Cybersecurity at small and mid-sized businesses (SMBs) have faced mounting threats, escalating attack damages and the rapid emergence of new types of attacks this year. Yet, despite clear evidence that the overwhelming majority of SMB cyber attacks result from poor password management, SMBs are doing very little to boost visibility into the password practices of their employees.Password protection is keyCyber attacks are becoming more targeted, sophisticated and even more severe in terms of consequences. It\u2019s often found that employee negligence is the top root cause of successful data breaches. Clearly, an ongoing lack of attention to password usage underlies much of the cybersecurity woes at SMBs. A major study earlier this year by Verizon noted that 81 percent of all cyber attacks result from poor password management practices.Surprisingly, a majority of employers have no visibility into their employees\u2019 password practices. Among the top bad practices include: using the same passwords for access to multiple accounts and services, sharing passwords in highly unsecure ways and failing to use strong passwords. \u201cPassword\u201d was among the top 10 passwords in 2016, alongside the alarmingly amount of people who still use \u201c123456\u201d or other very easily compromised ones. Employers need to enforce a password policy in place to keep vital data secure.Affordable, effective solutionsAn easy solution for SMBs to respond to these types of compromising situations is to quickly establish mobile device and BYOD internal control policies and implement software that controls the information being protected and transacted via these and other devices. The combination of password management software and enterprise mobility management tools can mitigate up to 80 percent of the cyber risk those devices pose.What is holding SMBs back?Clearly greater data protection beyond the \u201ctraditional\u201d protection tools is needed. So why don\u2019t more SMBs take such steps to protect their most sensitive data assets? Companies cite that the lack of trained security staff and inadequate budgets are top barriers. However, given the enormous costs associated with a data breach, failing to protect against today\u2019s dynamic threat environment could prove disastrous. And, the costs associated with doing so may not be as high as imagined.Today, there is greater protection software targeting SMBs than ever before. The cost-to-benefit spread in terms of value to what the real risks are and in consideration to how productivity can actually be enhanced with the right software solutions puts better protection well within reach of SMBs, from an ROI perspective. For example, with a comprehensive password management system, many organizations have experienced a marked decline in help desk calls related to lost or forgotten passwords.Companies should teach their employees what to be wary of, especially with phishing or other social engineering attacks, most notably burying harmless looking clickable URLs into a scam email. A prime defense against this can be ongoing phishing simulations to try to \u201ccatch\u201d negligent employees, thereby helping educate them. Employers would be surprised how many people in their own organizations fall victim to such a test.Beware the Internet of ThingsOrganizations have high levels of concern over security breaches caused by Internet of Things (IoT) devices, which today number in the billions with millions more being deployed every month. They are notoriously non-secure, arriving from overseas factories as de facto network end points. They come with no mandate or set of requirements regarding password length or strength or whether they should have single or two-factor authorization.It\u2019s alarming the amount of small and mid-sized businesses that are becoming huge targets for hackers. With a few simple measures, businesses can significantly reduce the amount and size of these attacks. Improving cyber-security doesn\u2019t have to cost a ton of money, but it\u2019s imperative for companies to invest time and effort to educate employees about password protection and keeping up with the latest company software updates.