Employees are the first line of cyber defense
Only 18% of SMBs are confident their organization is prepared for a cyber incident.
Companies of all sizes have adapted to remote and hybrid models for the workplace, and many are making the changes permanent as employees grow accustomed to this new environment. Today’s digital economy presents unique opportunities for small and medium-sized businesses (SMBs) to connect with employees and customers in new and efficient ways but comes with considerable cyber risk.
A 2021 global survey by Ponemon Institute and IBM found that the shift to remote operations during the pandemic led to more costly data breaches on average — $4.96 million when remote work was indicated as a factor versus $3.89 million when remote work was not a factor.
Ransomware attacks, phishing attempts and other cybersecurity concerns have spiked this year as more companies boost digital operations. Ransomware attacks, for example, increased 93% in the first half of 2021 compared to the same period last year, according to security firm Check Point’s mid-year security report. In fact, according to the latest Principal Financial Well-Being Index, data security is the fastest growing concern among businesses.
However, SMBs are embracing employee benefits and leveraging talent onboarding via digital platforms. Remote workers offer new opportunities for recruitment and retention, particularly as the war for talent has intensified. That provides more points of entry for cyberthreats: 62% of SMBs have indicated they are onboarding employees online, and 65% are committed to improving digital access to employee benefits (with 29% doing so for the first time).
Creating a culture of awareness ensures all employees know they play a fundamental role in their business’s cyber resiliency. One of the ways this culture can be shaped is through education and training. With a hybrid and/or remote work environment, regularly review cyber policies with employees and ensure they understand their responsibility in keeping the organization cyber-ready. Education is key to preventing a devastating loss caused by a cyberattack since employees are a common point of entry for a cyberattack, making them the first line of defense for businesses. Potential losses include not only gaining access to sensitive or proprietary information but also reputation damage and can cost millions.
What small businesses can do
The world of cybersecurity can be perplexing for business owners. Many SMBs lack an in-house IT team to help prevent and respond to cyberthreats. Educating employees helps keep businesses secure. Human error plays a huge role in cybersecurity – regular training keeps employees alert and helps keep your organization “cyber-safe.”
Only 18% of SMBs are confident their organization is prepared for a cyber incident, according to a January global survey of SMBs by Cyber Readiness Institute (CRI). There are several steps SMBs can implement to strengthen their cybersecurity practices:
- Utilize strong passwords or “passphrases” to protect points of entry. Strengthen passwords by using a “passphrase” (a combination of words that are unique) and by using two-factor authentication (a login that requires a code that is texted to a mobile device).
- Frequently update software. Hackers routinely exploit gaps in software already on computers. Software updates for programs like Microsoft Word or Excel, as well as operating systems, often include security patches.
- Train employees to spot phishing attempts. Employees are the first line of defense against a cyberattack. Phishing emails attempt to trick users – sometimes into clicking a link that releases computer viruses, sometimes into providing bank account info or other sensitive data. Often, phishing emails appear to be from legitimate companies.
- Create a cyber response plan. Having a cyber incident response plan in place is vital. The plan should cover preparation, response and recovery from the incident. When a cybersecurity breach occurs, businesses should take the appropriate actions and honor any contractual or legal obligations with respect to the breach. Following an incident, businesses should promptly fix the problems that caused the breach to prevent a recurrence.
Cybersecurity concerns are not going away
SMBs are critical to our economy. While concern among these businesses continues to rise, implementing cybersecurity best practices will help prevent cyber-attacks. CRI recently released its list of recommendations to help make U.S. SMBs cyber-ready.
There is an urgent need for greater collaboration to address the serious vulnerabilities that put business — and our economy — at risk. With vigilance and application of these recommendations, we’ll operate in a more cyber-ready environment, protecting businesses, employees, suppliers and customers.
Kara Hoogensen is senior vice president for specialty benefits at Principal Financial Group. During her career at Principal, she has held a variety of leadership roles, including vice president for group benefits, CEO of Principal Bank and Principal Securities, Inc. and managing director at Principal Funds.
Karen Evans is managing director of the Cyber Readiness Institute. For over 20 years, she has been at the forefront of cybersecurity policy with Congressional- and Presidential-appointed positions at the U.S. Department of Energy, U.S. Department of Homeland Security and the Office of Management and Budget.
Related: