security errors

3 Basic Security Errors Many SMBs Are Still Making

In the past decade, the number of known malware programs has risen from 65 million to 1.1 billion. The ways in which cybercriminals deploy the malware have also increased in number and sophistication.

While advanced security technologies are available to defend against these cyberthreats, many can be thwarted with basic security practices. However, research is showing that many small and mid-sized businesses (SMBs) are still making some basic errors when it comes to securing their organizations. Here are three of them:


1. Believing That It Won’t Happen To Them

Many SMB owners have a false sense of security when it comes to cyberattacks. Nearly 60% of them believe that their companies won’t be targeted by cybercriminals. They often think that their business is too small to be of interest to cybercriminals. This “it won’t happen to me” mindset can get small businesses into big trouble.

Although large companies typically have more money and more data to steal, they also have more security solutions and in-house IT administrators to guard those assets. Most SMBs do not even have an IT administrator on staff. 65% of SMBs manage their cybersecurity efforts in-house, but less than 10% have a dedicated IT staff member. As a result, they are typically easy targets. Plus, there are far more SMBs to attack than large companies.

Rather than spending a lot of time and effort going after the large fruit at the top, hackers often target the smaller, low-hanging fruit because it is plentiful and easier to pick. For proof, all SMBs need to do is look to the past. In 2019, 76% of the SMBs in the United States reported being attacked, according to the Ponemon Institute’s “2019 Global State of Cybersecurity in Small and Medium-Sized Businesses” report. 


2. Having Bad Password Habits

Every year researchers analyze millions of passwords that have been exposed through data breaches and leaks in order to show people the types of passwords not to use — and every year weak passwords like “123456”, “password”, and “qwerty” keep topping those lists. It would take a cybercriminal only one second to crack each of these passwords using a brute-force password-cracking tool, which is why using weak passwords is so risky.

Reusing passwords is also dangerous. Hackers know people frequently reuse passwords, so they try compromised passwords on multiple accounts using credential stuffing and other types of attacks. Despite this danger, more than 99% of people reuse their passwords, either across work accounts or between work and personal accounts. On average, every password is shared across 2.7 accounts.

While having easy-to-crack passwords for user accounts is bad, a much worse situation is having service account credentials that are easy to hack. Cybercriminals like to hack service accounts because they can easily elevate the accounts’ privileges and gain access to sensitive data. Much to their delight, hackers often find that companies haven’t changed the default passwords for their service accounts. While a few vendors design their software or hardware to create a unique default password when it is installed by a customer, most vendors simply use the same default password (e.g., “admin”, “password”, “guest”) for every installation. Although vendors typically recommend that customers change the default password before using the software or hardware in business operations, many SMBs fail to do so. This makes it easy for cybercriminals to hack into those service accounts, as the default passwords used by vendors are easy to find on the Internet.

Furthermore, changing a service account password is not a one-time event. It needs to be changed periodically. However, even some security pros fail to do so. If the pros fail to regularly change their service account passwords, odds are that most SMBs won’t either.


3. Not Adequately Securing Mobile Devices

In 2019, more than 60% percent of employees at SMBs used smartphones for work, according to an IDC survey. This percentage is now likely higher due to more employees working from home because of the Coronavirus Disease 2019 (COVID-19) pandemic.

Using smartphones and other mobile devices is popular in SMBs for good reason. With mobile devices, employees can access business apps and systems at any time from almost anywhere, which is key to their productivity and the SMBs’ profitability. Thanks to both mobile and cloud technologies, SMBs are better able to compete with larger companies.

However, the mobile technologies that are helping SMBs become more competitive could also cause them harm. Mobile devices are often the target of phishing, ransomware, and other types of attacks. The SMBs that participated in a Verizon study said they are aware of these threats, with 81% indicating that the risk to their business is moderate to significant. Yet, many of these SMBs are not implementing basic security measures such as changing all default passwords (done by only 41% of the SMBs) and restricting access to company data on a “need to know” basis (done by only 50% of the SMBs). Equally troublesome is that 66% of the study participants said they have personally used public Wi-Fi for work tasks, even though 25% said it is explicitly prohibited by company policy.

Given the lax security, it is not surprising that more than a quarter of the SMBs admitted they suffered a security compromise involving a mobile device in 2019. And if they do not take steps to better secure their mobile devices, they could significantly damage their reputation and bottom line.

MicroAge can help you avoid these errors. Contact us to learn how.

Find a MicroAge near you

With a growing Network of independently owned locations (currently at 41) from coast-to-coast, MicroAge is Canada’s leading IT solutions and service provider focused mainly on small and midmarket businesses.

Most commented posts

Infrastructure informatique, IT infrastructure

5 Benefits of an Optimized IT Infrastructure

Is your current IT infrastructure helping your business thrive in its industry or creating obstacles for growth? If you’re still not using cloud technologies to…

Read More

3 Critical Cyber Threats For Businesses in 2019

Malware, vulnerabilities, and social engineering are some of the main concerns for IT security professionals. Although the tactics used to target businesses and individuals are…

Read More
Cloud Infrastructure hébergée

3 Advantages of Using Cloud Infrastructure

Everyone knows that cloud computing is a hot trend, and its adoption should only increase over the next few years. According to one study published…

Read More
Managed IT Services, Services TI Gérés

Using Managed IT Services to Help Your Business Grow

The Business Development Bank of Canada released the Digitize Now: How to Make the Digital Shift in Your Business study last October. They surveyed more…

Read More

How to Maximize Your IT Assets

Productivity gains, competitive advantage, and better customer service are just a few reasons why companies should invest in technology. However, not all software and hardware…

Read More