SMBs Struggle to Bring Employees in to Handle Security, Data Privacy

SMBs Struggle to Bring Employees in to Handle Security, Data Privacy

By Greg Tavarez

Cybersecurity threats are increasingly prevalent and more dangerous than ever before in today’s technology-driven world. The risk of a security breach is a significant concern for businesses; it not only exposes confidential customer data and erodes trust, but also leads to revenue losses if critical systems go offline due to DDoS attacks.

SMBs and startups are particularly vulnerable to these threats. The impact of a breach on their operations is potentially devastating and addressing the issue can drain their resources. Companies must devote significant resources to maintain and update their systems, train employees on cybersecurity best practices, and deploy effective security software (which is often not an option for many SMBs and startups).

In fact, 42% of SMBs have one employee dedicated to security and 38% have zero employees dedicated to security, according to a DigitalOcean report. Those numbers (at least, in part) explain why SMBs have pain points when it comes to cybersecurity; more specifically, with the time and budget to manage that security.

And security isn’t the only concern for SMBs when it comes to lack of resources, though. The study also found that 74% of businesses say that data privacy is also a top concern for their business – as it should be. However, just like a decent percentage don’t have employees dedicated to security, a majority have zero employees dedicated to data privacy.

“The findings in this report show that SMBs have specific needs and pain points, particularly when it comes to hiring and having dedicated security employees,” said Tyler Healy, Vice President of Security at DigitalOcean. “Even without a traditional security role, there should be someone responsible for making security decisions in every organization; this kind of accountability is crucial.”

Still, even with resources being limited, there isn’t a lack of trying to take measures to prevent cyberattacks. In the report, more than half implemented two-factor authentication, 41% implemented firewalls or security applications and 37% implemented password or access controls.

And when it comes to data privacy, one area of focus for companies that want to ensure their data is protected and secure is reviewing the security and data protection policies of third-party vendors, which can include cloud providers and other technology vendors. According to the study, 62% request legal agreements, such as data protection agreements and privacy policies; 57% request regulatory requirements, such as GDPR, HIPAA or FedRAMP; and 29% request certifications, such as SOC and ISO.

Without dedicated cybersecurity employees, SMBs must act early and trust their vendors (including cloud providers and other security products) to maintain a secure environment in a changing threat landscape. Those that don’t, unfortunately, risk customer attrition, reputation damage and revenue loss.

“SMBs shouldn’t look to overcomplicate their security posture,” said Healy. “Choices to simplify security posture early can pay dividends as a business scales.”

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

MSP Expo Sponsor Wildix Launches E-Learning Platform

By: Greg Tavarez    6/24/2024

MSP Expo sponsor Wildix launched its new e-learning platform designed to enhance training and certification processes for MSPs and system integrators.

Read More

Strategizing to Strengthen Asset Intelligence Capabilities, Courtesy of Sevco Security and GuidePoint Security Partnership

By: Alex Passett    6/24/2024

Last week, a new strategic reseller partnership was announced between Sevco Security and GuidePoint Security.

Read More

SUSE Launches Cloud Elevate Program

By: Stefania Viscusi    6/24/2024

SUSE announced a new SUSE One Cloud Elevate Program, designed to empower SUSE One partners to sell SUSE's open-source solutions more effectively.

Read More

What You Need to Know About KnowBe4's New PhishER Plus Threat Intel

By: Alex Passett    6/20/2024

Renowned phishing awareness company KnowBe4 is rolling out additional features for its PhishER Plus offering - PhishER Plus Threat Intel packs one hec…

Read More

DataStrike Acquires MiCORE, Creating SMB Data Infrastructure Powerhouse

By: Greg Tavarez    6/18/2024

DataStrike recently completed the acquisition of MiCORE in a transaction that will form a large MSP specializing in data infrastructure services for S…

Read More