Data breaches and malware volumes are increasing. There were more than 1 billion malware payloads uncovered in 2016 with ransomware attacks taking the share of 66%, according to the “State of Malware Report” by security company Malwarebytes. Another security company, Help Net Security, reported that Office 365 account infections increased as well due to legitimate-looking fraudulent phishing emails.
To conclude, it could be said that security threats for SMEs cause actual trouble. However, Keeper Security and Ponemon Institute in the recent survey “The 2017 State of Cybersecurity in Small and Medium-Sized Businesses” reported that employees outpace cybercriminals.
Most employees are not attempting to place SMEs at cyber risk. There is a chance that angry or ex-employees might use former employment credentials to cause threats, but usually, it’s not worth the risk.
The consumption of IT sometimes has unintended consequences of cybersecurity threats. Consumers are used to have personal device access that possibly can cause leverage of vulnerable cloud applications. And because almost half of business-critical files and apps can be accessed through smart devices, employees can unintentionally leak the important and confidential data.
So far, phishing is the most popular attack technique applied by cybercriminals. According to Keeper Security, 54% of all the surveyed SMBs have experienced a cyber threat in the past year; 79% of those attacks appeared to be phishing attacks.
In order to protect company’s IT infrastructure, it is relevant to recognize the key issues. According to Centrify – bored and uninterested staff members.
A lack of training and information is discovered as another issue. Legitimate-looking links and well-written texts combined with company’s email addresses could easily trick employees if they are not trained to recognize the phishing attacks or scams. In addition, even staff members realized that something could have gone wrong, they might not inform the IT staff due to fear of being fired or penalized.
When it comes to solving the problem, there isn’t a single proven method. Even though the staff receives required training and knowledge, there is no guarantee that a breach won’t affect the SMB. Of course, it reduces the risk.
It is important to teach employees how phishing emails look like and how to spot them. In addition to that, it is important that employees understand that they cannot respond to suspicious emails, click on any links or download any files, and that they must inform ID about the possible threat as soon as possible.
Furthermore, corporate VPN and knowledge about public Wi-Fi risks can also minimize the risk, since employees are allowed to use personal tablets and smartphones in order to increase productivity.
To sum up, the SME threats are increasing and employees could be targeted by cybercriminals. Clear policies, management support, and employee training can minimize the risk.