Vulnerable to Cyber Crime–Survey Says Only 36% of Small Businesses Apply Security Updates

Ok, so this number is from a recent study in England, but I am willing to bet that the numbers are about the same in the U.S.

This study was reported by Sophos recently, and it supports my own observations of my own clients.  Not very many of my small business clients have a security policy that is followed by the workers in the company.  Most companies opt for convenience over security, and are using short, easily broken passwords, and using the same passwords across multiple systems and even multiple users.  We try to educate and encourage a stronger security policy with our clients, but too many companies believe that they are “too small” to be a target of a cyber attack.

If you are a small business owner, take a look at your business checking and savings account balances. How much money is it?  Are they in six figures?  Can your business line of credit be advanced using the same password you use for online banking? 

A cyber criminal using your banking logon credentials could transfer those funds into their own account and be gone before you know it.  Would the loss of those funds kill your business?  How would you repay the loan balance?

Those of us in the cyber-security business know that SMBs are being aggressively targeted by cyber-gangs simply because the money is good enough, and the security is poor enough, to make it worthwhile to try.

You simply owe it to yourself and your business to invite a security consultant to take a look at your operation and assess your vulnerabilities.  You might even want to engage a penetration testing or “pen-testing” firm to try and hack in from the outside just to see where the gaps are and provide you with some guidance on developing and implementing stronger security for your computer network. 

If you have locks on the doors, a security alarm, or a video surveillance system, you obviously appreciate the importance of physical security.  Do not neglect network security.  There may be more to lose in a well executed cyber attack than there would be from a physical theft.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.