Symantec’s 2017 Internet Security Threat Report identified that almost half of all cyber threats directly target small businesses. CSIdentity Corporation’s (CSID) Small Business Security Survey had similar findings, but 31% of small businesses reported that they are not taking any proactive measures to mitigate cyber risk, even though 58% are worried about cyber attacks.
Untrained employees can inadvertently put their employers at risk by clicking a malicious link, opening an infected attachment, or sharing confidential information.
With this in mind, it is essential for smaller businesses to educate employees on cybersecurity and information security best practices. It is quite often left behind or overlooked because it is considered expensive or unsuitable, as businesses see themselves as being too small to be a potential target. This is untrue: cyber criminals will target anyone and are non-discriminatory.
What’s more worrying is that 53% of small businesses reported that they do not store valuable data, yet 68% store email addresses and 65% store phone numbers. That’s valuable data, and can have a significant negative impact on a business if stolen. Data breaches affect an organization’s reputation, operations, and profitability, and could potentially cost them customers as they’ll go elsewhere.
According to a Hartford Steam Boiler Inspection and Insurance Company (HSB) survey, 29% of small companies have experienced at least one data breach, with 68% noting the cause as employee or contractor mistakes.
Raising awareness of cyber threats is even more important now that the holiday season is in full swing. It’s a vital time of year for small businesses, especially as the National Retail Federation predicts sales will reach $682 billion.
What can be done?
All businesses, no matter how small, need to train their staff on cyber risks, and the training needs to be consistent. It doesn’t have to be expensive, and educating employees via a staff awareness program is often a preferred option.
Staff awareness programs are relatively easy to implement and include tools such as e-learning courses, training aids such as card games that encourage staff to reflect and get involved with discussions, and customized books and guides.
Our Information Security Staff Awareness E-learning Course advises staff on how to avoid becoming a security liability, introducing them to your internal policies on incident reporting and responses, and provides basic knowledge of information security best practice to reduce preventable mistakes.