Let’s face it: employees can be a weak link in your business’ security. Human error accounts for 80 percent of company breaches, showing that the security industry and businesses have a long way to go to educate employees on security awareness.

In the spirit of National Small Business Week, a time to reflect on the contributions of America’s small business owners, we wanted to share three key ways you can help employees be aware of security risks. It all starts with having a plan in place.

1. Create security plans that fit your SMB’s needs
How should an employee handle a phishing attempt? What are employees supposed to do when a data breach occurs? What workplace topics are appropriate to post on personal social media accounts? The answers to these questions should be available to employees to reference when a security risk arises. It is important to have a social media policy, data breach preparedness plan or processes in place, but many organizations are lacking in this area. According to SocialMedia Today, more than one-third of businesses do not have a social media policy. Additionally, more than half of U.S. SMBs experienced a data breach in 2012, but only 12 percent had a breach preparedness plan in place. The first step in achieving security awareness is creating a prepared and organized security plan.

2. Educate employees and make security plans easily accessible
The next step in integrating security awareness into your company culture is educating employees on how to handle security risks. Training and education are vital to protecting your business from outside – and inside – threats. As the average annual cost of SMB cyber attacks in 2010 was $188,242 according to Symantec’s “Should Small Business Worry About IT Security,” your business cannot afford any weak links in the security chain.

3. Enforce plans, but be approachable
Many employees are nervous to bring up security questions or issues because they are afraid of getting into trouble. Always tackle security awareness and policy enforcement with an approachable attitude. The worst thing that an employee can do is stay silent when there is an issue.

On June 10^th, we will be hosting a webinar on how SMBs can better protect against financial and reputational risks. Check out the cyberSAFE webinar blog post for more information and to register! As always, you can let us know what you think about SMB security awareness on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.