Happy National Small Business Week! The U.S. Small Business Administration (SBA) started this holiday more than 50 years ago to recognize the critical contributions of America’s entrepreneurs and small business owners. There are currently 32.5 million small businesses (defined as firms with less than 500 employees) in the U.S., which account for 99.9% of all businesses.
Dashlane kicked off the campaign by surveying small business employees and managers to find out how their organizations are approaching security in a changing hybrid work environment.
Read the top 5 learnings
If you work for or own a small business, you’ve got a lot on your mind and your plate. Cybersecurity best practices may not be at the top of your to-do list—or you may not think they apply to your organization at all. Carissa Tilford, Director of Operations for Jeffrey DeMure + Associates Architects Planners, Inc., told us, “Being a small business [with 32 employees], it’s easy to think that you’re immune, [that] a cybersecurity threat will never happen. We’re not some big enterprise, why would someone target us?”
Unfortunately, more than half of small businesses have experienced at least one security breach, one data breach, or both. There are a few reasons why cybercriminals target these organizations.
A typical small business has a very small IT team or tasks employees from other groups with admin responsibilities. This list of responsibilities is long and includes protecting the company’s website from being hacked, onboarding and offboarding employees to different applications and other IT resources, resetting passwords, and more. But these IT teams and admins are often asked to do more with less, as 43% of small and medium-sized businesses lack cybersecurity defense plans.
Team members wrangle many different responsibilities—and passwords—daily. Employees may reuse passwords, write them down on sticky notes, or share them through email or Slack, making them less secure. According to Verizon’s 2021 Data Breach Investigations Report, about 61% of confirmed data breaches involve credentials. Cybercriminals use these compromised and weak passwords to launch various attacks and gain access to small businesses’ applications, user accounts, and systems.
Like many organizations, a lot of small businesses enabled employees to work from home in response to the COVID-19 pandemic. But without adequate security measures in place, the number of cyberattacks grew. There was a 600% increase in cyber threats, and 40% of companies that enabled work-from-home policies for employees reported an increase. Navigating the current hybrid work environment without security best practices in place could also open small businesses up to increased vulnerabilities.
Time is a precious resource for small business employees and managers, which means educating yourself or your employees about cybersecurity best practices often—understandably—takes a back seat to more pressing issues. However, 95% of cybersecurity breaches are due to human error, like employees not regularly changing passwords or falling victim to phishing scams by clicking a malicious link.
Like larger corporations, small businesses have access to sensitive information for employees, contractors, customers, vendors, and third parties. But they’re typically less protected when it comes to cybersecurity, making them a low-risk (and a high-reward) target for cybercriminals. Unfortunately, the small business pays this high cost when there’s a breach. In fact, IBM and the Ponemon Institute’s 2021 Cost of a Data Breach Report shows that small companies spend an average of nearly $3 million per incident.
“There are two sides to the equation. One is making employees realize their behavioral shortcuts—sharing, reusing, or saving passwords—creates a security risk. It’s the cultural journey of explaining why they need better password health and encouraging them to do that. The other side is making it easy for them to live their lives without having to bend over backward, which means taking the friction out of the process. That’s the way businesses must think about closing the gate on their security infrastructure.”—JD Sherman, CEO, Dashlane
In the face of these challenges, building a strong security culture can feel overwhelming. But a password manager offers a simple way to optimize security without adding to your—or your employees’—workloads. Dashlane Team and Dashlane Business are simple to set up, easy for admins and employees to use, and feature best-in-class security tools to help monitor employee password health and stop breaches before they happen.
The bottom line: Your small business is essential, and so is its security. And the best defense is a strong offense. What better way to celebrate National Small Business Week than by upping your company’s security—and peace of mind—with a password manager?
Dashlane will release a full report on the future of secure work later this month, but you can preview the top five security findings for small businesses here. Visit the campaign for more information on keeping your business secure with one simple best practice.