5 Misconceptions about Cybersecurity and your Business

Cybersecurity is one of the hardest variables to control as an IT provider in a business environment, as user error becomes more prevalent across businesses everywhere. Unfortunately, many SMBs who work with managed service providers like Partek (MSPs) assume they are safe and protected and are therefore not taking proper precautions. As an IT professional who understands the threat landscape and the risks that exist, we work to provide the necessary security services while simultaneously empowering our clients to take preventive measures into their own hands.

Many small-and-medium-sized businesses (SMBs) are not hyper-aware of IT security prevention best practices. Therefore, they are under the misconception that they shouldn’t be too concerned about their businesses, leading them to object to having an MSP on their side. Having that frame of mind is risky, which is why we’ve listed below 5 misconceptions about Cybersecurity you and your business should be aware of.

 

1. My IT Team Has Me Covered

Be aware that you may not have all of the services and solutions offered to you in your arsenal to protect you from the latest threats. This may be due to a variety of reasons, but often is due to budget. It’s important as business owner in today’s tech climate to understand what risks are out there, and how to protect yourself. For example, do you know how vulnerable your business currently is? Are you aware of the latest cyber-threats, such as Business Email Compromise (BEC), or how easy it is to hack personal computers that may have access to company data (watch how easy it is for this hacker to gain access to a personal computer). Make sure you learn some basic cyber-security measures you can implement on your own in your business today, such as understanding the difference between weak and strong passwords.

 

2. “I don’t have the budget for all of the security I need.”

If you run a smaller business, then you are understandably very budget-conscious and may presume that you don’t have enough wiggle room to add robust cybersecurity services to your stack of “IT needs”. The truth is quite the opposite –  paying for strong cybersecurity services is a tiny fraction of the cost it would take to recover from a cyberattack.

Cyberattacks now cost companies about $200,000 on average. That’s more than enough to put a small company out of business—and that’s the average cost of just one attack.

It is a stressful and necessary task to put together a budget for a business, but cybersecurity must be prioritized. The alternative is potentially losing the business altogether.

 

3. “My data is not important to the Bad Guys.”

It’s easy to fall under the notion that only large companies have data that’s worth stealing, or that they would never target a business in Southern Alberta. That’s far from the truth. Whether it be employee records, information about clients, or financial details, every business has valuable data The important thing to remember here is that hackers don’t necessarily want someone’s info; they want to act on how important that info is to a business. In other words, they want to hold data ransom until they are paid big bucks to get it back.

Ransomware continues to surge in popularity, and the ransoms are only getting higher, with average payments around $178,000—an increase of 60% quarter over quarter, and reports say that ransom attacks are happening every 14 seconds.

It’s important to note that ransom payments is not the only point of concern here. What will it cost your business to go without access to your data or systems should you get breached.  Can you survive five days without access to your data? Even five hours? Many businesses don’t understand the significance of a Ransomware attack and the potential ramifications.

 

4. “A cyber-security attack won’t happen to me.”

No one wants to believe they are going to be the victim of an attack. SMBs may think that they are less vulnerable to a cyberattack because they are not big or well-known, but as long as a business has any sort of digital footprint, they are considered a target.

A recent study published by Ponemon Institute found that 66% of SMBs worldwide reported a cyberattack within the previous year. That’s a scary stat and a number that is sure to continue rising.

The harsh reality is that we are all vulnerable, and we all need to put the proper cyber defenses in place to protect ourselves.

 

5. “My firewall (or other technology) is enough to protect me.”

Businesses who rely too much on a single piece of technology to keep them protected play a dangerous game. The average hacker is in a network for 197 days before attacking. Your antivirus alone is not going to get the job done.

Instead, you require a combination of a layered security stack,  professional security services, AND employee best practices in order to truly protect your business. It’s important to understand what you are responsible for as a business owner, versus what your IT provider is responsible for versus what your software / hardware can and can’t cover.

Finally, once your business makes it super difficult for anyone to infiltrate your system, you also need to have an incident response plan in place to help mitigate and recover from an attack.