What’s the main cyber security threat for small businesses?
The biggest cyber security threat for small businesses? Their employees.
Cyber security has risen to the top of the agenda for businesses – especially small businesses – in recent years thanks to high profile malware attacks, like the WannaCry incident, and the increase of mobile and flexible working.
New legislation like the General Data Protection Regulation (GDPR) is also moving cyber and data security up the list of priorities, due to the punitive fines involved in breaching the new rules.
But despite small businesses having an increased awareness of cyber threats and data laws, the biggest cyber security threat for small businesses is their own employees.
Employees as a cyber threat
One of the biggest problems when it comes to employees and cyber security, is that too many employees simply lack the education about cyber threats, or company policies on security measures they should take.
This is particularly true when it comes to working remotely or when dealing with sensitive business data on their own devices.
Despite global spend among businesses on cyber security growing by 11% a year – and expected to top £780 million by 2021 according to Cybersecurity Ventures – too many businesses remain complicit in their own vulnerability due to lack of awareness within the workforce, making those employees one of the main cyber security threats for small businesses.
The risks from the rise of flexible and mobile working
As well as awareness, the general change in business operations in recent years, due mostly to mobile devices and the desire for more flexible work conditions, is also increasing the cyber security threat, especially for small businesses who feel they are unlikely to be targeted.
Again, this is partly down to employees and a lack of awareness about when information is secure.
It is not unusual now on a train, in a café or at the airport, to see people glued to their laptop or mobile devices.
However, sharing and working on sensitive company data while hooked up to a public Wi-Fi network, is one of the biggest security risks to modern business.
There is a serious misunderstanding when it comes to public Wi-Fi, and many employees are simply not aware of the risks they are posing to their business by using these networks for sensitive communication and file sharing – even if the Wi-Fi has a password.
In reality, anyone with the same password – which is usually readily available in the public location – and the right software can intercept data and communications from anyone else using the same network.
Making employees care about security
Then there is the problem of just how invested employees are in cyber security measures and how aware they are of the cyber security threats for small businesses.
With so much to do during the working day, it is not hard to imagine employees ignoring software updates, taking shortcuts or simply forgetting about cyber security measures and, all too often, this is exactly what happens and the business is vulnerable to attack as a result.
Business owners must do more to understand the threat posed by a lack of education in their workforce and create a security first mindset, while ensuring more robust policies are implemented and followed – with stricter punishments if necessary.
Data and online communications are essential for the effective operation of any business, but as the technology develops, so does the cyber security threat for small businesses – and this is only increased by the risk posed by employees.
Small businesses can spend money and implement the most sophisticated cyber security tools they want, but without the right education and motivation, they will always remain vulnerable to threats caused by problems within their own organisation.
If you want to find out more about why your employees are your small business’ biggest cyber security threat, download our eBook: Employees: The biggest cyber security threat to businesses and find out more.