Odds are good that many small-to-medium businesses (SMBs) are about to get a rude wakeup call now that many of their employees might be working from home for the foreseeable future.
In the wake of the COVID-19 pandemic, organizations of all sizes quickly transitioned to working remotely from home. In all probability, many employees might never return to the office as organizations look to reduce costs by not renewing leases for office space.
The trouble is that most of the leaders of SMB organizations don’t fully appreciate the risks organizations now face. A survey of 507 senior decision-makers at companies with 500 employees or less conducted by Alliant Cybersecurity finds about a fifth (22%) agree that their organization transitioned to remote working without putting in place a clear policy to mitigate or prevent cybersecurity attacks. More troubling still, 13 percent said their organization was not prepared to work from home securely.
Furthermore, 10 percent of respondents agreed they’re scared that it will only be a matter of time until their organization experiences a cyberattack. In addition, 17 percent said they felt their organization was operating at an increased level of risk, and 13 percent said they are aware their organization has already experienced at least one cyberattack.
Interestingly, the Alliant Cybersecurity report notes that over half the respondents said their organization did not allow for regularly working from home prior to the pandemic. Despite that, most respondents said they are either very confident (45%) or somewhat confident (45%) in their organization’s ability to mitigate cybersecurity threats.
Differing perspective from cybersecurity professionals
While that vote of confidence might be appreciated by IT professionals, a recent survey of IT and cybersecurity professionals published by Barracuda Networks finds that nearly half (49%) said they expect to see a data breach or cybersecurity incident in the next month due to remote working. An almost equal number (46%) said they have already encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown.
Sadly, the Alliant Cybersecurity survey also finds only 21 percent of respondents agreed their organization needs to invest more in security, with 24 percent planning to create a cyberattack response plan. A quarter (25%) said they implement clear remote work policies to secure their business from cybersecurity threats.
From a cybersecurity perspective, the Alliant Cybersecurity survey results are disheartening at best. Many SMB executives are clearly whistling past the proverbial cybersecurity graveyard. Savvy IT and cybersecurity professionals may be hoping for the best but privately are preparing for the worst. More than a few are probably considering career moves. When the senior leadership of an organization doesn’t appreciate the level of risk, it makes it difficult for IT and cybersecurity professionals to emotionally rally to combat every threat. There’s a sense of inevitability that ultimately destroys morale.
Of course, there will inevitably be a few high-profile attacks involving SMBs that will focus the minds of business executives. Truth is, most SMB executives are quietly hoping it won’t be them that winds up serving as an example of not what to do. Most cybersecurity and IT professionals are actively praying for the same thing because when all is said and done many are likely to be taking the blame — of them fairly or not.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.