It’s a gap that could leave businesses open to a cyberattack, according to Nationwide Insurance. In the company’s latest annual survey of small business owners, it found that one-fifth of small business owners have not provided formal cybersecurity training for their employees.
According to Nationwide, the security lapses employees may have at remote locations represent one of the largest threats to cybersecurity. An attacker could break into a worker’s computer over a public Wi-Fi network, for example.
“What may seem like a harmless public Wi-Fi network could ultimately pose serious troubles for a business,” said Catherine Rudow, Nationwide’s vice president of cyber insurance.
While 83 percent of small business owners — and 95 percent of young business owners — allow employees to work remotely, only half have updated their remote security policies in the past year, the survey found.
“Many employees may not realize the magnitude of risk associated with a cyberattack as they may not have engaged in a formal training process,” Rudow said. “The scary truth is that many small business owners, even if they are aware of these risks, have not implemented all the proper measures of protection.”
Sixty-five percent of business owners surveyed said they’ve been the victim of a cyberattack. Computer viruses were the most common type of attack, and 7 percent of companies fail to regularly update security software.
How to protect yourself and your business
Only 4 percent of business owners have implemented all of the cybersecurity best practices recommended by the U.S. Small Business Administration, the survey found.
Here’s what the SBA recommends:
- Use and update antivirus and antispyware software. Most of them can be set to install updates automatically.
- Secure your networks with a firewall and encrypt information. Keep Wi-Fi networks secure and hidden, and require a password to access the router.
- Set policies for how employees should protect sensitive data like personal information. Also set consequences for violating the policy.
- Educate employees about cyber threats. Show them how to protect the business’ data and safely use the internet. Require them to use strong passwords and change them often, ideally with multifactor authentication beyond a password.
- Work with banks and other payment processors to ensure anti-fraud services are in place. See if they offer multi-factor authentication, too.
- Regularly back up data on all computers, including text documents, spreadsheets, databases, financial information, human resources files, etc.
- Control physical access to computers and other devices that can access the business’ network. Make sure each employee has a separate user account with strong passwords. Give administrative privileges only to those who need them.
- Make a plan for mobile device security. Require users to set passwords, encrypt their data and install security apps to protect information while connected to public networks.
- Protect all pages on company websites, not just checkout or signup pages.