It's been quite the year for SMBs - from growing rates of email-borne malware to 11 new data privacy laws across the country. This patchwork has left businesses to fill in the gaps, and the effects have been profound. In 2019, 66% of SMBs experienced a phishing or Business Email Compromise (BEC) scam, with the cost growing to $1.9 million. But the repercussions, and root causes, don't stop there. Here are 5 of the most surprising cybersecurity resolutions we learned from the Ponemon Institute's 2019 SMB Security Report:
Underfunded & Understaffed Data Security Investments
Across the board, companies are struggling to fund their internal IT teams. Of those surveyed, 70% do not believe their current IT configuration could effectively mitigate a cyberthreat. This has less to do with specialized knowledge, and more to do with inadequate staffing as a result of slashed budgets. The irony, of course, is that the regulatory fines associated with a data breach far surpass the costs associated with proactive IT support. Since the onset of GDPR in the E.U., the number of fines has doubled with an average cost of $188,000. As domestic regulations adapt to GDPR standards, SMBs can expect equally daunting fines or closure.
Get Real Help with Managed Security Solutions
Rather than addressing these issues in-house, more SMBs are maximizing their budgets with Managed Services Providers (MSPs). One in three rely on MSPs to support regulatory initiatives, monitor network health, or manage security. MSPs can dramatically assist recovery time from unplanned events and shed light on security blind spots many SMBs share. A common culprit is Shadow IT - when employees store business data on platforms that have not gone through IT vetting. Ponemon found that 58% of businesses either do not have or are unaware of, their employees' password practices. In fact, the top three causes of data breaches are:
- Negligent Employee or Contractor - 70%
- Third Party Mistakes - 60%
- External Hacker Attacks - 40%
Another overlooked vulnerability stems from third-party vendors. With each new application and tool (documented or otherwise), an SMB's attack surface grows. But only 30% of SMBs have a comprehensive overview of the data their vendors have access to. That leaves 70% of SMBs in the dark about the location of their intellectual property. And more than half are confident their vendors have put them at increased risk for a breach.
Ditch the Unnecessary Risk and Future Proof Your Business
Although SMBs will always be targets for cybercriminals, there are many steps you can take to keep your employees and data secure. If nothing else, make sure these five upgrades are slated for 2020:
Implement multi-factor authentication.
Perform a digital audit of all your third-party vendors.
Don't mix your corporate and personal Single-Sign-On accounts - here's why.
Make sure your operating system, firewalls, and productivity platforms are updated and patched.
If that list seems a little overwhelming, we can help. Reach out to us for a free consultation and start the year off right.