The COVID-19 pandemic rushed employers to send employees home to work remotely. Work environments became more digitalized very rapidly, and IT budgets increased to better protect businesses against increasingly sophisticated cyber attacks.

As large, well-known tech companies, like Kaseya, Uber and Microsoft, became victims of attacks, SMBs grew increasingly concerned about their own cyber security effectiveness. After all, their resources aren’t nearly what these large brands have at their disposal. Confirming that lack of confidence, ESET revealed in its 2022 SMB Digital Security Sentiment Report that almost three-quarters of SMBs say they are more vulnerable to cyber attacks than larger enterprises.

SMBs place viruses, malware, web-based attacks and ransomware as their top security concerns for the next 12 months. The top factors impacting the risk of a cyber attack in the next 12 months, in their perspective, include a lack of employee cyber awareness, continued hybrid or home working, and cloud migration.

Remote and hybrid work, while convenient – and productive – for most, does come with its security risks if companies don’t take appropriate measure to mitigate them. As employees work from anywhere, it is difficult for IT teams to monitor the networks employees use to connect. To add to the complexity, employees often use personal devices – even more than at the office – and IT teams are forced to trust that they will keep those devices and any saved company data secure.

For a variety of good reasons, businesses have continued the cloud migration trend. However, as that happens, as applications and data are transferred to the cloud, security blind spots can form. Therefore, careful planning is a must. Businesses need to make sure data is backed up, APIs are secure and regulatory and compliance requirements are met, just to name a few precautions.

Once in the cloud, employers need to make sure employees are aware of cyber security protocols. Training needs to be provided to give employees the tools and awareness they need regarding potential threats, especially in the form of phishing. Businesses also need to provide employees with IT support to avoid security risks – implementing MFA and password managers is a start.

Basic cyber security practices can help, but implementing them is a challenge in itself. A budget is required, and almost half of SMBs say they are limited in budget or simply do not want to invest in cyber security.

The mindset of the 50% is a double-edged sword. Sure, it costs money to implement effective cyber security measures, but constant cyber attacks potentially affect the budget and brand reputation – with an even greater long-term effect financially.

“SMBs are not investing enough in cyber security solutions, services or employee awareness,” said Ryan Grant, vice president of sales for ESET North America. “Many are not following basic cyber security best practices, such as using multifactor authentication, updating software regularly and conducting regular cybersecurity audits.”

It is essential for SMBs to invest to improve their cyber security postures as larger enterprises and governments do. If not, they can expect to have to deal with successful attacks over the coming months.  They simply have to invest the budgets dollars. However, expertise is a different issue altogether. Most SMBs also don’t have the IT expertise to manages security effectively, which is why so many MSPs have invested in their own cyber security services and stand ready to take on that challenge on behalf of SMBs.