Small and mid-sized businesses (SMBs) need to do more about cybersecurity and especially the password practices of their employees. Credit: Kasper Pempel/Reuters Cybersecurity at small and mid-sized businesses (SMBs) have faced mounting threats, escalating attack damages and the rapid emergence of new types of attacks this year. Yet, despite clear evidence that the overwhelming majority of SMB cyber attacks result from poor password management, SMBs are doing very little to boost visibility into the password practices of their employees.Password protection is keyCyber attacks are becoming more targeted, sophisticated and even more severe in terms of consequences. It’s often found that employee negligence is the top root cause of successful data breaches. Clearly, an ongoing lack of attention to password usage underlies much of the cybersecurity woes at SMBs. A major study earlier this year by Verizon noted that 81 percent of all cyber attacks result from poor password management practices.Surprisingly, a majority of employers have no visibility into their employees’ password practices. Among the top bad practices include: using the same passwords for access to multiple accounts and services, sharing passwords in highly unsecure ways and failing to use strong passwords. “Password” was among the top 10 passwords in 2016, alongside the alarmingly amount of people who still use “123456” or other very easily compromised ones. Employers need to enforce a password policy in place to keep vital data secure.Affordable, effective solutionsAn easy solution for SMBs to respond to these types of compromising situations is to quickly establish mobile device and BYOD internal control policies and implement software that controls the information being protected and transacted via these and other devices. The combination of password management software and enterprise mobility management tools can mitigate up to 80 percent of the cyber risk those devices pose. What is holding SMBs back?Clearly greater data protection beyond the “traditional” protection tools is needed. So why don’t more SMBs take such steps to protect their most sensitive data assets? Companies cite that the lack of trained security staff and inadequate budgets are top barriers. However, given the enormous costs associated with a data breach, failing to protect against today’s dynamic threat environment could prove disastrous. And, the costs associated with doing so may not be as high as imagined.Today, there is greater protection software targeting SMBs than ever before. The cost-to-benefit spread in terms of value to what the real risks are and in consideration to how productivity can actually be enhanced with the right software solutions puts better protection well within reach of SMBs, from an ROI perspective. For example, with a comprehensive password management system, many organizations have experienced a marked decline in help desk calls related to lost or forgotten passwords. Companies should teach their employees what to be wary of, especially with phishing or other social engineering attacks, most notably burying harmless looking clickable URLs into a scam email. A prime defense against this can be ongoing phishing simulations to try to “catch” negligent employees, thereby helping educate them. Employers would be surprised how many people in their own organizations fall victim to such a test.Beware the Internet of ThingsOrganizations have high levels of concern over security breaches caused by Internet of Things (IoT) devices, which today number in the billions with millions more being deployed every month. They are notoriously non-secure, arriving from overseas factories as de facto network end points. They come with no mandate or set of requirements regarding password length or strength or whether they should have single or two-factor authorization.It’s alarming the amount of small and mid-sized businesses that are becoming huge targets for hackers. With a few simple measures, businesses can significantly reduce the amount and size of these attacks. Improving cyber-security doesn’t have to cost a ton of money, but it’s imperative for companies to invest time and effort to educate employees about password protection and keeping up with the latest company software updates. Related content opinion Top reasons CEOs should care about privacy Privacy protection will undoubtedly be one of the defining issues of the internet age, and it’s important for leaders and companies to take notice and actively prevent breaches and protect their customers. By Darren Guccione Jun 27, 2018 5 mins Privacy IT Leadership Security opinion 5 ways small to midsize businesses can stay safe in the cloud By taking the right security precautions, small to midsize businesses (SMBs) can benefit greatly from cloud computing. By Darren Guccione May 16, 2018 9 mins Cloud Security Security opinion Turbo-charging your single sign-on solution A comprehensive privileged password manager fills the SSO gaps and boosts overall data security. By Darren Guccione Apr 10, 2018 10 mins Authentication Technology Industry Access Control opinion What cybersecurity surprises does 2018 hold? One thing's for sure: securing ourselves and our organizations will only get more difficult this year. By Darren Guccione Feb 14, 2018 5 mins Passwords Technology Industry Internet of Things Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe