The study found that one in three business owners do not have safeguards in place to combat cyber breaches and 60% of small businesses that suffer a breach go out of business within six months. With legislation like the National Institute of Standards and Technol Small Business Cybersecurity Act being put in place, it’s clear that cybersecurity has become a weakness for SMBs.
In large part, employees remain unaware of the cybersecurity threats they face both in and out of the office, in part because the businesses themselves are not taking cybersecurity seriously. The study found that 35% of employees haven’t changed their work email password in the last year.
Risks to business from weak password policy is compounded by the number of employees (19%) who share their passwords with colleagues. The same number of employees reported that they use personally identifiable numbers (birthday, anniversary, Social Security numbers) in their work email password.
In addition, 26% do not know what the dark web is, which means that they are also unaware that their personal data may be on it. All the while, few organizations are reportedly providing cybersecurity guidance to their employees. Nearly 21% of those surveyed said their company has never provided cybersecurity training and 65% said their company has never run a phishing email test.
“Today’s cybercriminals employ a variety of complex attack methods to exploit business weaknesses and target employees with bad cyber hygiene, whether it’s the CEO or an intern, bypassing the basic security measures most companies have in place,” according to the report.
“Until they recognize they are prime targets for hackers and adjust their security strategies, small businesses will continue to fall victim to rampant cyberattacks.”