Cybersecurity for small business is critical to keep data safe. Here's a look at the top six security myths for SMBs.
Have questions about cybersecurity for small business? You're not alone: Many SMBs struggle to balance security spending against the demands of long-term business strategy. But here's the cold, hard truth: Half of all small businesses have been compromised in the last year. So it's worth taking a look at some of the most popular disinformation making the rounds. Here are the top six SMB cybersecurity myths, debunked.
1. Small Businesses Aren't Targets
The big lie. As noted above, small businesses are regularly targeted by hackers and hacking groups. Why? According to Kim Albarella, ADP's senior director of security awareness, "Small businesses are generally seen as easier targets to hackers because they are more likely to spend less on cybersecurity measures." This makes SMB networks the ideal testing ground for hackers — successful attacks grant them access to potentially valuable data, and their efforts often go unnoticed.
2. "Small" Means "Safe"
This dovetails with myth No. 1, the idea that because your business is small, your data isn't worth anything to hackers. Here's the problem: The rise of big data and the proliferation of mobile devices virtually guarantees that you're storing some information — from personal details about consumers to payroll information for employees — that hackers can sell on the darknet. Albarella puts it simply: "To a hacker, any information is worth stealing."
3. Money Is the Motivation
The narrative is heard so often that it's easy to believe the myth: Hackers are just in it for the big payday. But as Albarella notes, "Not all hackers are trying to steal your or your clients' money." The rise of "hacktivist" groups and nation-state actors means that if you deal in sensitive or confidential information, attackers may want to deny access to it, make it public or leverage it for political purposes.
4. Anti-virus Is Enough
Regularly updated, cloud-based anti-virus and anti-malware programs are enough to protect SMB networks and data, right? Not quite. According to a tip sheet produced by the Federal Communications Commission (FCC) on cybersecurity for small business, it's also critical to leverage firewall technology, control physical access to computers and create permission-based profiles for all employees to reduce the impact of cyberattacks if your network is compromised.
5. Good Infosec Is Expensive
So isn't solid cyberdefense prohibitively expensive? It makes sense: If enterprises are spending big money on cutting-edge automated and intelligent solutions to combat cybercriminals, how can SMBs hope to compete? According to Albarella, however, "By simply training the staff you already have on hand on preventative measures, you can proactively work against cyberthreats." This means educating staff about basic cybersecurity hygiene including regularly changing passwords, not opening unsolicited email attachments and recognizing the symptoms of malware — like reduced computer performance or strange program behavior — so they can alert IT staff.
6. The Need for Cybersecurity Stops at Your Server
Once your cybersecurity is sorted out, vendors and third parties can fend for themselves, right? Not exactly. A few years ago a major hardware retailer suffered a breach in third-party point of sale systems. This led to massive data compromise and IT headaches. Any company with even peripheral access to your network needs to follow a set of shared security guidelines since, as Albarella points out, "A breach in a third-party's system could cause you just as much damage as if it was your own."
Small business cybersecurity is no myth — nor is it impossible to achieve. Separate fact from fiction to build a solid security foundation. Knowing you've taken measures against risk means you have more energy to focus on building your business.
Stay up-to-date on all the latest trends and insights for business owners: Subscribe to our e-newsletter.
SIGN UP FOR THE THRIVE NEWSLETTER