A recent survey conducted by Avast found that nearly 40 percent of employees at small businesses think they would be held personally responsible if they accidentally clicked on a malicious link that led to a data breach.
The fact that many employees think they would be held responsible suggests they may keep quiet about potential cybersecurity risks rather than notifying their workplace experts.
The survey, which focused on cybersecurity awareness levels among small business employees during the pandemic, also found that more than 70 percent of respondents thought that external cybersecurity threats were bigger than ones within the organization.
In addition, less than 18 percent of small business employees know that ignoring updates on applications leaves their organization vulnerable to a cyberattack. This lack of cybersecurity awareness was particularly common among government and public sector employees, who said they rely on their IT department to tell them when to update trusted applications.
The survey also found that more than 65 percent of respondents think that large businesses are more likely than small ones to be the victims of a cyberattack. This suggests small business employees are not aware that theirs are among the most vulnerable organizations, which could lead them to let their guard down online.
Avast noted that the survey's findings show that small businesses need to be better about sharing information with employees: clear policies for employees; consistent communication about the latest phishing campaigns and how to spot them; and letting employees know that they will not be blamed for a mistake.
Avast surveyed 2,016 office workers in the U.K and U.S. for its findings. "40% of small business employees worried they'll be blamed for data breaches at work" securitymagazine.com (Dec. 30, 2020).
So, the question for our readers is: Do you think your employees would avoid reporting a cyber threat to IT because they're afraid of being blamed for a breach?
Please take the poll. Here is an opinion of one of the McCalmon editorial staff:
Jack McCalmon, Esq.
An open dialogue about cybersecurity is important to limit risk. A technique we like to use is if a person receives a suspicious email, to notify everyone and to have others help determine if it is phishing. Another technique is to do a simple search of phishing scams similar to what you may have received or to just be safe and delete the message.
You can answer our poll. Please note any comments provided may be shared with others.