Key Insights for SMBs from the 2023 Cybersecurity Attitudes and Behaviors Report

In an era where digital connectivity weaves through the fabric of our daily operations, the essence of cybersecurity has never been more critical. The evolution of technology, while a boon, also paves the way for sophisticated threats in the cyber realm.

Often, the weakest link in the cybersecurity chain is not the technology itself, but the actions or inaction of individuals. The 2023 Annual Cybersecurity Attitudes and Behaviors Report by the National Cybersecurity Alliance and CybSafe starkly highlights the vital need for Cybersecurity Awareness Training, particularly for small to medium business (SMB) owners keen on fortifying their digital defenses.

Frequently, our vulnerability to cyberattacks or online scams stems from our own actions. Risky behaviors encompass weak passwords and relaxed security protocols, along with the notion of “It won't happen to me.” This underestimation contributes to human error being accountable for roughly 88% of data breaches.

Surveying over 6,000 individuals across a broad spectrum of nations, the report unveils that an overwhelming 93% of respondents engage with the online world daily. This engagement includes managing multiple “sensitive” accounts, those teeming with personal information that, if compromised, could have devastating consequences. Alarmingly, nearly half of these individuals juggle ten or more such accounts, often reusing passwords, significantly elevating their risk profile.

Despite the widespread acknowledgment of online security as a priority (84% of respondents), frustration and intimidation in managing cybersecurity effectively are common sentiments. This combination of high-risk behaviors and a sense of helplessness against cyber threats underscores the pressing need for comprehensive cybersecurity training.

However, this shouldn't lead to lowering your guard and making yourself a vulnerable target. Implementing proven best practices can effectively protect your online accounts.

These include:

• Enabling multifactor authentication on all accounts.
• Implement an email spam filter to catch phishing emails.
• Add a DNS filter to block malicious and prevent access to harmful websites.
• Adopt strong passwords and management policies.

The report points out a glaring gap: only 26% of respondents had access to cybersecurity training, with even those employed often finding such resources scarce. This is particularly concerning for SMBs, where the impact of cyber threats can be disproportionately damaging. Cybersecurity Awareness Training emerges not just as a tool, but as a critical investment in safeguarding the future of these businesses.

The report further segmented the data by employment status, revealing that individuals not currently employed are the most underserved group. However, even among the employed, there's a significant need for increased access and motivation for training. Only 53% of employed respondents reported having and utilizing access to cybersecurity awareness training.

Employers who champion cybersecurity training significantly bolster their defenses against data breaches, turning their workforce from potential vulnerabilities into the first line of defense.

The training isn't just about mitigating risks; it's about fostering a culture of security that permeates every aspect of business operations.

The landscape of cybercrime is evolving, with over a quarter (27%) of individuals surveyed in the report admitting to being victims of cyber-related offenses. The diversity of these cybercrimes is broad, encompassing:

• Phishing attacks (47%) showcasing the prevalent risk of deceptive emails designed to steal personal information.
• Online dating scams (27%) highlighting the emotional and financial vulnerabilities faced by individuals seeking connections online.
• Identity theft (26%) underscores the severe implications of personal data breaches.

The report further reveals an intriguing generational divide in cybercrime victimization, with Millennials reporting the highest incidence of such crimes. In contrast, the older demographics, including Baby Boomers and the Silent Generation, reported significantly fewer instances. This data points to the shifting targets of cybercriminals and the varying levels of digital literacy and vulnerability across generations.

This increasing trend in cybercrime reporting underscores the universal importance of adopting robust cybersecurity best practices, regardless of one's generational affiliation.

In the following sections, we'll delve into actionable strategies and best practices that individuals and organizations can implement to enhance their digital security posture.

Cybersecurity isn't just a technical challenge; it's a business imperative. The insights from the report illuminate a clear path forward:

• Start off by creating strong and unique passwords for each of your online accounts.
• Mix upper and lower cast letters, numbers, and symbols to make your passwords harder to guess.

• Strengthen your account security by turning on multifactor authentication where available.
• MFA adds a vital extra layer of protection, securing your accounts even if a password gets compromised.

• Keep all your software and applications updated regularly, including your operating systems on desktops, laptops, phones, tablets and other devices.

• Exercise caution with links or attachments in emails from unfamiliar senders.
• Always verify the authenticity of emails and websites, looking for signs like misspelled URLs.
• Adopt a trust-no-one approach and practice thorough due diligence before sharing any personal or financial information.

• Ensure you're connecting to secure, password-protected Wi-Fi networks.
• Avoid performing sensitive operations over public Wi-Fi networks unless you're using a VPN for protection.

• Make it a habit to back up essential data to an external drive or a cloud-based service frequently.

• Install and trust antivirus and anti-malware software on all your tech devices.
• Schedule regular scans to identify and neutralize potential threats.

• Periodically check and adjust your social media privacy settings.
• Keep your personal information private and out of the public eye as much as possible.

• Use strong passwords or biometric solutions to lock your personal devices securely.

• Engage in cybersecurity awareness training to keep yourself and your team informed and prepared, fostering a culture of vigilance and proactive security measures.