How to secure network systems for small and medium businesses

However, recent research shows that nearly 46% of cyber attacks target SMEs. According to data from the World Economic Forum, 95% of cybersecurity incidents are due to human error.

According to Kaspersky’s 2022 IT Security Economics survey, which included interviews with more than 3,000 IT security managers in 26 countries, around 22% of data breaches at SMBs are caused by employees. Cyberattacks are responsible for a similar proportion. This makes employees at some point as “dangerous” as hackers, although most incidents are caused by carelessness or lack of awareness.

Employee actions can inadvertently lead to serious security incidents and impact the cybersecurity posture of SMEs. Some of the main reasons are:

• Weak Passwords : Employees using simple or easy-to-guess passwords make them easy for cybercriminals to crack, ultimately leading to unauthorized access to sensitive data.
• Phishing Traps : Employees may accidentally or unintentionally click on phishing links in emails, leading to malware infection and unauthorized access to the network. Most scammers can spoof email addresses that appear to belong to legitimate companies and send emails with attached documents or archives that are actually malware samples.
• Personal Device Use for Work Policy : Employees who regularly use personal devices to connect to the corporate network can pose a serious security threat if these devices are not adequately protected against cyber threats.
• Lack of patching: If employees use personal devices, IT teams may not be able to monitor the security of those devices or troubleshoot security issues. Additionally, employees may not regularly apply patches or updates to systems and software, leaving vulnerabilities that cybercriminals can exploit.
• Ransomware: In the event of a ransomware attack, it is important to back up data so that you have access to encrypted information even if cybercriminals have taken over your company's systems.

To help businesses feel truly secure about their company's cybersecurity situation, Kaspersky offers a number of recommendations:

• Use anti-phishing protection for endpoints and email servers to reduce the risk of infection via phishing emails.
• Take important data protection measures. Always protect company data and devices, including enabling password protection, encrypting work devices, and ensuring data is backed up.
• Even small businesses should protect themselves from cyber threats, regardless of whether employees work on company or personal devices. Kaspersky Small Office Security can be installed remotely and managed from the cloud, requiring little time, resources or specific knowledge to deploy and manage.
• Look for a solution tailored for SMBs with proven protection and simple management features, such as Kaspersky Endpoint Security Cloud. Alternatively, outsource cybersecurity maintenance to a service provider that can provide the right protection.