• United States




Why small and mid-sized businesses are a huge target for cyber attacks

Oct 31, 20174 mins
SecuritySmall and Medium Business

Small and mid-sized businesses (SMBs) need to do more about cybersecurity and especially the password practices of their employees.

Hacker typing on keyboard with binary numbers
Credit: Kasper Pempel/Reuters

Cybersecurity at small and mid-sized businesses (SMBs) have faced mounting threats, escalating attack damages and the rapid emergence of new types of attacks this year. Yet, despite clear evidence that the overwhelming majority of SMB cyber attacks result from poor password management, SMBs are doing very little to boost visibility into the password practices of their employees.

Password protection is key

Cyber attacks are becoming more targeted, sophisticated and even more severe in terms of consequences. It’s often found that employee negligence is the top root cause of successful data breaches. Clearly, an ongoing lack of attention to password usage underlies much of the cybersecurity woes at SMBs. A major study earlier this year by Verizon noted that 81 percent of all cyber attacks result from poor password management practices.

Surprisingly, a majority of employers have no visibility into their employees’ password practices. Among the top bad practices include: using the same passwords for access to multiple accounts and services, sharing passwords in highly unsecure ways and failing to use strong passwords. “Password” was among the top 10 passwords in 2016, alongside the alarmingly amount of people who still use “123456” or other very easily compromised ones. Employers need to enforce a password policy in place to keep vital data secure.

Affordable, effective solutions

An easy solution for SMBs to respond to these types of compromising situations is to quickly establish mobile device and BYOD internal control policies and implement software that controls the information being protected and transacted via these and other devices. The combination of password management software and enterprise mobility management tools can mitigate up to 80 percent of the cyber risk those devices pose.

What is holding SMBs back?

Clearly greater data protection beyond the “traditional” protection tools is needed. So why don’t more SMBs take such steps to protect their most sensitive data assets? Companies cite that the lack of trained security staff and inadequate budgets are top barriers. However, given the enormous costs associated with a data breach, failing to protect against today’s dynamic threat environment could prove disastrous. And, the costs associated with doing so may not be as high as imagined.

Today, there is greater protection software targeting SMBs than ever before. The cost-to-benefit spread in terms of value to what the real risks are and in consideration to how productivity can actually be enhanced with the right software solutions puts better protection well within reach of SMBs, from an ROI perspective. For example, with a comprehensive password management system, many organizations have experienced a marked decline in help desk calls related to lost or forgotten passwords.

Companies should teach their employees what to be wary of, especially with phishing or other social engineering attacks, most notably burying harmless looking clickable URLs into a scam email. A prime defense against this can be ongoing phishing simulations to try to “catch” negligent employees, thereby helping educate them. Employers would be surprised how many people in their own organizations fall victim to such a test.

Beware the Internet of Things

Organizations have high levels of concern over security breaches caused by Internet of Things (IoT) devices, which today number in the billions with millions more being deployed every month. They are notoriously non-secure, arriving from overseas factories as de facto network end points. They come with no mandate or set of requirements regarding password length or strength or whether they should have single or two-factor authorization.

It’s alarming the amount of small and mid-sized businesses that are becoming huge targets for hackers. With a few simple measures, businesses can significantly reduce the amount and size of these attacks. Improving cyber-security doesn’t have to cost a ton of money, but it’s imperative for companies to invest time and effort to educate employees about password protection and keeping up with the latest company software updates.


Darren Guccione is the CEO and co-founder of Keeper Security, the world’s most popular password manager and secure digital vault. Keeper is the first and only password management application to be preloaded with mobile operators and device manufacturers including, AT&T, Orange, America Movil and HTC. Keeper has millions of consumer customers and the business solution protects thousands of organizations worldwide.

Darren is regularly featured as a cyber-security expert in major media outlets including CBS Evening News, Fox & Friends, USA Today, ABC and Mashable. Darren was a panelist at FamilyTech Summit at CES 2017 and keynote speaker at Techweek Chicago 2015. In 2014, Keeper won the Chicago Innovation Awards and in 2016 won the Global Telecoms Business Awards with Orange for Consumer Service Innovation. Darren was recently named in the Chicago Top Tech 50 by Crain’s Chicago Business.

He started the company with extensive experience in product design, engineering and development. At Keeper, Darren leads product vision, global strategy, customer experience and business development.

Prior to Keeper, Darren served as an advisor to JiWire, now called NinthDecimal. NinthDecimal is the leading media and technology service provider for the WiFi industry. He was formerly the Chief Financial Officer and a principal shareholder of Apollo Solutions, Inc., which was acquired by CNET Networks.

He holds a Masters of Science in Accountancy with Distinction from the Kellstadt School of Business at DePaul University of Chicago and a Bachelors of Science in Mechanical and Industrial Engineering from the University of Illinois at Urbana-Champaign, where he was the recipient of the Evans Scholarship and Morton Thiokol Excellence in Engineering Design Award. He was also the recipient of the Distinguished Alumnus Award presented by The Department of Industrial & Enterprise Systems Engineering. Additionally, Darren is a licensed Certified Public Accountant.

Darren is a community board member of the Chicago Entrepreneurial Center (1871) supporting the development of early stage companies and an advisor to TechStars – a Chicago-based technology incubator for innovative startups. Formerly, Darren served on the Committee of Technology Infrastructure under Mayor Richard Daley.

The opinions expressed in this blog are those of Darren Guccione and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.