Years of warnings about new types of cyberattacks might have hardened us to the real threat still lurking out there. Certain myths about cybersecurity persist among some small business owners and CEOs—myths that, left unchallenged, can wreak havoc on a business’s operations and reputation.
Here are common cybersecurity myths that need debunking:
-
Cybersecurity is IT’s responsibility, not mine.
Safeguarding the use of all business-related electronic devices falls under the purview of a company’s IT department. Does that mean your IT team is left to handle any and all cyber threats on their own?
The answer is no. Everyone in the organization shares responsibility for maintaining awareness of these threats and doing all they can to thwart them.
One option for sharing this responsibility is the creation of a “cybersecurity employee handbook.” This handbook can outline security policies all employees must adhere to, including:
- High-security password requirements
- Email security protocol
- Sensitive data best practices
- Social media and internet access rules
As we’ve noted before, it’s crucial that your entire team understands the dangers [of cyberattacks] and knows what to look for in emails and elsewhere.
-
Our passwords won’t get hacked.
It’s commonly believed that jumbling together numbers, letters, and symbols sharply reduces the likelihood a password can be “cracked.” In fact, the use of advanced software can render any short password susceptible to hacking.
A strong password relies upon length for relative invulnerability. Experts recommend a password of 16 characters at a minimum, with a combination of numbers, letters, and symbols—no actual words or proper nouns!—that discourages hackers in search of easy passwords to crack.
Of course, complex passwords are difficult to remember. That’s why according to Dataprise, your business should consider the use of a password management app “to store and manage your different passwords [and] help you keep organized in a secure fashion.”
To further bolster security, the use of two-factor authentication is also strongly recommended for small businesses. This additional verification step requires entering a security code sent to an employee’s phone or through an app—the result being that a password alone, if hacked, won’t get the criminals any closer to breaking into your system.
-
Basic anti-virus software is all the cyber-protection we need.
It’s no longer true, if it ever was, that one-size-fits-all anti-virus software can effectively protect against sophisticated cyberattacks.
To counterattack this potential weakness, notes StrategicRISK, business security solutions “should cover your endpoint, firewall, network connections, email and more,” along with backup and disaster recovery solutions that “mitigate any potential incidents.”
-
Hackers are after the “big guys,” not us.
This may be the single most pervasive cybersecurity myth out there. It’s widely assumed that digital bad actors only target large corporations because the potential payoff is much greater than with smaller businesses. Sadly, this assumption is wrong.
Hackers frequently go after small companies, based on the premise that these businesses have devoted less funding and resources to fight cybercrime.
Statistics concerning cyberattacks and small business, according to StationX, are sobering: Across the world, almost 50% of small and mid-sized businesses “experienced a cyber security incident in the past year,” and an “estimated 90% of cyber security breaches worldwide occur in small businesses.”
-
Cyber threats only originate outside of a business.
Some business leaders might cling to the belief that the threats to cybersecurity only originate outside of their workplace. Once again, this false belief doesn’t address potential threats from within.
“Insider threats pose as much concern as external threats,” notes the Business Magazine, “sometimes more because they’re difficult to protect against.” A disgruntled employee with access to sensitive business data is a real risk, as are employees who through carelessness or inattention expose a business to cybercrime. Ongoing education and training can help minimize this dire threat from within.
Regardless of size or industry, every business represents a possible target for cybercriminals. Education, complex passwords, and other cybersecurity resources can help minimize the threat to your business.
