In the course of the Corona crisis, digitization has gained strong momentum in all business sectors, but especially in SMEs: Even traditionally paper-heavy industries such as the financial sector and long-established businesses are discovering the advantages of the cloud for themselves. You had to be creative and fast if you wanted to survive the crisis: remote work and home office is in demand like never before, since almost the whole world is forced to work from home. However, cybercriminals are also creative and fast. The new way of working also brings with it new risks and security vulnerabilities – a perfect target for hackers. In order to avoid becoming a victim of a cyber-attack in these already difficult times, it is imperative to defend against attacks. Experience shows that the most effective defense is well-informed and trained employees. Learn more 5 reasons for cybersecurity awareness training in SMEs below.
1. SMEs ARE THE FOCUS OF CYBERCRIMINALS
No business is too small not to be targeted by cybercriminals. SMEs focus primarily on their core competencies and as long as these are not in IT security, they are poorly protected against attacks. “Some cybercriminals have therefore specialized in such companies because they assume that they will encounter lower protective measures there for corresponding targeted attacks,” writes Swiss IT Magazine in April 2020. According to the digital association Bitkom, around 80% of SMEs have already been the victim of an attack. It is high time to actively protect against this and to sensitize employees to cybersecurity awareness in SMEs.
2. FINANCIAL DAMAGE AND LOSS OF REPUTATION
Our own experience as IT security consultants shows: unfortunately, many SMEs do not seriously address the issue until after an incident – which is unfortunately too late. After all, such an incident can lead to enormous financial losses and reputational damage. Almost 60% of attacked SMEs have to interrupt their production or operations as a result. According to a Kaspersky survey, the average cost of a cyberattack for SMEs is around 102,000 Swiss francs ($108,000). The costs of reputational damage have not even been taken into account here. Simple math: the cost of cybersecurity awareness training is much less than the potential damage in the event of an incident.
3. MAN IS THE WEAKEST LINK IN THE IT SECURITY CHAIN
As technical defense measures are constantly being improved, an attack on humans is becoming more and more promising. According to an international study by Kaspersky Lab and B2B International, 52% of companies surveyed think their employees are the biggest IT security vulnerability. Unfortunately, they are right: careless or ill-informed employees are the second most common cause of serious security breaches (46%) – because they often open the door to criminals by acting carelessly. 91% of successful attacks started with a social engineering trick, mostly phishing, and 49% of targeted attacks were due to malware. In both cases, training is particularly recommended, because even 10 simple rules can sensitize employees to such attacks.
4. METHODS ARE CHANGING – FASTER THAN EVER BEFORE
Not only are defense measures constantly being improved: cybercriminals are also constantly developing new methods and tricks. In the most creative manner, they are currently using the Corona crisis in particular to deceive their victims. That’s why it’s important to conduct regular cybersecurity awareness training – we recommend at least once a year. Unfortunately, a single training measure is not enough for sustainable awareness. A time-limited awareness campaign cannot cover all employees, let alone all risk issues, at the same time. In addition, the employee awareness achieved through the campaign diminishes again after two to three months and everyday life returns. It is important that all employees understand that they are an important piece of the IT security puzzle for the entire company. This can only be achieved if the subject is dealt with sustainably.
5. Cybersecurity AWARENESS TRAINING ESTABLISHES AN ERROR AND SECURITY CULTURE
When cybersecurity incidents occur, it is essential that employees report them as soon as possible after discovery. Unfortunately, 40% of affected companies actively try to hide it for fear of punishment. Much can be accomplished with targeted education about the potential disastrous consequences of such behavior and the development of a culture of error. In a cybersecurity awareness training, both decision makers and all employees are instructed in a company culture in which they can react correctly to threats without fear.
With regular cybersecurity awareness training, you can actively build and increase your protection. Properly conducted training can make a company 10 times safer. So contact us for in-house or remote cybersecurity awareness training with Dinotronic. Cybersecurity is our focus, so you can continue to concentrate on your core business and run your SME without fear.
