Survey: Realities of a Remote Workforce Increase Cybersecurity Concerns for Half of All Small Business Owners, But Policies, Training Still Lag

April 9, 2020

The overnight move to a “virtual workplace” has increased cybersecurity concerns for small business owners, but many still have not implemented remote working policies to address cybersecurity threats, according to a new survey by the Cyber Readiness Institute (CRI).

Conducted from March 25-27, the survey* of 412 small business owners found that half of all business owners are concerned that remote working will lead to more cyberattacks. Yet, nearly 40% feel that economic uncertainty will prevent them from making necessary cybersecurity investments.

This is particularly concerning for companies with fewer than 20 employees as the survey showed they were distinctly unprepared for remote working. Only 22% provided additional cybersecurity training prior to enabling remote working and just 33% provided “any cybersecurity training.”

“Now, more than ever cybersecurity affects the ‘business’ of nearly every company, not just in the U.S. but internationally,” said Kiersten Todt, managing director of CRI. “These are extremely challenging times for companies, especially small businesses, as revenue and resources are as unpredictable as they have ever been. However, cybersecurity investments aren’t always tied to dollars and cents. Several free tools, that focus on human behavior, offer important guidance on helping small businesses become more cyber ready. The best way to prevent the spread of COVID-19 is by doing the basics like washing your hands. Similarly, the cyber hygiene basics will go a long way in keeping small businesses resilient in this time of increased threats.”

Social distancing and quarantine orders have altered how business owners manage employees and interact with customers. It has made the reliance on secure communications and operations more important than ever. Yet, only 46% of business owners provide any training to help workers be cyber secure when working from home. The numbers dwindled down to 33% when looking at companies with fewer than 20 employees.

The Cyber Readiness Institute has outlined basic steps that are free and every organization can take to secure their remote workforce. Good cyber hygiene practices that focus on using secure passwords, ensuring that all operating systems are up to date, understanding tricks used by bad actors, and prohibiting the use of USB memory sticks can go a long way in preventing cyber-attacks.

Additional findings from the survey include:

Only 40% of small businesses have implemented a remote work policy focused on cybersecurity as a result of coronavirus (only 25% of those with less than 20 employees)
59% of small business owners said that some employees would be using personal devices when working from home.
55% believe that federal and state governments should provide products and funding for cybersecurity
51% said they provided their employees with technologies to improve cybersecurity for remote workers (only 34% for companies under 20 employees)

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.