With all the focus on cyber security for businesses in the past few years, there’s a lot of good information about how to protect yourself and your company from the risk of a security breach. Unfortunately, there’s also a lot of bad information circulating, and it can sometimes drown out the facts. Here are 12 common myths to avoid:
- The right software will solve your problems. A good suite of software is an essential part of your cyber security strategy, but that’s all it is – a part. Cyber security is not a set it and forget it process. You need experts to be able to monitor, analyze, react, and adapt to threats in your system, and while machine learning is getting better all the time, software alone can’t cover every aspect of your needs.
- Cyber security is IT’s job. Speaking of needing experts, there’s more: even if you managed to hire cyber security specialists (people in this field are in short supply,) a solid IT team is not enough to protect your organization against a security breach. Today, proactive defense is much more effective than reactive, as malware takes moments to do serious damage rather than hours or days. That means educating end users and consistently enforcing a security policy in all aspects of your business’s operations.
- Attackers don’t go after SMBs. Data breaches in giant organizations like Yahoo! and Deloitte make the headlines; a local boutique shop or a regional manufacturing company don’t. But that doesn’t mean that small and mid-sized businesses aren’t getting attacked. Believing you’re a small fry that no one will fish for can lull you into a false sense of security – don’t fall into that mindset.
- External attacks are the only concern. One reason not to let your guard down is that it’s not necessarily the stereotypical hacker breaking through your firewall that you have to worry about. Many breaches happen because the opportunity is there. For example, if someone from HR leaves their workstation unattended and an unauthorized person accesses employee records, that’s a data breach just as much as someone in another country downloading your entire customer database.
- No one wants your data. This is another mentality trap that some SMBs fall into – after all, who cares about insights into a bicycle repair shop’s operations? Or a small customer service provider? But your data is more valuable than you think. You have sensitive employee records, customer payment information, purchase logs, and more that are extremely valuable to the right buyer. Plus, they’re valuable to you, and ransomware can hold your data hostage until you pay up.
- Onboard device security is enough. The Internet of Things has been growing as networked smart devices make their way into homes and businesses. Some of these devices are shipped with some level of manufacturer-implemented security measures, but most aren’t – and even onboard security can be basic at best. Your convenient digital assistant may not be the only one listening to your commands and questions, which should be more than an incentive to prioritize security for all devices.
- You can always tell if your device is infected. Can you imagine what malware looks like on your computer? Maybe it’s being overwhelmed by pop-ups, or programs crashing, or being suddenly locked out and not knowing why. These types of malware still exist, and they’re frustrating, but they’re much more easily diagnosable than the malware that lurks below the surface of your daily device usage. Think keyloggers or malware that quietly duplicates your files and sends them to an unknown computer – you may never find out about them until it’s too late, at which point the damage is already done. The difficulty of solving security breaches reactively is why being proactive about your security is vital.
- If you’ve secured your business, you’re safe. You may have educated yourself about cyber security in years past, keeping your company under lock and key; unfortunately, you may not be secure even then. A third party data breach, where an external vendor or service provider’s access into your network is compromised, was behind the infamous 2013 breach of Target’s systems. You may not have direct control over the security measures of the companies you do business with, but you can set restrictions on access for anyone who fails to secure their systems sufficiently.
- Your password is strong enough. You probably know better than to use your birthday as your password, but even passwords you believe to be secure aren’t enough any more. Software powered by machine learning can throw thousands of password combinations at an account until it arrives at the correct one by happenstance, so make sure that your password isn’t the only thing guarding your data. Enable multi-factor authentication wherever possible for better security.
- Digital and physical security are separate. No, data security isn’t just protecting your digital assets. What about your servers, your hard drives, your manila folders? Pay attention to your cyber protection policies, but don’t think for a moment that physical security has lost any significance.
- Getting hacked is embarrassing. As recent data breaches have shown, a breach in security can set companies reeling in the aftermath, but trying to cover up the entire incident is a recipe for disaster. Unless you’ve been completely negligent in your security measures, don’t be ashamed of a breach, just get started on solving the problem. That means informing victims of lost or stolen records, restoring systems, and improving your security going forward.
- Cyber security is expensive. Sure, securing your company’s technology requires an investment, but you should stop thinking about it as an expense. Securing your data, devices, networks, and more should be understood as something that your business needs to operate, not an extra cost.
Don’t fall victim to misinformation about cyber security, because it could mean falling victim to a breach. Learn what your business needs to know about cyber security with our free guide: The Business Guide to Cyber Security