Small Businesses Need to Learn

Things look dire for the current state of IT security in the U.S. and U.K., according to a report published by RiskIQ, a digital threat management firm. This is based on a survey, conducted by IDG Connect, answered by 465 persons in charge of making IT security decisions at organizations with at least 1,000 employees in these two countries. But that doesn’t mean there’s nothing you can do. Here are some lessons your business needs to learn, sooner rather than later.


1. Most IT security threats come from outside an organization.

A threat can originate from within your organization, such as personnel who may have accidentally or intentionally compromised your organization’s IT security. But respondents to the survey said 75 percent of issues they had experienced came from someone acting outside their organization. Make sure your employees go through security training and awareness programs so they are well equipped to stop attacks from the outside.


2. The web is the biggest security issue.

More than 70 percent of survey respondents said they had little to moderate confidence in fully protecting their organization’s IT from threats originating from the web. What’s more surprising is that 60 percent said their organization experienced security issues stemming from mobile devices. This lower number may be due to policies for using mobile devices at work that could be stricter than those for using an organization’s computer.


3. Ransomware and malware that messes up browsers are the biggest threats.

Survey respondents reported 44 percent of their security incidents were due to malware that locks up browsers or triggers ransomware. Most of these are executed because of an insecure browser: An employee visits a site with malicious code hidden in it that downloads automatically or tricks the employee into clicking something to trigger it. Again, training is so important.


4. Phishing is an equal problem.

Many employees do not take enough care when it comes to clicking links in their emails or on the web that could harvest their personal data or lead to malicious things such as malware. Phishing attacks were on par with malware, having affected 42 percent of the survey respondents.


5. Keep an eye on your domains.

Threats to survey respondents’ domains – such as getting hijacked, or their DNS getting attacked – happened to 42 percent of them. So, the security of your organization’s online addresses needs to be treated as the same level of importance as malware and phishing.