Skip to main content

SMB employees are scared they’ll be blamed for data breaches at work

cyber security
(Image credit: Image Credit: Sergey Nivens / Shutterstock)

Workers at small and medium-sized organizations don't see themselves as major targets for criminals, don't understand the full extent of cyberthreats and are reluctant to report incidents for fear of blame.

This is according to a new report from cybersecurity firm Avast, based on a poll of 2,016 workers, which states that many SMB employees (40 percent) believe the person who mistakenly clicks on a malicious link would be held personally accountable for a malware infection.

This doesn’t mean people are less likely to click a shady link, but it does mean they are less likely to report an incident if and when one occurs.

Besides clicking shady links, another major weakness in SMB cybersecurity posture is the failure to regularly update software. Less than a fifth (18 percent) of employees are aware that ignoring updates may lead to a cybersecurity breach, which is something Avast believes could be remedied through automation.

The report specifically cites public sector employees, who said they rely heavily on the IT sector to tell them what, and when, to update. And to top it off, two thirds (65 percent) think that large businesses are more likely to be victims of a cyberattack than small businesses.

“Every organization has a responsibility to provide employees with a secure setup (opens in new tab), whether they’re office-based or working from home. This secure setup is not just hardware and software, it also extends to training,” said Lindsey Pyle, VP SMB at Avast.

“For example, updates on the latest phishing campaigns and how to spot spear phishing emails should be consistently communicated across a company to prevent data breaches and infections from malware.”

“SMB owners should put in place clear policies for employees to follow to help them gain a better understanding of what constitutes good security practice, and that they are not to blame should something go wrong.”

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.