Only a quarter of small businesses consider cyber security their top priority

Only about a quarter (26%) of small organization professionals claim that cyber security is their "top priority." It leaves the vast majority of small businesses in a dangerous place. Furthermore, 17% of polled workers don't think cyber security is of utmost importance. Alarming? Unfortunately, yes.

According to Direct Line Business Insurance's research published in July 2022, only 26% of small business professionals consider cyber security a top priority. Researchers also asked whether their organizations had previously experienced cyber-attacks. Nearly half of them (49%) said yes. How did this happen, and most importantly, how to prevent it in the future? Let's find out.

Sources of cyber threats

A survey conducted by Direct Line Business Insurance shows various reasons for cyber-attacks on small companies. Still, human error is the cause of a shocking number of them (42%). Mistakes cited by the surveyed professionals include:

• plugging an infected device into a computer,
• clicking on malicious links,
• sharing confidential information with outsiders and other third parties.

Even more concerning is that 13% of the surveyed small business professionals admitted that their companies had no security protection when the attacks occurred. 10% of them mentioned they used weak passwords, and 8% admitted that their organizations didn't update operating systems, apps, and software regularly.

What does this mean for business owners? Cyber-attacks are becoming more advanced, especially in the era of home offices and remote work. Shifting to an online business model requires plenty of cyber security precautions. Failure to do so can result in data breaches and, therefore, financial losses, dealing with legal procedures, and reputational damage.

Why are employees so prone to making mistakes?

As much as 42% of the attacks confirmed by surveyed small business professionals were due to human error. Why so many?

Cybercriminals come up with smart ideas every day. Some of them no longer rely on advanced technology (like viruses), instead focusing on psychology. That's why phishing has become one of the leading causes of security breaches.

Criminals use employees to get into the internal structures of companies. They learn to impersonate others, such as co-workers (usually of higher authority), to gain the trust of their victims. Unsuspecting employees share confidential information or click on malicious links, compromising the company's cyber-safety, and criminals gain access to customer data, bank accounts, and more.

How to improve business safety?

The mentioned quarter of small business professionals treating cyber security as their top priority is far too small of a number. Cyber security should become a top concern for every business owner and decision maker – regardless of company size. But what can they do? Here are some safety measures you can implement in your company.

1. Limit employees' data access. No employee should have access to every piece of data in a company. If everyone can obtain all the information, you're putting your business at a severe security risk. Organizations should set up restrictions, and employees should only have access to the data they need for their jobs.
2. Use Virtual Private Networks on all computers. Using a VPN in a company creates an additional security layer. VPNs encrypt data and make it useless to spies trying to access it.They are no longer tools used to mask IP addresses; even a company in the US can use a USA VPN to gain more security.
3. Invest in regular employee cyber-safety training. As mentioned earlier, phishing scams are now one of the best-performing methods of gaining access to confidential company data. Businesses should inform their workers about possible threats (such as impersonating co-workers) and how to deal with them.
4. Enable multi-factor identification for all workers. MFA is essential as more workers shift to the WFH mode. They don't, however, work only from their homes. Public places such as cafes or coworking spaces are becoming equally popular. Companies operating in online models should ensure they will not be compromised by outsiders, such as someone accessing a stolen or lost company laptop.