Data Breaches: 40% of SME Employees Think They Will Be Blamed

Uploaded on 2020-12-09 in NEWS-Cybersecurity News, FREE TO VIEW

A new survey of office workers has revealed some valuable insights into the limited effectiveness of small business cyber security and the need for improved cyber security awareness. 

Avast, a leading  supplier of digital security and privacy products, has found that almost 40% of small business employees think that a staff member who unknowingly clicks a malicious link would be held personally responsible for a data breach, which therefore encourages employees to keep quiet rather than flagging a potential threat.

The survey, consisting of 2,016 office-based workers in the UK and US., explores the current cybersecurity awareness levels among small business employees during a period of elevated risk brought to pass by the ongoing pandemic. It found that many employees were also unaware of the threat level within their workplace with over 70% thinking the biggest cyber security threat is outside their organisation. 

To tackle these common misconceptions, Avast Business has developed a cyber security quiz which is an employee educational tool which provides small business owners with the opportunity to assess employee knowledge gaps and identify the areas where more training is required.

With less than 18% of employees knowing that ignoring updates for trusted applications can leave their company vulnerable to a cyber attack, the survey points to quick, simple changes that can be made to help organisations avoid unnecessary breaches. This was found to be especially true in government/public sector roles, where employees admitted their reliance on  IT departments telling them when to update their trusted applications, demonstrating the importance of automated, centrally controlled updates to reduce the burden of responsibility being placed on individual employees.  In addition, over 65% of employees think that large businesses are more likely to be victims of a cyber-attack than small businesses.

While cybersecurity has become an increasingly important focus for small businesses around the world, the survey suggests there is still a lack of understanding about the most vulnerable types or organisations, which could potentially lead to employees letting their guard down.

 “Every organisation has a responsibility to provide employees with a secure setup, whether they’re office-based or working from home. This secure setup is not just hardware and software, it also extends to training.... There is a heightened reliance on information sharing by IT and security departments as bad actors increase the volume of attacks intended to deceive unsuspecting employees." said Lindsey Pyle VP Sales & Marketing at Avast. 

These findings certainly indicate there is room to improve the dissemination of information to small business employees. The plain fact is that SME directors need to put in place clear policies for their employees to follow to help them better understand good security practice and that they are not to blame when something go wrong.

Avast

You Might Also Read: 

Too Many Employees Use Their Own Devices To Access  Corporate Data:

 

« Orca Security Wants To Streamline Cloud Computing
Maritime Cyber Security Goes Critical »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

IPVanish

IPVanish

IPVanish has its roots in over 15 years of network management, IP services, and content delivery services. Now we're bringing these finely honed skills to VPN.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

Resilience First

Resilience First

Resilience First is a not-for-profit organisation, led and funded by business to strengthen collective business resilience in all areas, including cyber security.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

DataNumen

DataNumen

The fundamental mission of DataNumen is to recover as much data from inadvertent data disasters as possible.

SyncDog

SyncDog

SyncDog is a leader in enterprise security and the preeminent vendor for containerized mobile application security across cloud & on-premise computing environments.

Hyperproof

Hyperproof

Hyperproof is a cloud-based compliance operations software. Launch new programs immediately, collect evidence automatically, and manage a compliance program intelligently.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Pillr

Pillr

Pillr is a cybersecurity operations platform capable of adapting to the demands of your business and team — and the global threat landscape.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

ISSA is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

InfoSight

InfoSight

InfoSight offers proven Cyber Security, Regulatory Compliance, Risk Management and Infrastructure Solutions to protect your business and your customers from cyber crime and fraud.