2024 is here, and although the year is new; the cyber threats organisations face are not.
Now, a new report from the US-based Identity Theft Resource Center (ITRC) has confirmed that human error continues to be one of the leading causes of data breaches and cyberattacks for small businesses.
Based on a survey of over 500 small business owners and leaders, the report highlights the need for small businesses to focus on reducing insider threats through training and policies.
In this blog, we’ll share some of the key findings from the report and what small businesses across the world can do to reduce human error-related breaches.
Let’s get started!
Key findings from the ITRC Report:
- In the past year, 73% of small businesses experienced a cyberattack or data breach.
- Malicious insiders caused 30% of cyber incidents.
- 21% of breaches were linked to remote workers.
- 53% of small businesses had financial impacts over $250,000 (£197,000).
- 85% of small business leaders feel prepared to respond to cyberattacks.
How small businesses can reduce human error in cybersecurity
While technical defences like antivirus and firewalls are important, they can only go so far.
With the ITRC’s report in mind, here are some tips for building a culture of awareness and reducing risky behaviour:
Implement robust security training
Regular security training is essential to ensure employees know how to spot phishing emails, create strong passwords, and follow safe browsing habits.
Stressing the importance of vigilance and the role each employee plays in protecting company data is key in building a positive security culture within your organisation.
Enforce strong password policies
Strong passwords are a fantastic way to prevent easily avoidable breaches. Require your employees to use passwords with a minimum of 12 characters, with upper and lowercase letters, numbers, and symbols.
Equally important is that each password your employees use is completely unique to each service. A password management tool is a great way to store those unique, complex passwords.
Limit access to sensitive data
Restrict access to confidential company data and customer information only to employees who need it for their job duties. This helps prevent insiders from intentionally or accidentally mishandling data.
Frequently backup critical data
Regular backups help minimise disruption from ransomware and accidental data loss due to human error. Test restores periodically to verify backups are working correctly.
The ITRC report is a reminder that cybersecurity requires both technological defences and thoughtful policies around employee behaviour. Reducing human error through training and smart data hygiene practices is one of the most effective ways small businesses can improve their security posture.
At Bob’s Business, we make reducing human error simple for organisations of all sizes. Whether it’s our NCSC-certified short-form training, award-winning phishing simulations or affordable culture-change solutions, we’re your ultimate cyber training partner.