According to the U.S. Small Business Administration, small businesses make up 99.9% of all U.S. businesses. What’s more, Utah has been credited as the most pro-small business state in America, thanks to our state’s pro-business initiatives and support systems. Each month, the Salt Lake Chamber will highlight a small business in Utah to emphasize its importance in our economy and encourage local support.
Security is a vital piece of the business puzzle. Most companies focus on two main security tracks — keeping the physical space safe and having administrative protocols in place. They use locks, key cards and cameras to ensure physical safety, and they have administrative structures and HR to keep everything else in check. But according to Matt Groves, founder of Wasatch Security Awareness, there’s a third player in the security game that often trips businesses up: technical security, which includes IT infrastructure and digital defenses crucial for shielding against cybersecurity threats.
“That’s where our lane is — we fill in the gap between physical and administrative,” Groves said. “Because HR often doesn’t know what to train employees on, and the technical end of security can make it really hard for the end users.”
Groves explained that the end users — your company’s employees — are an essential part of cyber security. That’s because employees are both the biggest target and the best defense against a cyber attack. Verizon’s 2023 Data Breach Investigations Report found that 74% of all breaches include the “human element,” whether by human error, privilege misuse, stolen credentials or social engineering. That’s why Groves created Wasatch Security Awareness, a small business dedicated to helping businesses teach their employees to be smarter than the digital threats they will inevitably encounter.
“The vision is to help fill the security void and educate,” said Groves. “We want to help businesses and their employees learn to create a culture of security.”
When Wasatch Security Awareness works with businesses, they use a simple process to ensure each organization gets the personalized education they need. First, they collaborate with management to create a human intelligence training plan for employees. Next, Wasatch Security will create a customized “spear phishing” email test that mimics sneaky techniques used by cybercriminals. For example, the test email may look like a request for sensitive company information from the business’s CEO, but if the employee carefully looks at the sender’s email address, they will notice that it isn’t correct. The test determines how many employees are being mindful of subtle security threats. Based on the results, Groves and his team then provide customized training to help users improve.
“I love the training aspect. I love being in front of people and helping them understand and learn,” Groves said. “My favorite part is seeing them improve, especially when we test them again and they recognize the threat, when they say, ‘No! I’m not falling for that this time!’”
Since its inception, Wasatch Security Awareness has tested and trained over 100,000 people across a variety of business sizes and industries. No matter what kind of company, though, statistics show that the training is essential for keeping their business safe. Groves shared the overall results from Wasatch Security’s first time spear phishing test:
- 24% of employees clicked a link inside a spear phishing email.
- 19% of employees entered a username and password.
- 18% of employees clicked or entered information using a mobile device.
Groves explained that this type of training and testing is especially important for small businesses, as they are often bigger targets to cybercriminals. As a small business owner himself, Groves is particularly passionate about keeping small and local businesses secure.
“Small businesses are what America is built on. There are more small businesses than medium and large businesses combined,” Groves explained. “Unfortunately, they are also the target of the bad guys, because there are more of us out there. That’s why our main goal is to help small businesses stay safe.”
When asked what he would suggest to small businesses looking to amp up their cybersecurity, Groves had three pieces of vital advice: Use two-factor authentication, a password manager and a separate guest network for personal devices.
“Luckily, there are some things businesses can do on their own that don’t cost a lot of money,” Groves said. “It’s just a matter of policy.”
For those interested in learning more about improving cyber security in their own businesses, Groves is presenting at the Salt Lake Chamber’s “Cyber Security Training for Business” event on February 29th. Register for the event here.
Wasatch Security Awareness is a small business dedicated to helping businesses of all sizes improve their cyber security. Click here to support their small business.