1. Only larger organizations are being targeted.
Why would any hacker want to focus on targeting a small business? This myth originates from the thinking that smaller companies have fewer resources and less money, so they’ll be pushed aside as attackers go after the larger businesses. In fact, as long as a business has a digital identity, they’re a valuable target. A recent Ponemon Institute study actually found that 55 percent of SMB respondents have experienced a cyber attack in the past year, and another 50 percent have experienced a data breach involving customer and employee information.
For a hacker, SMBs are seen as tempting and easy targets because less is being done to protect their data, and they generally don’t have the resources to fight back. This is why it’s dangerous to assume that cybercriminals will ignore a company simply because of its size. Every business is a potential target, therefore every business needs the proper defenses.
2. I don’t have any important information worth stealing.
It may not always seem like it, but every business has data worth stealing. This could include information about clients, employee records, financial details or more, all of which are useful to cybercriminals in some way. Another Ponemon Institute study sponsored by IBM found that the average cost per lost or stolen record is $158. It doesn’t seem like a lot, but this number grows quickly once you steal them by the hundreds.
Also, it may not be the company’s data that a hacker wants, it could be the computer itself. Any device that can connect to the Internet is an opportunity for hackers, and because of that, automated bots are constantly scouring the Web for vulnerable computers and networks. This proves that it’s not just a matter of protecting a business’ information, but their endpoints as well.
3. Security technology alone will keep me protected.
I’m sure you’ve heard this one many times before: “But I’ve got antivirus, I’m protected!” When businesses rely entirely on a sole security program that’s supposedly bulletproof, they’re placing too much trust in a single line of defense. It’s been found that signature-based antivirus solutions detect on average less than 19 percent of malware threats. While implementing this software is a necessary first step, it clearly isn’t enough, and the best protection is delivered through a multi-layered solution.
Also, it’s important to remember that not all threats are external. Careless employees can fall victim to phishing scams or even bring unsecured devices into the workplace, causing them to pose as much of a threat as cybercriminals. This is why education is a critical component to IT security, and yet another point that illustrates why businesses can’t just rely on software to keep them protected.
Overall, suffering an IT security incident is not a question of if, but when. No matter how extensive a business’ network security is, attackers will get through at some point. The best thing a business can do is to make it as difficult as possible to infiltrate their systems and develop an effective incident plan for responding and recovering after an attack occurs.
Did you know that 79 percent of small businesses do not have an incident response plan? Without one, businesses may never be able to fully recover when a security incident becomes a reality. These types of plans are essential to a robust IT security strategy because they act as specific, step-by-step guides detailing how organizations should respond to a disaster situation or incident. SMBs don’t always have the proper personnel or bandwidth to set up and execute on these plans — but that’s where they can turn to an MSP.