Data Breaches: 40% of SME Employees Think They Will Be Blamed

A new survey of office workers has revealed some valuable insights into the limited effectiveness of small business cyber security and the need for improved cyber security awareness. 

Avast, a leading  supplier of digital security and privacy products, has found that almost 40% of small business employees think that a staff member who unknowingly clicks a malicious link would be held personally responsible for a data breach, which therefore encourages employees to keep quiet rather than flagging a potential threat.

The survey, consisting of 2,016 office-based workers in the UK and US., explores the current cybersecurity awareness levels among small business employees during a period of elevated risk brought to pass by the ongoing pandemic. It found that many employees were also unaware of the threat level within their workplace with over 70% thinking the biggest cyber security threat is outside their organisation. 

To tackle these common misconceptions, Avast Business has developed a cyber security quiz which is an employee educational tool which provides small business owners with the opportunity to assess employee knowledge gaps and identify the areas where more training is required.

With less than 18% of employees knowing that ignoring updates for trusted applications can leave their company vulnerable to a cyber attack, the survey points to quick, simple changes that can be made to help organisations avoid unnecessary breaches. This was found to be especially true in government/public sector roles, where employees admitted their reliance on  IT departments telling them when to update their trusted applications, demonstrating the importance of automated, centrally controlled updates to reduce the burden of responsibility being placed on individual employees.  In addition, over 65% of employees think that large businesses are more likely to be victims of a cyber-attack than small businesses.

While cybersecurity has become an increasingly important focus for small businesses around the world, the survey suggests there is still a lack of understanding about the most vulnerable types or organisations, which could potentially lead to employees letting their guard down.

 “Every organisation has a responsibility to provide employees with a secure setup, whether they’re office-based or working from home. This secure setup is not just hardware and software, it also extends to training.... There is a heightened reliance on information sharing by IT and security departments as bad actors increase the volume of attacks intended to deceive unsuspecting employees." said Lindsey Pyle VP Sales & Marketing at Avast. 

These findings certainly indicate there is room to improve the dissemination of information to small business employees. The plain fact is that SME directors need to put in place clear policies for their employees to follow to help them better understand good security practice and that they are not to blame when something go wrong.

Avast

You Might Also Read: 

Too Many Employees Use Their Own Devices To Access  Corporate Data:

 

« Orca Security Wants To Streamline Cloud Computing
Maritime Cyber Security Goes Critical »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

E-Tech

E-Tech

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

WIRED

WIRED

WIRED is the magazine about what's next – the people, the trends and the big ideas that will change our lives. Topics covered include cyber security.

Clifford Chance

Clifford Chance

Clifford Chance are one of the world's pre-eminent law firms with resources across five continents. Practice areas include Cyber Security & Information Protection

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

Digital Detective

Digital Detective

Digital Detective offer a range of products and services for digital forensic analysis and advanced data recovery.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

KOS-CERT

KOS-CERT

KOS-CERT is the national Computer Incident Response Team for Kosovo.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Ustels

Ustels

Ustels provides brand protection strategy, intelligence, monitoring and enforcement services.

Krypsis

Krypsis

Krypsys is an information security company with a focus on helping you defend your information and data against emerging security threats.

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

CyNam

CyNam

CyNam is a platform for enabling the growth and development of people and organisations within Cheltenham’s flourishing cyber technology ecosystem.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.