Data Breaches: 40% of SME Employees Think They Will Be Blamed

A new survey of office workers has revealed some valuable insights into the limited effectiveness of small business cyber security and the need for improved cyber security awareness. 

Avast, a leading  supplier of digital security and privacy products, has found that almost 40% of small business employees think that a staff member who unknowingly clicks a malicious link would be held personally responsible for a data breach, which therefore encourages employees to keep quiet rather than flagging a potential threat.

The survey, consisting of 2,016 office-based workers in the UK and US., explores the current cybersecurity awareness levels among small business employees during a period of elevated risk brought to pass by the ongoing pandemic. It found that many employees were also unaware of the threat level within their workplace with over 70% thinking the biggest cyber security threat is outside their organisation. 

To tackle these common misconceptions, Avast Business has developed a cyber security quiz which is an employee educational tool which provides small business owners with the opportunity to assess employee knowledge gaps and identify the areas where more training is required.

With less than 18% of employees knowing that ignoring updates for trusted applications can leave their company vulnerable to a cyber attack, the survey points to quick, simple changes that can be made to help organisations avoid unnecessary breaches. This was found to be especially true in government/public sector roles, where employees admitted their reliance on  IT departments telling them when to update their trusted applications, demonstrating the importance of automated, centrally controlled updates to reduce the burden of responsibility being placed on individual employees.  In addition, over 65% of employees think that large businesses are more likely to be victims of a cyber-attack than small businesses.

While cybersecurity has become an increasingly important focus for small businesses around the world, the survey suggests there is still a lack of understanding about the most vulnerable types or organisations, which could potentially lead to employees letting their guard down.

 “Every organisation has a responsibility to provide employees with a secure setup, whether they’re office-based or working from home. This secure setup is not just hardware and software, it also extends to training.... There is a heightened reliance on information sharing by IT and security departments as bad actors increase the volume of attacks intended to deceive unsuspecting employees." said Lindsey Pyle VP Sales & Marketing at Avast. 

These findings certainly indicate there is room to improve the dissemination of information to small business employees. The plain fact is that SME directors need to put in place clear policies for their employees to follow to help them better understand good security practice and that they are not to blame when something go wrong.

Avast

You Might Also Read: 

Too Many Employees Use Their Own Devices To Access  Corporate Data:

 

« Orca Security Wants To Streamline Cloud Computing
Maritime Cyber Security Goes Critical »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

Datto

Datto

Datto delivers a single toolbox of easy to use products and services designed specifically for managed service providers and the businesses they serve.

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

National Security Agency (NSA) - USA

National Security Agency (NSA) - USA

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

Kenna Security

Kenna Security

Kenna Security is a risk intelligence & vulnerability management platform that helps prioritize and remediate vulnerabilities.

KvantPhone

KvantPhone

KvantPhone (formerly CryptTalk) is an easy-to-use, quantum resistant secure communication service designed for businesses and large organizations.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

Inceptus

Inceptus

Inceptus is a next generation Managed Security Service Provider (MSSP). We are dedicated to keeping our customers safe, secure and protected while doing business on the Internet.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

DynTek

DynTek

DynTek delivers exceptional, cost-effective professional IT consulting services, end-to-end IT solutions and managed IT services.

Cassini

Cassini

Cassini Cyber Threat Intelligence (CTI) helps protect your organisation from cyber attacks using threat intelligence from trusted New Zealand agencies.

RESTIV Technology

RESTIV Technology

RESTIV Compliance Copilot is your partner in continuous compliance. Real-time monitoring, continuous testing, and transparent evidence—no surprises, just peace of mind.