New research reveals some worrisome patterns and practices specifically linked to data security in small- and medium-sized businesses. Given that year-over-year cyberattacks on small businesses are up nearly 425%, and that 62% of small companies lack adequate in-house cybersecurity expertise, leaders have legitimate cause for concern. Among the most glaring security issues from the study of 4,000+ SMBs are:
1) Poor patching practices. While automated updates have improved the process, smaller firms routinely struggle to keep pace with critical software updates. Seventy-five percent of vulnerabilities uncovered have been unpatched for at least a year, oftentimes, much longer. Updating embedded open-source software proved especially challenging for SMBs, according to the study.
2) Outdated OS. Sixty-six percent of SMBs’ devices were running expired versions of the Microsoft operating system or versions set to expire by January, 2020.
3) Encryption issues. Forty-two percent of security vulnerabilities found were tied directly to misconfigured encryption protocols.
4) Antiquated email servers. One-third of email servers from the study were running Exchange 2000, which Microsoft ceased supporting a decade ago.