Cybersecurity is a critical concern for organizations, particularly in the face of the ongoing global pandemic caused by Covid-19. The abrupt shift to remote work, often referred to as the ‘new normal,’ has introduced information security risks associated with human factors. This includes both malicious actors and employees using the same platforms for information exchange but with vastly different intentions. Unfortunately, their actions can compromise information and computer security.
Criminals intentionally exploit systems to gain unauthorized access for personal gain, while employees may inadvertently make errors, leaving systems exposed and vulnerable. This study focuses on examining human errors influenced by actions, attitudes, and behaviors that impact overall information security. The research involved purposive sampling, with thirty small business managers participating. Data collection was carried out through a qualitative online survey using Google Forms, and the study employed thematic analysis.
The findings underscore the fact that recurrent human errors pose a significant threat to information security principles, rendering employees the weakest link. The study elucidates the risks stemming from employee actions, such as ignorance or poor decision-making, technical errors, and errors related to skills and policies. While recognizing that small businesses may not require a ‘one-size-fits-all’ security approach, the study offers recommendations to mitigate human errors and enhance cybersecurity.