First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Why CEOs of SMBs make easy cyber targets

Worried that junior- and mid-level road warriors might make your company vulnerable to a cyberattack? When it comes to digital security, your weakest security link is more likely to be a company leader, according to a new study.

In the C-suite, there’s often a significant gap between the real and perceived risk of cyberthreats, according to the Cyber Mindset Survey conducted recently by Keeper Security of 500 senior decision makers at small and midsize businesses.

For example, while more than two thirds (67%) of SMBs experienced a cyberattack in the last year, only a small fraction (7%) of CEOs, corporate chairs and owners think a cyberattack is “very likely.” Conversely, nearly half (43%) of top leadership believe an attack is “not at all likely” – higher than any other management group surveyed.

“If you don’t have a cybersecurity mindset at the top, you’re not going to have it at the staff or team level,” says Darren Guccione, CEO and co-founder at Keeper Security. “Cybersecurity software should run on every smartphone, tablet, computer for every single employee in the ecosystem of a business. That’s absolutely of paramount importance because it only takes one endpoint to be breached.”

“About 80 percent of all breaches are the result of weak password security,” says Guccione, referring to a Verizon data breach investigation from 2017. “Hackers know that many people use weak passwords across all of their applications, websites and systems.”

But many companies don’t prioritize password hygiene. Fewer than one in five (18%) companies that have been in business 10 or more years encourage or require employees to update passwords. And CEOs, chairs and owners were the least likely employees to know their own company’s password policies, according to the Cyber Mindset Survey.

Perhaps unsurprisingly, the study revealed some stark generational differences. Nearly one in three (32%) decision makers under age 34 understands that a cyberattack is “very likely,” compared to only 5 percent of respondents age 55 and older.

When asked about their feelings toward passwords, older decision makers were more likely to label them as “annoying” or “confusing.” And when asked to name effective data breach prevention methods, older decision makers often answered with variations of “keep sensitive documents in hard copy” or “don’t put important stuff online.”

Regardless of age or position in a company, every business traveler should follow these cybersecurity protocols:

  • Never use public Wi-Fi. Instead, use your phone’s personal hotspot, which is more secure.
  • When public Wi-Fi is the only option, use a virtual personal network (VPN) to encrypt your online activity.
  • Avoid sharing credentials and logins among multiple employees, especially passwords that are used across multiple platforms. About six in 10 people reuse the same password for all their online services.
  • Use a password security solution, which can be either a password manager for individuals or an enterprise solution.

“At the end of the day, cybersecurity should be part of an overall top-down corporate strategy that originates from the C-level,” says Guccione.

 

This article was written by Suzanne Rowan Kelleher from Forbes and was legally licensed through the NewsCred publisher network. Please direct all licensing questions to legal@newscred.com.

Subscribe for Insights

Subscribe