Data Breaches: 40% of SME Employees Think They Will Be Blamed

A new survey of office workers has revealed some valuable insights into the limited effectiveness of small business cyber security and the need for improved cyber security awareness. 

Avast, a leading  supplier of digital security and privacy products, has found that almost 40% of small business employees think that a staff member who unknowingly clicks a malicious link would be held personally responsible for a data breach, which therefore encourages employees to keep quiet rather than flagging a potential threat.

The survey, consisting of 2,016 office-based workers in the UK and US., explores the current cybersecurity awareness levels among small business employees during a period of elevated risk brought to pass by the ongoing pandemic. It found that many employees were also unaware of the threat level within their workplace with over 70% thinking the biggest cyber security threat is outside their organisation. 

To tackle these common misconceptions, Avast Business has developed a cyber security quiz which is an employee educational tool which provides small business owners with the opportunity to assess employee knowledge gaps and identify the areas where more training is required.

With less than 18% of employees knowing that ignoring updates for trusted applications can leave their company vulnerable to a cyber attack, the survey points to quick, simple changes that can be made to help organisations avoid unnecessary breaches. This was found to be especially true in government/public sector roles, where employees admitted their reliance on  IT departments telling them when to update their trusted applications, demonstrating the importance of automated, centrally controlled updates to reduce the burden of responsibility being placed on individual employees.  In addition, over 65% of employees think that large businesses are more likely to be victims of a cyber-attack than small businesses.

While cybersecurity has become an increasingly important focus for small businesses around the world, the survey suggests there is still a lack of understanding about the most vulnerable types or organisations, which could potentially lead to employees letting their guard down.

 “Every organisation has a responsibility to provide employees with a secure setup, whether they’re office-based or working from home. This secure setup is not just hardware and software, it also extends to training.... There is a heightened reliance on information sharing by IT and security departments as bad actors increase the volume of attacks intended to deceive unsuspecting employees." said Lindsey Pyle VP Sales & Marketing at Avast. 

These findings certainly indicate there is room to improve the dissemination of information to small business employees. The plain fact is that SME directors need to put in place clear policies for their employees to follow to help them better understand good security practice and that they are not to blame when something go wrong.

Avast

You Might Also Read: 

Too Many Employees Use Their Own Devices To Access  Corporate Data:

 

« Orca Security Wants To Streamline Cloud Computing
Maritime Cyber Security Goes Critical »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

Cristie Data

Cristie Data

Cristie have been a trusted, innovative and leading edge data storage, backup and virtualisation solutions provider across all sectors of industry for over 40 years.

Protection Group International (PGI)

Protection Group International (PGI)

PGI helps organisations and governments to manage digital risk. From cyber security services to business intelligence, we help reduce the risks to your finances, reputation, assets and people.

Array Networks

Array Networks

Array Networks, the network functions platform company, develops purpose-built systems for hosting virtual networking and security functions with guaranteed performance.

Secnology

Secnology

Secnology is dedicated to developing and providing the most powerful and user friendly event analysis and security management solution.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

36 Group

36 Group

36 Group's criminal law team, has the experience and specialist knowledge to conduct effectively trials heavily concerned with the growing phenomenon of Cybercrime.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Nardello & Co

Nardello & Co

Nardello & Co. is a global investigations firm with experienced professionals handling a broad range of issues including Digital Investigations & Cybersecurity.

Mobileum

Mobileum

Mobileum is a leading provider of Telecom analytics for roaming, security and risk management and end-to-end domestic and roaming testing solutions.

Gridware

Gridware

Gridware is a specialised cybersecurity consultancy firm and an emerging global player in the cybersecurity intelligence and advisory field.

Theta

Theta

Theta is a New Zealand owned technology consultancy. Our team of over 330 experienced professionals help organisations transform with technology.

CoNetrix

CoNetrix

CoNetrix is a full service computer networking, software development, and security and compliance firm built on the principles of integrity, innovation, and initiative.