SMBs Struggle to Bring Employees in to Handle Security, Data Privacy

SMBs Struggle to Bring Employees in to Handle Security, Data Privacy

By Greg Tavarez

Cybersecurity threats are increasingly prevalent and more dangerous than ever before in today’s technology-driven world. The risk of a security breach is a significant concern for businesses; it not only exposes confidential customer data and erodes trust, but also leads to revenue losses if critical systems go offline due to DDoS attacks.

SMBs and startups are particularly vulnerable to these threats. The impact of a breach on their operations is potentially devastating and addressing the issue can drain their resources. Companies must devote significant resources to maintain and update their systems, train employees on cybersecurity best practices, and deploy effective security software (which is often not an option for many SMBs and startups).

In fact, 42% of SMBs have one employee dedicated to security and 38% have zero employees dedicated to security, according to a DigitalOcean report. Those numbers (at least, in part) explain why SMBs have pain points when it comes to cybersecurity; more specifically, with the time and budget to manage that security.

And security isn’t the only concern for SMBs when it comes to lack of resources, though. The study also found that 74% of businesses say that data privacy is also a top concern for their business – as it should be. However, just like a decent percentage don’t have employees dedicated to security, a majority have zero employees dedicated to data privacy.

“The findings in this report show that SMBs have specific needs and pain points, particularly when it comes to hiring and having dedicated security employees,” said Tyler Healy, Vice President of Security at DigitalOcean. “Even without a traditional security role, there should be someone responsible for making security decisions in every organization; this kind of accountability is crucial.”

Still, even with resources being limited, there isn’t a lack of trying to take measures to prevent cyberattacks. In the report, more than half implemented two-factor authentication, 41% implemented firewalls or security applications and 37% implemented password or access controls.

And when it comes to data privacy, one area of focus for companies that want to ensure their data is protected and secure is reviewing the security and data protection policies of third-party vendors, which can include cloud providers and other technology vendors. According to the study, 62% request legal agreements, such as data protection agreements and privacy policies; 57% request regulatory requirements, such as GDPR, HIPAA or FedRAMP; and 29% request certifications, such as SOC and ISO.

Without dedicated cybersecurity employees, SMBs must act early and trust their vendors (including cloud providers and other security products) to maintain a secure environment in a changing threat landscape. Those that don’t, unfortunately, risk customer attrition, reputation damage and revenue loss.

“SMBs shouldn’t look to overcomplicate their security posture,” said Healy. “Choices to simplify security posture early can pay dividends as a business scales.”

Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

Say Goodbye to Passwords: 1Password Unveils Two Passkey Innovations

By: Greg Tavarez    6/9/2023

1Password now offers customers the ability to save and sign into online accounts with passkeys as well as unlocking 1Password accounts with a passkey.

Read More

Industrial Cybersecurity Transformed: Secureworks Launches Integrated MDR Solution for OT and IT

By: Greg Tavarez    6/8/2023

Secureworks announced two new offerings to unify the way industrial organizations prevent, detect and respond to threats across the OT and IT landscap…

Read More

K8 Notifier: A New Twist on Cloud Cybersecurity

By: Matthew Vulpis    6/8/2023

K8 Notifer can create a suite of alerts for MSP to detect suspicious activity in the configuration and patterns of their and their customers cloud ser…

Read More

Impossible Cloud Paves Way with New Program in the Web3 Era

By: Greg Tavarez    6/8/2023

Impossible Cloud's Partner Program allows partners and resellers to seamlessly implement, demo and integrate its efficient, performance-driven solutio…

Read More

CrowdStrike Empowers Next-Gen Cybersecurity with Generative AI

By: Stefania Viscusi    6/8/2023

Security company CrowdStrike unveiled Charlotte AI, a new generative AI cybersecurity that will help to democratize security and empower users of the …

Read More