Small businesses unprepared for remote working, most don’t provide cybersecurity training
Stay-at-home orders for more than 40 states have forced millions of businesses to establish remote workforces that rely solely on internet-enabled applications and products to conduct business.
The overnight move to a “virtual workplace” has increased cybersecurity concerns for small business owners, but many still have not implemented remote working policies to address cybersecurity threats, according to a survey by the Cyber Readiness Institute (CRI).
Economic uncertainty preventing cybersecurity investments
Conducted from March 25-27, the survey of 412 small business owners found that half of all business owners are concerned that remote working will lead to more cyberattacks. Yet, nearly 40% feel that economic uncertainty will prevent them from making necessary cybersecurity investments.
This is particularly concerning for companies with fewer than 20 employees as the survey showed they were distinctly unprepared for remote working. Only 22% provided additional cybersecurity training prior to enabling remote working and just 33% provided “any cybersecurity training.”
“Now, more than ever cybersecurity affects the ‘business’ of nearly every company, not just in the U.S. but internationally,” said Kiersten Todt, managing director of CRI.
“These are extremely challenging times for companies, especially small businesses, as revenue and resources are as unpredictable as they have ever been. However, cybersecurity investments aren’t always tied to dollars and cents.
“Several free tools, that focus on human behavior, offer important guidance on helping small businesses become more cyber ready. The best way to prevent the spread of COVID-19 is by doing the basics like washing your hands. Similarly, the cyber hygiene basics will go a long way in keeping small businesses resilient in this time of increased threats.”
Lack of employee training
Social distancing and quarantine orders have altered how business owners manage employees and interact with customers. It has made the reliance on secure communications and operations more important than ever. Yet, only 46% of business owners provide any training to help workers be cyber secure when working from home. The numbers dwindled down to 33% when looking at companies with fewer than 20 employees.
Good cyber hygiene practices that focus on using secure passwords, ensuring that all operating systems are up to date, understanding tricks used by bad actors, and prohibiting the use of USB memory sticks can go a long way in preventing cyber-attacks.
Additional findings from the survey include:
- Only 40% of small businesses have implemented a remote work policy focused on cybersecurity as a result of coronavirus (only 25% of those with less than 20 employees)
- 59% of small business owners said that some employees would be using personal devices when working from home
- 55% believe that federal and state governments should provide products and funding for cybersecurity
- 51% said they provided their employees with technologies to improve cybersecurity for remote workers (only 34% for companies under 20 employees)