Poor cybersecurity management puts SMEs at risk

Capterra, the leading B2B software search website, has revealed the results of its study that analysed how small and medium-sized businesses in the UK are dealing with IT security since they have started working remotely.

While small and mid-sized companies (SMEs) are taking the necessary steps to ensure business continuity, Capterra’s research indicates that cybersecurity processes have been less efficient.

According to the study, only 15 percent of the respondents have strong passwords, with randomised letters, numbers, and characters. The number of workers that say they use firewalls (8 percent), VPN (7 percent) and e-mail security software (6 percent) is even lower.

The importance of security measures becomes clearer when we observe that 30 percent of the employees that have recently suffered phishing attacks claim it took place during remote work. Interestingly, 45 percent of these emails were related to Coronavirus.

Also worrying is the number of workers that say they use only their personal devices to work from home (40 percent), which jeopardises security and raises the odds of a virtual attack.

The speed and the scale of the COVID-19 crisis may have also had an impact on how companies prepared their employees for this new reality: only 10 percent say they have received IT security training to help guarantee a safe working environment when working remotely.

Sonia Navarrete, Content Analyst at Capterra, comments:

“Since the beginning of the lockdown, in the UK only, more than 30% of respondents have been victims of phishing emails, and almost half of those emails (45%) are related to coronavirus.

“Cyber criminals use real-world concerns for phishing emails to try and trick users into clicking on them, claiming to have a cure for the virus or encouraging them to donate to find a cure for it.

“Preparing employees to recognise this type of threat must be part of the routine of SMEs. It is vital for companies to invest in the necessary resources to train employees to recognise phishing attempts.

The results of the survey show that 63% of SME employees in the UK received some form of cybersecurity training (whether online or face-to-face).

The results of the survey also demonstrate that the coronavirus crisis has shown the lack of preparation of SMEs for remote working. This is not surprising, since 60% of businesses have had to adapt to remote working since the beginning of the pandemic.

Care to ensure safety during this time, however, should remain on the agenda of business owners going forward, since the consequences of a security breach can cause irreversible damage, and also harm the reputation of the business.