Cybersecurity. In recent years, this term has officially became a household name. Rarely does a day pass without news of a cybersecurity breach wreaking havoc on an organization and its customers or patients.
Luckily, these highly public breaches have led more small-mid size businesses to consider the threat that cybercrime may pose to their enterprise. In our experience, many of these organizations have a few misconceptions when it comes to developing a strong security posture. In order to defend themselves against the risks they face, organizations need to debunk these myths. Here are four of the most common myths:
1. “Our organization is too small to be targeted.”
With so many larger corporate targets out there, what’s the chance you’ll be be breached? Pretty high, actually.
For years the average American small business was an unlikely target for a sophisticated cyberattack. But advances in technology have allowed even the smallest of businesses to accept credit cards, and the barriers to entry for cybercrime have drastically decreased. Today, no business is too small to be hacked.
According to the Ponemon Institute's 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, 61% of small businesses experienced a cyber breach in 2017. Cybercriminals are opportunistic in nature. Why target a large organization with a high level of security when they can easily exploit many small to mid-sized organizations, and make the same amount.
Even if they don’t know or care about your business specifically, attackers are after your systems. Spammers may simply want access to your systems in order to send phishing emails. Botnet operators may want to use your machines to attack others. The fact is, if your business does anything digitally (which it likely does), you are a potential target.
2. “Our IT department takes care of our security.”
There is a tendency to primarily associate cybersecurity with technology, but a strong cybersecurity posture is about more than technology. While the IT department absolutely has an important role, everyone has a responsibility to maintain your organization’s security.
Everyone from the executive team to the janitor plays a role when it comes to cybersecurity. By developing a culture of security within your organization, you can decrease the risk that human error presents. Almost 90% of cyber attacks are caused by human error or behavior. If you assume that your IT department can handle cybersecurity on their own, you are only protecting against 10% of the attacks that will inevitably come your way. Formal policies and procedures should be developed, regular cybersecurity training should be provided to staff, and routine testing of your network should be conducted.
3. “We already have a firewall installed and use antivirus software. We’re fine.”
Again, technology is an important component of a cybersecurity program, but only in partnership with people and process. Antivirus and firewall technology may have been enough 20 years ago, but in today’s threat landscape they are not enough to protect your data on their own.
Most antivirus programs do a decent job of protecting against computer viruses, but can be hit and miss when it comes to the multiple other types of malware. A well designed firewall can provide significant protection from external threats, but the internal threat factor is still one of the most significant security flaws. Educating your employees about the importance of cybersecurity and how to spot potential threats is a critical component of cybersecurity.
4. “We don’t have the money to implement a cybersecurity program.”
This is one of the most common myths small-mid size businesses believe. While there is a cost to developing a cybersecurity program, the price of getting hacked and having sensitive data compromised is far greater. A data breach can lead to lost profits, damaged relationships with clients, and possibly force a business to close.
Implementing cybersecurity measures is a smaller investment than you probably think it is. At Breadcrumb Cybersecurity we understand the investment that you are making to secure your business. Located in Central California, we partner with organizations of all sizes throughout the US to protect their critical assets from cyber breach.
Investing in your security today could ensure your business is still here tomorrow. Contact us today for a no-obligation consultation.