Most people underestimate the vulnerability of their small business to cyber attacks, according to a survey from the password manager Keeper. The survey, which collected responses from over 500 senior level decision makers at companies with 500 employees or less, found that two-thirds of people didn’t think they’d be victims of a cyber attack. However, a previous study from the Ponemon Institute found that 67% of businesses had been attacked within the last year, demonstrating the discrepancy between the decision makers’ lack of concern and the likelihood of a cyber attack.
Related: The Best Password Managers of 2019
Only one in ten of the survey’s respondents thought that a cyber attack was very likely, according to Keeper’s 2019 SMB Cyberthreat Study. The survey also found that:
- 9% of people believed that cybersecurity was the most important aspect of their business when compared with recruitment, marketing, sales, quality of internal tools, and contributing to social good
- 60% of people did not have a prevention plan against a cyber attack
- 25% of people said that they didn’t know where to start when it comes to cybersecurity.
Small businesses need to start with password security, according to Darren Guccione, CEO of Keeper. All employees and their devices should have high-strength and random passwords along with two or multi-factor authentication. In an interview with Security Baron, Guccione said,
“Any device could be the weakest link in a business. It only takes one weak password to wreck a company.”
When looking for a password manager, small businesses should make sure that it’s built using a zero-knowledge security architecture, meaning that the vendor cannot access the master password or encryption key. Rather, all of the encryption and decryption should occur on the client side as opposed to on the vendor’s servers. Guccione told Security Baron that “for many hackers, small business are low-hanging fruit. Most small businesses don’t have formal IT budgets or staff, making them easy targets.”