Despite growing threats of phishing, ransomware, and more, many small businesses have no employee cybersecurity training program in place, according to a Tuesday report from Webroot.

In surveying 500 small- to medium-sized businesses () in the US, Webroot found that 66% of businesses with fewer than employees didn’t have any kind of employee cybersecurity training in place. For companies with 20-99 employees, that number was 29%, and for those with 100-500 employees it was 13%.

These training programs that companies are passing up on have a strong efficacy rate. A separate Webroot report found that when employees underwent phishing simulations in combination with ongoing training, their click rate on these phishing links dropped by more than half—from 26% down to 12%.

SEE: Information security policy (Tech Pro Research)

Phishing, overall, was seen as the current greatest threat against SMBs. Some 24% of all respondents to the survey said this was the case. Still, another 24% of those surveyed said they didn’t know their greatest threat, the report found. And employees at businesses with fewer than 19 workers were the least likely to know their threat.

There are specific trends that pop up in phishing emails, Webroot CISO Gary Hayslip, explained in the report. Here are the top email lines associated with phishing:

  1. Review or Quick Review
  2. Bank of <take your pick>; New Notification
  3. Charity Donation for You
  4. FYI
  5. Action Required: Pay your seller account balance
  6. Unauthorize login attempt
  7. Your recent Chase payment notice to <name of employee>
  8. Important: (1) NEW message from <Bank Name>
  9. AMAZON : Your Order no #812-4623 might ARRIVED
  10. Wire Transfer
  11. Assist Urgently

Companies that have 20-99 employees ranked employee naiveté is their top threat, with phishing coming in at 22%. Despite the hype surrounding individual threats, 92% of all malware still comes by way of email, as noted in the 2018 Verizon Data Breach Investigations Report. As such, “SMBs should focus on training employees to securely manage their email,” the Webroot report said.

When it comes down to it, most SMBs simply don’t have the money or resources they need to handle at an expert level, the report found. Some 41% of respondents said they have no dedicated resources for IT , and only 12% said they had dedicated in-house staff. Others admitted to using third parties to help manage , the report said.

The financial risk is big, too. According to the report, a will cost an average SMB around $527,256.

The big takeaways for tech leaders:

  • Phishing is still the top risk for SMBs, although many small businesses lack any formal security training for their employees. — Webroot,
  • SMBs don’t have the proper resources to tackle security, as 41% have no dedicated resources for IT security. —Webroot, 2018

Also see

smbsecurity.jpg  - smbsecurity - The top 11 phishing email subject lines SMBs should look out for

Image: iStockphoto/Natali_Mis



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here