business

Why aren’t small businesses employees implementing better cyber-hygiene?

Cyber-hygiene is crucial, but employees at small businesses are having a hard time changing their old habits. Why?

David Buxton
November 15, 2023

Cyber-hygiene is a series of best-practices for maintaining devices against cyber-threats. Think good password policies or mandated endpoint updates, ensuring that devices and data are kept secure.

But whilst IT teams have to shoulder the brunt of this task, there’s a good portion of it that relates to staff. Your business needs to ensure that attackers don’t slip through the net via a phishing email or poorly configured endpoint.

But, whilst many businesses have mandated cyber-security policies and education in place, the vast majority of data-breaches are still related to human error. So, why is it that, despite the training, staff are not turning their learnings into actions?
To find out, we commissioned a survey, asking IT decision makers across North America their thoughts.

Are you aware?

It turns out that whilst there’s room for further education in the work-place for staff, a lot of the problems come from issues such as fear of making mistakes, inconvenience and even lack of consequence for following the rules.

One of the main issues that crops up is old habits. Of those surveyed, 38% said it was the main factor in not adopting new cyber-security behaviors, whilst 37% felt that it would add additional complexity and slow down their work-flow. As the saying goes, old habits die hard, so it’s important that IT teams are educating staff on the reasoning behind changes, and the consequences their carelessness can have.

Fear of making mistakes is another major concern for staff, with 39% saying they were worried about mistakes or being judged by fellow staff. Whilst this may be an issue that needs to be addressed on a case-by-case basis, IT teams can help by ensuring that there’s plenty of support for staff who are unsure about new procedures or policies.

Businesses can also mitigate some of these issues through regular IT security training sessions, as well as letting staff understand why changes are implemented.

What can your business do?

Whilst trainings and security awareness programs are good initial steps, businesses and IT teams need to start to change staff behavior and break old habits. As Trevor Serebro, MSP and Distribution Territory Channel Manager says: Our job as cybersecurity professionals is to develop the proverbial ‘human firewalls’ within our organizations to mitigate cyberattacks, and the best way to do so is to adopt a corporate culture of security awareness, consciousness and responsibility among employees to lessen future human factor attacks”.

If you’d like to learn more about the report, head here.

Kaspersky multi-layered protection for your online finances

Five Kaspersky technologies to protect your finances

How Kaspersky products provide multi-layered financial protection, and what threats it can protect you from.

Free Tools

TARGETED SECURITY SOLUTIONS

INDUSTRIES

Why aren’t small businesses employees implementing better cyber-hygiene?

Are you aware?

What can your business do?

Five key cybersecurity lessons for your CEO

Be prepared: Threat Management and Defense

Five Kaspersky technologies to protect your finances

Tips

Advertisers sharing data about you with… intelligence agencies

Watch the (verified) birdie, or new ways to recognize fakes

Switching to Kaspersky: a step-by-step migration guide

Is it the boss – or is it a fraudster? Scams disguised as urgent orders from top brass

Sign up to receive our headlines in your inbox

Home Products

Small Business Products

Medium Business Products

Enterprise Solutions

Securelist

Eugene Personal Blog

Encyclopedia