Study Reveals SMB Employees Are Taking Major Data Security Risks

Cyberattacks on large enterprises often make the headlines as they tend to involve the theft of large quantities of data, but small to medium sized businesses also face a high risk of cyberattacks and data breaches.

According to a new report from the Chicago-based SMB consultancy firm Switchfast, there are now 4,000 cyberattacks on SMBs every day. SMBs are often viewed as easy targets. The rewards for a successful attack may not be so great as an attack on a large enterprise, but the attacks are easier to pull off and are far less time-consuming.

Cybercriminals search for vulnerabilities in applications and operating systems that can easily be exploited to gain access to SMB networks. While unpatched software is certainly a problem that needs to be addressed, there are usually much easier ways to gain a foothold in the network.

Employee negligence is one of the leading causes of data breaches at small to medium sized businesses. Employees are responding to phishing emails without stopping and thinking about the potential consequences of their actions, and poor security practices are commonplace.

Switchfast decided to investigate how employee negligence was contributing to data breaches at SMBs and conducted a study on 600 small businesses to determine the extent of the problem. Members of the C-suite were asked about the data breaches they had experienced and the cybersecurity habits of their employees to discover the impact that poor security practices were having.

While large organizations can absorb the cost of data breaches and can recover from multiple attacks, SMBs do not have the same financial reserves and cyberattacks can be disastrous. 60% of SMBs are likely to go out of businesses if they experience a significant data breach as there are simply not the funds available to cover the cost of mitigating an attack.

Even so, the survey showed that SMBs are largely dependent on the ability of their employees to be able to recognize phishing attacks and other attempts by cybercriminals to gain access to their networks. They often lack the resources to provide security training for employees. Security awareness training is simply not a business priority at many SMBs.

Further, many SMBs underestimate the threat they face. 51% of business leaders and 35% of employees do not believe they will be targeted by hackers. The survey also revealed that employees are taking huge risks that are making it far too easy for hackers.

The survey revealed 66% of employees and 44% of business leaders connect to public Wi-Fi networks to perform work duties. 22% of SMB leaders and 19% of employees have shared their password with a co-worker or assistant, 76% of business leaders and 69% of employees have not activated 2-factor authentication on their accounts, and 62% of employees and 44% of managers are using work computers to access personal social media accounts.

If these and other poor cybersecurity practices are not corrected, they are likely to lead to a costly data breach. And if such a breach is experienced, the business may never recover.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of