security errors

3 Basic Security Errors Many SMBs Are Still Making

In the past decade, the number of known malware programs has risen from 65 million to 1.1 billion. The ways in which cybercriminals deploy the malware have also increased in number and sophistication.

While advanced security technologies are available to defend against these cyberthreats, many can be thwarted with basic security practices. However, research is showing that many small and mid-sized businesses (SMBs) are still making some basic errors when it comes to securing their organizations. Here are three of them:


1. Believing That It Won’t Happen To Them

Many SMB owners have a false sense of security when it comes to cyberattacks. Nearly 60% of them believe that their companies won’t be targeted by cybercriminals. They often think that their business is too small to be of interest to cybercriminals. This “it won’t happen to me” mindset can get small businesses into big trouble.

Although large companies typically have more money and more data to steal, they also have more security solutions and in-house IT administrators to guard those assets. Most SMBs do not even have an IT administrator on staff. 65% of SMBs manage their cybersecurity efforts in-house, but less than 10% have a dedicated IT staff member. As a result, they are typically easy targets. Plus, there are far more SMBs to attack than large companies.

Rather than spending a lot of time and effort going after the large fruit at the top, hackers often target the smaller, low-hanging fruit because it is plentiful and easier to pick. For proof, all SMBs need to do is look to the past. In 2019, 76% of the SMBs in the United States reported being attacked, according to the Ponemon Institute’s “2019 Global State of Cybersecurity in Small and Medium-Sized Businesses” report. 


2. Having Bad Password Habits

Every year researchers analyze millions of passwords that have been exposed through data breaches and leaks in order to show people the types of passwords not to use — and every year weak passwords like “123456”, “password”, and “qwerty” keep topping those lists. It would take a cybercriminal only one second to crack each of these passwords using a brute-force password-cracking tool, which is why using weak passwords is so risky.

Reusing passwords is also dangerous. Hackers know people frequently reuse passwords, so they try compromised passwords on multiple accounts using credential stuffing and other types of attacks. Despite this danger, more than 99% of people reuse their passwords, either across work accounts or between work and personal accounts. On average, every password is shared across 2.7 accounts.

While having easy-to-crack passwords for user accounts is bad, a much worse situation is having service account credentials that are easy to hack. Cybercriminals like to hack service accounts because they can easily elevate the accounts’ privileges and gain access to sensitive data. Much to their delight, hackers often find that companies haven’t changed the default passwords for their service accounts. While a few vendors design their software or hardware to create a unique default password when it is installed by a customer, most vendors simply use the same default password (e.g., “admin”, “password”, “guest”) for every installation. Although vendors typically recommend that customers change the default password before using the software or hardware in business operations, many SMBs fail to do so. This makes it easy for cybercriminals to hack into those service accounts, as the default passwords used by vendors are easy to find on the Internet.

Furthermore, changing a service account password is not a one-time event. It needs to be changed periodically. However, even some security pros fail to do so. If the pros fail to regularly change their service account passwords, odds are that most SMBs won’t either.


3. Not Adequately Securing Mobile Devices

In 2019, more than 60% percent of employees at SMBs used smartphones for work, according to an IDC survey. This percentage is now likely higher due to more employees working from home because of the Coronavirus Disease 2019 (COVID-19) pandemic.

Using smartphones and other mobile devices is popular in SMBs for good reason. With mobile devices, employees can access business apps and systems at any time from almost anywhere, which is key to their productivity and the SMBs’ profitability. Thanks to both mobile and cloud technologies, SMBs are better able to compete with larger companies.

However, the mobile technologies that are helping SMBs become more competitive could also cause them harm. Mobile devices are often the target of phishing, ransomware, and other types of attacks. The SMBs that participated in a Verizon study said they are aware of these threats, with 81% indicating that the risk to their business is moderate to significant. Yet, many of these SMBs are not implementing basic security measures such as changing all default passwords (done by only 41% of the SMBs) and restricting access to company data on a “need to know” basis (done by only 50% of the SMBs). Equally troublesome is that 66% of the study participants said they have personally used public Wi-Fi for work tasks, even though 25% said it is explicitly prohibited by company policy.

Given the lax security, it is not surprising that more than a quarter of the SMBs admitted they suffered a security compromise involving a mobile device in 2019. And if they do not take steps to better secure their mobile devices, they could significantly damage their reputation and bottom line.

MicroAge can help you avoid these errors. Contact us to learn how.

Get the most from your IT

As service providers to more than 300 companies, the dedicated professionals at MicroAge are second to none when it comes to managed services. By improving efficiency, cutting costs and reducing downtime, we can help you achieve your business goals!

Most commented posts

fin de support windows 7 end of support

What Window 7’s End of Support Means for You

Windows 7 is one of the most successful operating systems ever released by Microsoft. The OS received critical acclaim when it first came out in…

Read More
audit tech

Back to the Office: Auditing Tech and Adjusting your Business

Many businesses were not ready for the global health crisis we were plunged into and needed to adapt quickly. Now that economies worldwide are reopening…

Read More

MicroAge Kingston Among Canada’s Top 50 Best Managed IT Companies.

MicroAge Kingston was selected as one of the 50 Best Managed IT Companies in Canada for the 4th year in a row! Everyone who is selected to receive the award is equally ranked and recognized as one of the top 50. They are all evaluated on their best business practices. Over 1500 Canadian IT companies...

Read More
Windows 11

What Businesses Need to Know about Upgrading to Windows 11

On October 5th, 2021, Microsoft released Windows 11. In this article, we are sharing the information needed on Windows 11 to make an informed decision about if and when businesses should upgrade the…

Read More

Planning Your Cybersecurity Budget for 2023

For many organizations, this is the time of year for forecasts and budgets for the upcoming year. From an IT perspective there are many considerations…

Read More