Small businesses may be particularly at risk in this one area.
New data suggests malware threats are the highest they’ve ever been—and the culprits may be your employees.
There has been a dramatic increase in the frequency and severity of malware attacks since 2011, according to the 2016 State of the Endpoint Report from the Ponemon Institute. Malware is software specifically designed to gain access to a computer without the owner’s knowledge. Perpetrators of these attacks aim to steal intellectual property, account information, Social Security numbers, and other data that may put businesses in danger.
GET SECURE: The 6 Most Common Cybersecurity Mistakes Small Businesses Make
Of the 694 U.S. IT security practitioners surveyed, 80 percent believed their mobile endpoints (laptops, desktops, smartphones, printers, POS machines, or ATMs) had been the targets of malware over the last year, according to the Ponemon survey.
In addition, more than 70 percent of cyberattacks occur at businesses with fewer than 100 employees, according to the U.S. House Small Business Committee. That means that if your small business doesn’t have well-established cybersecurity practices, it could be in severe danger of being targeted.
The Main Culprit
Implementing antivirus and firewall software for your business is not enough to protect it from these attacks. More than 80 percent of survey respondents reported that the biggest threat to their endpoint security is “negligent or careless employees who don’t follow security policies.”
This is dangerous, especially combined with the fact that many “startups and small business ventures present themselves as soft and desirable targets for cyberattacks,” Frank Spano, executive director of The Counterterrorism Institute in New York City, told NFIB earlier this year.
This problem of employee negligence is a hard one to battle. “Not only are employees the biggest risk, but it’s very difficult for the IT organization to enforce policy on those employees,” CounterTack chief technology officer Michael Davis told InformationWeek.
What You Can Do For Your Business
Don’t let your small business become a target for cyberattacks. Here are some ways to protect yourself:
- Increase threat awareness
- Hire a consultant to perform a risk assessment
- Install anti-virus and anti-malware software
- Advise employees to avoid clicking on unfamiliar links in emails
- Have employees take advantage of free online security tutorials such as the Small Business Administration’s cybersecurity training for small businesses
Enterprises have recently addressed these challenges by making endpoint security a greater priority in their IT security strategy, according to InformationWeek. This involves securing their data rather than their devices.