Cyber Readiness Institute: Small Businesses to Become Hot Target for Hackers during COVID-19 Pandemic

A company”s perception of the importance of cybersecurity depends on the size of the business, new research shows. Small businesses are less apprehensive of cyber attacks than bigger organizations, and according to one study, cybercriminals may soon set their sights on smaller entities with their guard down.

89% of small businesses are moving to a remote workforce during Covid-19 stay-at-home orders, according to a survey of 400 small business owners conducted by the Cyber Readiness Institute (CRI).

The researchers found businesses with fewer than 10 employees differed sharply from larger businesses in the importance they give to cybersecurity. The smaller the business, the less it focuses on cybersecurity.

31% of small business owners with fewer than 10 employees said work-from-home orders have increased their cybersecurity concerns. That number shoots up to 41% for companies with more than 10 employees. Not exactly a huge gap. But more granular questions reveal bigger discrepancies.

For example, the lower levels of concern for micro-businesses also equates to much smaller investments in cybersecurity. Only 45% of small business owners with fewer than 10 employees have increased time, money or human capital investments as it relates to cybersecurity. For businesses with more than 10 employees, that number is 80%.

More than half of small business owners with more than 10 employees have increased cyber education over the past two month, as opposed to just 22% of those with fewer than 10 employees.

Other key findings include:

• 49% of small businesses will maintain at least a partial remote workforce after Covid-19 restrictions are lifted.
• 62% of small business owners support tax incentives or federal grants for cybersecurity investments.
• Password management and phishing attacks are the top two concerns of nearly half of all small business owners.
• 35% of small businesses with fewer than 10 employees have no incident response policy.
• More than 42% of businesses have provided additional password training or policies over the past two months.
• 30% of small businesses have used new free cybersecurity tools since work-at-home orders began.
• 25% of small business owners anticipate hiring new cybersecurity staff or consultants over the next six months.

“For malicious actors looking for vulnerable targets, small businesses remain a primary target, particularly during the Covid-19 pandemic,” said Kiersten Todt, executive director of The Cyber Readiness Institute. “Small businesses can make themselves resilient against common attacks, such as phishing, by focusing on employee education and awareness and creating a culture of cyber readiness within the organization.”

The Institute has outlined basic steps that every organization can take to secure their remote workforce, including best cyber-hygiene practices that focus on using secure passwords, patch management, and understanding the tricks bad actors use to penetrate an infrastructure.