Cybercrime tends to become a bigger issue when money gets tight, and we all know pennies are being pinched right now.
Ransomware attacks have skyrocketed in recent years, with a 150% increase reported between 2020 and 2021. LockBit, a ransomware operator, has targeted hundreds of organizations in the past three years alone.
As attacks become more sophisticated, businesses need to take action if they’re to protect themselves against cyber threats.
Using our data, we’ll guide you through what brands need to know about the future of data security, covering:
- Whether cybersecurity is prioritized in the workplace
- Workers’ confidence in the security of their company’s technology
- Why employees need to be kept informed on cybersecurity and what brands are doing now
Businesses have other priorities, and some are more vulnerable than others
With cybercrime being so prominent today, you’d expect security to be a big concern for business leaders. The thing is, while it’s clearly an important matter, other priorities pull focus.
Just 1 in 4 tech decision makers say that enhancing security is a key initiative for driving growth in the next year, behind better marketing, improving innovation, and bettering the products or services they offer to customers. This number also drops by quite a bit in some European and North American markets.
As of 2022, the US economy loses an average of $9.44 million a year due to cyber attacks, and this number is climbing.
A quarter of businesses want to find cost-saving initiatives in the next year. Incorporating cybersecurity into the workplace can do just that; it’s a cost-effective way to minimize the money lost from a cyber attack, but not all businesses have made this connection.
Small and medium sized enterprises (SME’s) are particularly unprepared for a cyber attack. “Cybercriminals often go by scaled repeated attacks, making small businesses likely targets”, says SME insurance expert Jane Mason. What’s more, nearly half of all SMEs spend less than $500 on cybersecurity and have an “average” or “below average” understanding of cybersecurity practices.
They’re less likely than average to see it as a business challenge too. Compared to larger businesses, SMEs are the most likely to say they’re focused on better marketing, a sign that cybersecurity is falling to the wayside.
What’s fairly consistent across countries and industries is that those who are less likely to list cybersecurity as a growth initiative are also less likely to see it as a company challenge. Healthcare is generally considered one of the industries most at risk of cyber attacks, and its workers are 23% less likely to see cybersecurity as a challenge. And it’s the same for those working in the military and armed forces, who say they’re 24% less likely to see it as an issue, and 23% less likely to say enhancing security is a key growth initiative.
Broadly speaking, those who aren’t thinking about it probably aren’t doing much about it. This means that some sectors and businesses are especially vulnerable to attacks right now.
Consumers are confident, but a lot of this is misplaced
Workers don’t seem to be unsure about data security; over 8 in 10 say they’re extremely or somewhat confident in the security of their work devices, with younger consumers being more likely to say this.
That kind of confidence could prove costly.
Workers don’t necessarily hear about data breaches; so unless they’ve been affected personally, they’re probably not going to prioritize it.
The World Economic Forum (WEF) found that 95% of cybersecurity issues are linked to human error, so what devices people are using aren’t usually to blame.
Just like smaller businesses, people are probably underestimating the risk.
Employees and business leaders often see cybercrime as “just a technical issue” that should be left up to IT departments. Instead, they need to understand that every employee has a role to play, and approach it as a collective issue.
Seen in this light, these levels of confidence could be a cause for concern – a sign that workers don’t understand the growing cyber threat.
People are taking precautions, but the numbers could be a lot higher
There is some good news for businesses; those who are extremely confident in the security of their devices are much more likely than the average worker to take all of the precautions on our list. Still, even among these workers, less than half change their passwords monthly or use multi-factor authentication and other protection methods like anti-virus software.
No one method is enough to protect companies, and refining a cyber security strategy is an ongoing process. Yet, only a fraction of employees take two or more of these steps each month. The groundwork has been laid, but it needs to be built upon.
Most of the ways to protect against cyber threats are relatively simple and don’t take much time. Even if some security solutions are expensive, they’re often worth the investment.
For starters, changing passwords isn’t only easy, it costs nothing. A strong password can make it much harder for hackers to access personal information, which can easily lead to a data breach, identity theft, and other forms of cyberattacks. The Harvard Business Review recommends that, if people are nervous about forgetting a lengthy password, they should turn it into a phrase with differing special characters.
Using anti-malware software is good for detecting suspicious activity or software on devices. Anti-malware protects against a range of threats from viruses, worms, Trojans (yes, still talking about cyber threats), spyware, and adware. It’s also the most popular among workers, with 38% saying they use it each month.
Multi-factor authentication (MFA) is also a great tool for companies to have up their sleeve, as it adds that extra layer of protection against threats. Now that working from home is common for more businesses – over 6 in 10 business professionals say remote working is permitted in some circumstances – MFAs help ensure that there is no unauthorized access to work resources.
Virtual private networks (VPNs) are another tactic used to protect business’ data. VPNs provide private connections for employees, but globally, only 14% of workers say they regularly use virtual private networks (VPNs). Not only do they offer end-to-end encryption for companies’ data, but they’re also cost-effective to run.
All these cyber security solutions can do a lot of good, especially when combined. The opportunity for businesses lies in making this a company-wide effort.
It’s all about awareness
Alongside adopting these tools, employees need to be made aware of the importance of security protection. It should be embedded in the company culture that there are real risks to cybercrime, and that everyone plays a role in preventing it.
The best way to tackle this? Upskill employees.
It’s important to have clear rules in place for how workers should handle sensitive information; like customer data, and company secrets. But don’t just set these rules and then leave them to gather dust – regularly check in and update them to make sure they’re still working well.
It’s also important to highlight the limitations of certain practices too. Take private browsing mode as an example, it’s private to an extent, but third-party tracking can still occur in incognito mode.
Business professionals say that the most common way companies communicate their strategic goals is through meetings or emails, but to make cybersecurity feel like less of a chore, businesses need to be more imaginative.
Cybersecurity training should be interactive. PBS created a game to help users identify cyber threats and improve their own security measures, and Trend Micro is well-known in the cybersecurity world for offering quick videos to capture people’s attention. The FCC even released a Cybersecurity Tip Sheet geared toward small businesses.
Beyond opening the floor, employers could offer practical, hands-on experience. Monica Seeley, Founder of Mesmo Consultancy, has floated the idea of making financial service users take an exam. Rather like a Covid passport, individuals can then only access their bank account and financial services if they pass a cybercrime test. It might sound a bit extreme but the point is that businesses have a chance to get more creative about how they’re preventing cybercrime.
All this starts at the top. C-suite executives can start creating a company culture that emphasizes cybersecurity by sparking the conversation. We know that employees generally prefer open communication in the workplace, and it’s up to leaders to incorporate that to be able to resonate with their employees.
It’s time to protect your business with a (cyber) hard hat
In today’s digital age, cybersecurity is crucial for businesses across all industries. With technology playing a significant role in our daily operations, protecting your company from cyber threats is imperative.
It’s important to note that no single method can fully safeguard your business from cyber attacks. The refinement of security strategy is an ongoing process.
Prioritizing cybersecurity in the workplace can lead to a more efficient and cost-effective organization. Company devices should not be assumed to be completely secure, and it’s essential to implement strong passwords, promptly update software, and train employees on the necessary steps.
By creating a culture of cybersecurity within your organization, you can help protect your business and sensitive data, safeguard your reputation, and ultimately enhance your bottom line.