more complex and attackers discover new ways to exploit potential vulnerabilities.
Small and midsize businesses (SMBs) have historically assumed that large enterprises are the primary targets of malicious actors. After all, these organizations have bigger datasets, handle more financial information and may house trade secrets.
In fact, the bulk of cybercrime victims — 58%— are SMBs. For attackers, small businesses represent less risk for similar reward. With data volumes increasing and experienced IT staff harder to find, hackers are taking advantage of infosec gaps to infiltrate key systems and exfiltrate valuable information.
Here’s a look at four common cybersecurity mistakes that SMBs keep making and what it takes to fix them.
Mistake #1: Untrained Employees
Your people are your biggest asset and your largest liability. While most staff data breaches are accidental, motives don’t alter outcomes: 61% of business data compromises are caused by negligent employees.
With limited time and resources, many SMBs choose to skip in-depth employee security training. This paves the way for problems, from phishing emails that hook unsuspecting staff, malicious links capable of infecting network systems, to poor passwords that leave the digital door open for attackers.
Fixing this mistake requires regular security training that directly engages employees. Using relevant, real-world examples of phishing attacks, business email compromise (BEC) or social engineering, SMBs can develop a culture-focused rather than completion-based approach to maintaining cybersecurity.
Mistake #2: Personal Device Use
Personal devices are not only common in the workplace, they’re often essential to achieve business outcomes as more staff work at home and on the road. So it’s no surprise that 85% of organizations now let employees use personal electronics at work rather than issue corporate-owned equipment.
The problem? Deficient BYOD policies. Sixty percent of SMBs don’t have a comprehensive bring-your-own-device plan in place. Attackers use this gap in security to break into devices that exist outside your protected network. Without advanced malware detection systems and encryption tools, data on user-owned technology is always at risk.
Small businesses can solve this problem with a BYOD policy that includes clear guidelines, consistent use and access rules and customizable mobile device management (MDM) software.
Mistake #3: Isolated IT Personnel
How many people are in your IT department? For many SMBs, the answer is simple: one.
In theory, the smaller IT footprint of SMBs would require less expertise, but in practice that’s a cybersecurity problem. What happens if your IT pro calls in sick or suddenly quits? What if he or she lacks the training or expertise to handle emerging threats?
Counteract this security concern with a managed service provider (MSP) that delivers industry expertise with 24/7/365 availability and straightforward cost management.
Mistake #4: Missing Disaster Recovery Plans
Despite best efforts, downtime happens. No matter the cause — accidental failure or malicious attack — companies lose on average $5,600 per minute. Yet, only 25% of small businesses have a disaster recovery (DR) plan in place.
With failure now a question of “when” not “if,” SMBs need a plan that identifies key assets, defines recovery procedures and ensures backups are always available.
Mistakes happen. But these four common cybersecurity mistakes keep happening — and putting SMBs at risk. See the accompanying infographic to learn more about ways to fix these familiar issues.
Content Provided By MXOtech