How SMBs Ensure Employees Support IT Security

When TSL Tech Research asked IT professionals at small and medium-sized businesses (SMBs) what recommendations they had for helping employees support cybersecurity, conducting regular security awareness training came out on top. Of the companies surveyed, 38% chose employee security awareness training as the #1 recommendation. 

• 38% 

Chose conducting regular security awareness training as the #1 recommendation 

This finding makes sense considering the risk employees create when they don’t know how to handle sensitive data or recognize suspicious emails. Employees become an internal threat when they expose the companies they work for to a breach because of negligence.  

With regular security awareness training, employees become a first line of defense for SMBs instead of a vulnerability. 

Top Recommendations to Help Employees Support IT Security 

TSL Tech Research surveyed more than 450 IT professionals at SMBs in our IT Security Insights Survey. We asked them what they recommend as the #1 way to help employees support IT security. 

The results were as follows: 

• 38% Conduct regular security awareness training 

• 22% Multi-Factor Authentication (MFA) enforcement 

• 13% Simulated phishing attacks 

• 10% Teach email & website verification skills 

• 9% Clear IT security policies & best practices 

• 6% Incident reporting & response training 

• 3% Secure remote work & BYOD Training 

Key Takeaways: 

Not only was conducting regular security awareness training the top recommendation for making employees a security asset, but many of the other responses related to security training for employees. Running phishing attack simulations, teaching email and website verification, and conducting secure remote work and Bring Your Own Device (BYOD) training are all ways to boost employee security awareness. 

Security Awareness Training for Employees at SMBs 

SMBs can turn their employees into security assets by focusing on teaching their staff to recognize and respond to cyberthreats, such as phishing, malware, ransomware, and social engineering.  

The results of the survey emphasize that security awareness training needs to be conducted regularly. Effective security awareness training programs use interactive, ongoing training that includes simulated attacks to measure progress and identify which employees need additional reinforcement. Regular training ensures that employees adapt to emerging threats as the risk landscape evolves. 

What these Findings Mean for IT Service Firms 

With regular employee security awareness training ranking as the #1 recommendation for SMBs, managed service providers (MSPs) that provide cybersecurity services and managed security service providers (MSSPs) should promote their ability to develop and conduct security training classes.  

IT service firms can also emphasize their partnerships with human risk management providers, such as KnowBe4, a top creator of security training content and software, and Huntress, a leading security awareness training company. 

Even the lower ranking results provide opportunities for IT service firms to market their managed security services to SMBs. MSSPs may offer virtual CISO (vCISO) services for developing security strategies that increase employee accountability and setting security controls. Managed IT providers should also create campaigns that promote their identity access management (IAM) capabilities, such as MFA, and Mobile Device Management (MDM). 

Reducing Internal Risk for SMBs 

TSL Tech Research is dedicated to conducting original online research that helps IT service providers more effectively attract and engage companies. We also help match companies with their ideal managed IT service provider.  

Armed with our findings, MSPs and MSSPs can develop marketing strategies that resonate with SMBs by addressing their need for security awareness training and helping them reduce the internal risk created by employees. 

Want to uncover more IT security insights? Reach out to TSL Tech Research to conduct a survey or work with us to design your own.