It has taken a while – and plenty of unnecessary security incidents – for SMEs to realise that cyber security needs to be high up on the agenda.
The idea that hackers are not interested in a business because it is small, just isn’t true – it isn’t about whether the data is valuable to a hacker, it is about whether the data is valuable to you. Plus, bad actors often target smaller companies because they might have fewer security measures and are therefore very easy to take down.
In this blog, we will debunk some of the most common cyber security myths…
Download our FREE ebook on cyber security for small business owners.
Hackers only target big companies
As we discussed above, small businesses are certainly of interest to cyber criminals. In fact, small businesses are sometime even more tempting because hackers know they are more likely to have weaker security measures.
We don't have anything worth stealing
If your business is worth something to you, it is worth stealing. Hackers might be interested in your valuable data or customer records, but they are certainly interested in the idea that you will spend large chunks of money retrieving this data should it be stolen.
Antivirus software is enough
While antivirus is important, it alone isn’t sufficient to block sophisticated, modern-day attacks – such as phishing, ransomware and social engineering. Additionally, antivirus is now sometimes behind the curve as it relies on updates to block new attacks, whereas something like EDR uses AI to remain one step ahead of the hackers.
Cyber security is too expensive
Cyber security measures can seem complicated and expensive – but basic security practices like using strong passwords, enabling multi-factor authentication, achieving cyber essentials and keeping software updated can provide significant protection at very little cost.
My team would never fall for a scam
Social engineering and things like spear-phishing (a targeted type of phishing attack) are carefully designed to trick even the most tech-savvy employee. Regular training for staff enables them to become familiar with the sort of tricks hackers use.
A cyber attack wouldn’t put us out of business
In reality, many small businesses will struggle to recover from a cyber attack. The scale of the financial losses, reputational damage and legal consequences can be devastating.
Cloud services keep us safe
It’s true that while cloud services help – and cloud providers implement security measures – businesses are still responsible for the security of their own accounts. That means carefully managing access and using best practices like encryption and strong authentication.
We’ll know right away if we’re hacked
Unfortunately, it is sometimes really hard to tell if you’ve been hacked. Cyber attacks are often stealthy, and many businesses don’t realise they’ve been compromised until it’s way too late. Some breaches might go undetected for months.
Compliance equals security
Obviously following regulatory compliance (like GDPR) is important, but it doesn’t mean your business is fully secure. Compliance is a baseline, not a cyber security strategy.
Insurance will cover everything
Cyber insurance can help mitigate losses, but it doesn’t prevent the attacks in the first instance. And, it doesn’t cover all damages. Prevention is always better than relying solely on insurance – and having to deal with the mess of a cyber security attack.
As an IT support provider, partnering with hundreds of SMEs, we have seen firsthand what happens when cyber security is not a priority.
We have rescued several businesses from ransomware and phishing attacks. As a result, we now offer a cyber security service that locks down devices, proactively protects and uncovers any suspicious behaviour before it is too late.
Find out more about Resolve Cyber Security, here: https://resolve.co.uk/services/security/cyber-security/
