Cybersecurity is often treated like the vitamin of the IT world: businesses know they should have it, but it’s easy to forget, and owners find it hard to justify the cost of preventive maintenance while they’re dealing with existing problems. In short, it’s viewed as a ‘nice-to-have’ rather than a ‘must-have’. Part of the reason for this is the plethora of misconceptions and myths that exist about cybersecurity. Enjoy this infographic of common cybersecurity myths, and read below for the truth about each one.
Myth #1: My business is too small to be targeted by criminals
Reality: Small businesses accounted for 43% of data breach victims last year (Verizon).
Being small doesn’t make you less of a target; in fact, it could even have the opposite effect. Because of this false belief, most small businesses owners don’t invest in cybersecurity protections, and have no plan in place for what to do when an attack does occur—and criminals know it. Small businesses can be seen as easy pickings. Keep in mind, too, that when—not if, but when—you suffer a cyberattack, recovery is harder for small businesses. About 60% of small business victims go out of business within six months of experiencing a breach. That’s a hefty price to pay for not being prepared!
Myth #2: Strong passwords are enough to keep my data safe.
Reality: Two-factor authentication and data monitoring are also needed.
Two-factor authentication (2FA) adds another layer of protection to your accounts. Even if a hacker is able to guess or crack your password, unless they also have the second factor (whether your phone, other device, or security question answer), they can’t gain access to your personal data. Active data monitoring is also essential, especially when we’re talking about businesses. You’re responsible for not only your own information and that of your employees, but also that of your customers. Data monitoring can detect and alert you to attempts to breach your network.
Myth #3: Anti-virus software will keep my business completely safe.
Reality: Software can’t protect against all cyberattacks.
This isn’t bot warfare. Human criminals are at the other end of cyberattacks, and (unfortunately, in this case) we have yet to design a computer that can match human ingenuity. Just as a hacker’s arsenal is varied, so your defense mechanisms should be, too. A strong cybersecurity defense takes a combination of tools and people. A team with eyes on your network 24/7 can detect and thwart attempts to crack your network, keeping your data safe.
Myth #4: As long as my Wi-Fi network has a password, it’s secure.
Reality: Any Wi-Fi network can be compromised, even with a password.
Most new routers come with encryption enabled by default. Of these, WPA2 or WPA3 are the most secure options (although many routers do not yet support WPA3). If your router is more than three or four years old, you don’t have access to the most secure versions of encryption and hardware. The old adage “if it ain’t broke, don’t fix it” leads many business owners astray; just because it’s not broken doesn’t mean it works well. An updated router means faster Internet speeds, better security, and improved productivity for your business. Even if you have a new router and the best encryption, the #1 failure when it comes to Wi-Fi is that users leave the default network name and password. This makes the network and its password incredibly easy to hack; it’s like putting a heavy-duty padlock on your door, but not actually shutting it.
Myth #5: Cybersecurity threats are only external.
Reality: Insider threats are just as likely, whether from human error or malicious intent.
In fact, IBM found that human error accounted for one-quarter of data breaches in 2019. Much of this human error can be attributed to employees falling prey to phishing attacks and inadvertently giving criminals access to your systems. Many people tend to think of phishing as being obviously scammy, like the infamous ‘Nigerian prince’ ploy. However, phishing can be incredibly sophisticated and hard to catch, which leads to our next myth.
Myth #6: Annual employee security awareness training is sufficient.
Reality: Regular phishing exams and training prepares employees to recognize attacks.
Criminals change their tactics often, and they love to take advantage of big news items that affect many people—such as the ongoing COVID-19 pandemic. Your employees need cybersecurity awareness training at least quarterly, but preferably monthly. Some companies, like Knowbe4 or Ninjio, offer brief, trackable training videos for your team so you can make sure everybody is staying up to date. The human element of your team is the most vulnerable, and the hardest to control; do what you can to strengthen your human firewall against cyberattacks.
Myth #7: I’ll know right away if my business is hacked.
Reality: Modern malware is stealthy and hard to detect.
A study by IBM found that on average, it took 206 days to identify a data breach—and 73 days to contain it. The cost increases to match; a data breach could cost your business hundreds of thousands—or even millions—of dollars. It’s no wonder most small businesses don’t survive a data breach.
Myth #8: Cybersecurity is solely the IT department’s responsibility.
Reality: Every staff member should be familiar with good cybersecurity practices.
This goes back to Myths five and six; if one of your human team is untrained or unprepared for attacks, your whole organization could be at risk. SOCBOX conducts phishing campaigns for organizations to test their team’s defenses and the effectiveness of their training. We also support awareness training programs, and can conduct customized cybersecurity workshops with your team.
A complete cybersecurity defense is a strong defense
Clearly, a one-size-fits-all solution or single approach isn’t enough to keep your business safe. A complete cybersecurity defense includes software, people, and education. At SOCBOX, we use a combination of all three to defend organizations from cyber breaches. Our team of cybersecurity experts, aided by an arsenal of best-in-class tools, monitors environments 24/7 for any signs of attack. We also offer phishing tests, awareness training, and education workshops to train your team into a human firewall for your organization. Reach out to us or call us at 877-284-7789 today to see how we can protect your business.