Why cybersecurity needs to be at the top of IT’s to-do list

According to recent reports, cyber attacks are currently disproportionately targeting small businesses.

“70% of cyber attacks target small businesses” – Business Insider

With the average global cost of a data breach being $4.45 million, many small business owners simply don’t have the capital to survive the damage caused from a cyber attack. From losing critical data, time spent trying to recover, and a loss of customer trust, it’s not surprising that 60% of small and medium-sized businesses (SMBs) that are hacked go out of business within six months.

But while the stakes may be high, IT teams can protect their businesses by bumping security up their to-do list and prioritizing proactive security measures.

Risks companies face

There are many different types of cyber attacks businesses need to protect against but we’re going to focus on four threats: phishing, weak passwords, reused passwords, and shadow IT. All of these risks have one thing in common: credentials.

Phishing

Phishing attacks are a type of scam designed to trick people into sharing sensitive information. Often taking the form of emails, cybercriminals are in search of passwords, logins, or other secrets that they can use to gain access to secure systems.

Reused passwords

Password reuse is one of the most common security vulnerabilities businesses face. If the same password is used for multiple accounts a hacker just needs one login to gain access to all of the other accounts. And so if a single reused password is caught in a data breach, it could lead to multiple accounts being compromised.

Weak passwords

Probably the most obvious risk is weak passwords that are easily guessed or cracked. Brute force, dictionary, and social engineering are all common attack types that take advantage of weak passwords.

Shadow IT

Shadow IT refers to the apps your employees use that IT doesn’t know about. If a password is caught up in a data breach in a shadow IT app, the IT team would have no idea to request employees update passwords on those accounts, or if any important information has been exposed.

Why credential security is important

Credentials are basically the lock on the digital front door of your business. But unlike a physical building with one or two entrances, your online space can have infinite entry points.

Indeed, each new account for every app by every employee creates a new door that gets locked behind a password. This exposure is what makes access control one of the most important parts of your cybersecurity strategy.

How these risks manifest in businesses

If every login is seen as a door into your business then the one who holds the keys can be seen as the employees who create the locks. When it comes to credential security, employees aren’t deliberately putting their company at risk when they fall to phishing scams, or when they use weak passwords or apps that fall outside of security’s purview.

Like IT teams, employees are trying to get their work done. Security policies can sometimes feel like a barrier to that end goal. Having to remember multiple complicated passwords slows down sign-ins when employees just want to get into an app. It’s convenient to use the same password for everything, but it’s definitely not secure.

And when it comes to using apps outside of the IT team’s purview, employees are usually just trying to use the best tool available. With a long to-do list, IT teams don’t always have time to review apps, and so employees just quietly use what they need in the shadows.

So what can IT teams do?

Challenges IT face

IT teams in small businesses are, unsurprisingly, usually quite small – sometimes even having just one person responsible for IT, security, and more.

Trying to manage security effectively alongside competing IT and business responsibilities can require a constant act of juggling priorities. With limited bandwidth this can create a constant reordering of to-do lists, trying to just stay on top of incoming requests and leaving little room for proactive work.

The way work gets done has significantly shifted as businesses move to hybrid models and some require employees to use their own devices. And as new apps to get work done come into play the challenge to secure every employee, on every app, in any location is only becoming more complicated.

Even if an IT team has managed to put security policies in place, making sure employees are following them is a whole other story. It can be easy to think security challenges are the IT team’s responsibility, but business cybersecurity is a team sport – you’re only as strong as your weakest link.

Protect your business from cyber attacks

Creating a culture of security helps your team prioritize while also working with them. A few high level ways you can make the two work in harmony are by providing flexibility, increasing security adoption, and improving your overall security posture.

Security and productivity don’t have to be a one-or-the-other option. Check out our ebook Small business. Large security risks. for a more detailed look on how to keep your business safe and productive.

Stacey Harris

Content Marketing Manager