In the past decade, the number of known malware programs has risen from 65 million to 1.1 billion. The ways in which cybercriminals deploy the malware have also increased in number and sophistication.
While advanced security technologies are available to defend against these cyberthreats, many can be thwarted with basic security practices. However, research is showing that many small and mid-sized businesses (SMBs) are still making some basic errors when it comes to securing their organizations. Here are three of them:
1. Believing That It Won’t Happen To Them
Many SMB owners have a false sense of security when it comes to cyberattacks. Nearly 60% of them believe that their companies won’t be targeted by cybercriminals. They often think that their business is too small to be of interest to cybercriminals. This “it won’t happen to me” mindset can get small businesses into big trouble.
Although large companies typically have more money and more data to steal, they also have more security solutions and in-house IT administrators to guard those assets. Most SMBs do not even have an IT administrator on staff. 65% of SMBs manage their cybersecurity efforts in-house, but less than 10% have a dedicated IT staff member. As a result, they are typically easy targets. Plus, there are far more SMBs to attack than large companies.
Rather than spending a lot of time and effort going after the large fruit at the top, hackers often target the smaller, low-hanging fruit because it is plentiful and easier to pick. For proof, all SMBs need to do is look to the past. In 2019, 76% of the SMBs in the United States reported being attacked, according to the Ponemon Institute’s “2019 Global State of Cybersecurity in Small and Medium-Sized Businesses” report.
2. Having Bad Password Habits
Every year researchers analyze millions of passwords that have been exposed through data breaches and leaks in order to show people the types of passwords not to use — and every year weak passwords like “123456”, “password”, and “qwerty” keep topping those lists. It would take a cybercriminal only one second to crack each of these passwords using a brute-force password-cracking tool, which is why using weak passwords is so risky.
Reusing passwords is also dangerous. Hackers know people frequently reuse passwords, so they try compromised passwords on multiple accounts using credential stuffing and other types of attacks. Despite this danger, more than 99% of people reuse their passwords, either across work accounts or between work and personal accounts. On average, every password is shared across 2.7 accounts.
While having easy-to-crack passwords for user accounts is bad, a much worse situation is having service account credentials that are easy to hack. Cybercriminals like to hack service accounts because they can easily elevate the accounts’ privileges and gain access to sensitive data. Much to their delight, hackers often find that companies haven’t changed the default passwords for their service accounts. While a few vendors design their software or hardware to create a unique default password when it is installed by a customer, most vendors simply use the same default password (e.g., “admin”, “password”, “guest”) for every installation. Although vendors typically recommend that customers change the default password before using the software or hardware in business operations, many SMBs fail to do so. This makes it easy for cybercriminals to hack into those service accounts, as the default passwords used by vendors are easy to find on the Internet.
Furthermore, changing a service account password is not a one-time event. It needs to be changed periodically. However, even some security pros fail to do so. If the pros fail to regularly change their service account passwords, odds are that most SMBs won’t either.
3. Not Adequately Securing Mobile Devices
In 2019, more than 60% percent of employees at SMBs used smartphones for work, according to an IDC survey. This percentage is now likely higher due to more employees working from home because of the Coronavirus Disease 2019 (COVID-19) pandemic.
Using smartphones and other mobile devices is popular in SMBs for good reason. With mobile devices, employees can access business apps and systems at any time from almost anywhere, which is key to their productivity and the SMBs’ profitability. Thanks to both mobile and cloud technologies, SMBs are better able to compete with larger companies.
However, the mobile technologies that are helping SMBs become more competitive could also cause them harm. Mobile devices are often the target of phishing, ransomware, and other types of attacks. The SMBs that participated in a Verizon study said they are aware of these threats, with 81% indicating that the risk to their business is moderate to significant. Yet, many of these SMBs are not implementing basic security measures such as changing all default passwords (done by only 41% of the SMBs) and restricting access to company data on a “need to know” basis (done by only 50% of the SMBs). Equally troublesome is that 66% of the study participants said they have personally used public Wi-Fi for work tasks, even though 25% said it is explicitly prohibited by company policy.
Given the lax security, it is not surprising that more than a quarter of the SMBs admitted they suffered a security compromise involving a mobile device in 2019. And if they do not take steps to better secure their mobile devices, they could significantly damage their reputation and bottom line.
MicroAge can help you avoid these errors. Contact us to learn how.
How IT Staffing Services Can Help Your Business
Between vacation periods, special projects, and of the shortage of manpower, especially in the IT industry, it can be hard for businesses to have the…
Digital Transformation – Now or Never
Digital transformation has been a buzzword for years and every year, pundits declared that this was the year of digital transformation. IDC predicted in late 2018…
How to Know if DaaS is Right for Your Business
Over the last several blogs we have looked at what Device-as-a-Service (DaaS) is, its benefits, and how it differs from leasing. DaaS is a growing…
Preparing for Compliance to the Modernization of Privacy Laws in Canada
With all the different legislation either already enacted or being enacted in different jurisdictions, organizations may find it difficult to determine what they need to…
How to Ensure the Business Security of Your Remote Employees
In the past, a business was only able to operate effectively if all of its staff and equipment were under a single roof. These days,…