Why aren’t small businesses employees implementing better cyber-hygiene?

Cyber-hygiene is crucial, but employees at small businesses are having a hard time changing their old habits. Why?

How to deploy an information security solution in a midsize business

Cyber-hygiene is a series of best-practices for maintaining devices against cyber-threats. Think good password policies or mandated endpoint updates, ensuring that devices and data are kept secure.

But whilst IT teams have to shoulder the brunt of this task, there’s a good portion of it that relates to staff. Your business needs to ensure that attackers don’t slip through the net via a phishing email or poorly configured endpoint.

But, whilst many businesses have mandated cyber-security policies and education in place, the vast majority of data-breaches are still related to human error. So, why is it that, despite the training, staff are not turning their learnings into actions?
To find out, we commissioned a survey, asking IT decision makers across North America their thoughts.

Are you aware?

It turns out that whilst there’s room for further education in the work-place for staff, a lot of the problems come from issues such as fear of making mistakes, inconvenience and even lack of consequence for following the rules.

One of the main issues that crops up is old habits. Of those surveyed, 38% said it was the main factor in not adopting new cyber-security behaviors, whilst 37% felt that it would add additional complexity and slow down their work-flow. As the saying goes, old habits die hard, so it’s important that IT teams are educating staff on the reasoning behind changes, and the consequences their carelessness can have.

Fear of making mistakes is another major concern for staff, with 39% saying they were worried about mistakes or being judged by fellow staff. Whilst this may be an issue that needs to be addressed on a case-by-case basis, IT teams can help by ensuring that there’s plenty of support for staff who are unsure about new procedures or policies.

Businesses can also mitigate some of these issues through regular IT security training sessions, as well as letting staff understand why changes are implemented.

What can your business do?

Whilst trainings and security awareness programs are good initial steps, businesses and IT teams need to start to change staff behavior and break old habits. As Trevor Serebro, MSP and Distribution Territory Channel Manager says: Our job as cybersecurity professionals is to develop the proverbial ‘human firewalls’ within our organizations to mitigate cyberattacks, and the best way to do so is to adopt a corporate culture of security awareness, consciousness and responsibility among employees to lessen future human factor attacks”.

If you’d like to learn more about the report, head here.