Sixty percent of small businesses get hacked each year, but why? One of the main reasons is that small businesses are simply not spending enough on cyber security. With the frequency of breaches increasing at alarming rates, what’s a small business to do? Luckily for all of us small businesses out there, human error is one of the top causes of data breaches. But wait. How is that lucky? It just so happens that employee security training is also one of the most cost-effective and easy ways to protect your business!
Like any problem, it’s important to identify why it’s happening before you tackle it head on. Let’s take a look at what employees are doing that can get you hacked:
Employees often wrongly assume that it’s not their responsibility to worry about security, or that IT is responsible for “that kind of stuff”. Small businesses often lack IT resources, especially those equipped to handle cyber security threats like ransomware. Employees should assume that they’re always a potential target and that it’s their job to recognize threats and help stop those with malicious intent from carrying out a successful attack.
Across all industries surveyed in Verizon’s 2018 Data Breach Investigations Report, phishing was the third most prevalent cause of a breach (below). Phishing emails often appear to come from a reputable (i.e. Microsoft or Netflix) or personal (i.e. your boss or your mom) source, making innocent recipients all too eager to click on a dangerous link or download a malicious file. Do your employees know how to detect a suspicious email?
Not protecting their emails.
Email hacking is one of the fastest growing cyber crimes. A German research group recently found that nearly 2.2 billion stolen emails and passwords have surfaced online for criminals to access. Your employees can make hacking harder by enabling two-factor authentication (2FA) and using better passwords (and frequently changing them).
Using lazy passwords.
SplashData reported that the most common password in use today is 123456. To top it off, a lot of people will reuse that sad excuse for a password on multiple accounts. Or write it down on a sticky note and slap it on their monitor *gasp*. We know you’re better than that. There’s strength in numbers. And letters. And ampersands. You can check out our eBook on password dos and don’ts here. By the way, this is what a strong password looks like:
Not backing it up.
There’s a good possibility that at least one employee in your company isn’t backing up the data he or she is supposed to be, which is a major problem. Not only is there a risk of files being lost due to technical issues, there is also danger in losing those files to a cyber criminal. Backups are critical if you’re hit with a ransomware attack. Ransomware is a type of malware that prevents you from accessing your computer or files until you pay a ransom. The US Government highly suggests you don’t pay it. Even if you do give in and pay the ransom, you have no idea what types of criminal activities your money will be funding and there’s no guarantee you’ll even get your data back.