Workers at small and medium-sized organizations don't see themselves as major targets for criminals, don't understand the full extent of cyberthreats and are reluctant to report incidents for fear of blame.
This is according to a new report from cybersecurity firm Avast, based on a poll of 2,016 workers, which states that many SMB employees (40 percent) believe the person who mistakenly clicks on a malicious link would be held personally accountable for a malware infection.
This doesn’t mean people are less likely to click a shady link, but it does mean they are less likely to report an incident if and when one occurs.
Besides clicking shady links, another major weakness in SMB cybersecurity posture is the failure to regularly update software. Less than a fifth (18 percent) of employees are aware that ignoring updates may lead to a cybersecurity breach, which is something Avast believes could be remedied through automation.
The report specifically cites public sector employees, who said they rely heavily on the IT sector to tell them what, and when, to update. And to top it off, two thirds (65 percent) think that large businesses are more likely to be victims of a cyberattack than small businesses.
“Every organization has a responsibility to provide employees with a secure setup, whether they’re office-based or working from home. This secure setup is not just hardware and software, it also extends to training,” said Lindsey Pyle, VP SMB at Avast.
“For example, updates on the latest phishing campaigns and how to spot spear phishing emails should be consistently communicated across a company to prevent data breaches and infections from malware.”
“SMB owners should put in place clear policies for employees to follow to help them gain a better understanding of what constitutes good security practice, and that they are not to blame should something go wrong.”