Cybersecurity at small and mid-sized businesses (SMBs) have faced mounting threats, escalating attack damages and the rapid emergence of new types of attacks this year. Yet, despite clear evidence that the overwhelming majority of SMB cyber attacks result from poor password management, SMBs are doing very little to boost visibility into the password practices of their employees.
Cyber attacks are becoming more targeted, sophisticated and even more severe in terms of consequences. It’s often found that employee negligence is the top root cause of successful data breaches. Clearly, an ongoing lack of attention to password usage underlies much of the cybersecurity woes at SMBs. A major study earlier this year by Verizon noted that 81 percent of all cyber attacks result from poor password management practices.
Surprisingly, a majority of employers have no visibility into their employees’ password practices. Among the top bad practices include: using the same passwords for access to multiple accounts and services, sharing passwords in highly un-secure ways and failing to use strong passwords. “Password” was among the top 10 passwords in 2016, alongside the alarmingly amount of people who still use “123456” or other very easily compromised ones. Employers need to enforce a password policy in place to keep vital data secure.
Clearly greater data protection beyond the “traditional” protection tools is needed. So why don’t more SMBs take such steps to protect their most sensitive data assets? Companies cite that the lack of trained security staff and inadequate budgets are top barriers. However, given the enormous costs associated with a data breach, failing to protect against today’s dynamic threat environment could prove disastrous. And, the costs associated with doing so may not be as high as imagined.
Today, there is greater protection software targeting SMBs than ever before. The cost-to-benefit spread in terms of value to what the real risks are and in consideration to how productivity can actually be enhanced with the right software solutions puts better protection well within reach of SMBs, from an ROI perspective. For example, with a comprehensive password management system, many organisations have experienced a marked decline in help desk calls related to lost or forgotten passwords.
Companies should teach their employees what to be wary of, especially with phishing or other social engineering attacks, most notably burying harmless looking clickable URLs into a scam email. A prime defense against this can be ongoing phishing simulations to try to “catch” negligent employees, thereby helping educate them. Employers would be surprised how many people in their own organizations fall victim to such a test.
This story was sourced from CSO (IDG). To read the full article click HERE.