After years of warnings about new types of cyberattacks, we might have become hardened to the real threat still lurking out there. Many small business owners and CEOs believe certain myths about cybersecurity, myths that, if left unchallenged, can damage a company’s reputation and operations.
The following are common cybersecurity myths that need to be dispelled:
1. IT is responsible for cybersecurity, not me.
An organisation’s IT department is responsible for safeguarding all business-related electronic devices. That means your IT team must handle all cyber threats themselves.
I’m afraid not. Each member of the organisation has a responsibility to remain aware of these threats and to take all measures to thwart them.
This responsibility can be shared by creating a “cybersecurity employee handbook.” This handbook can outline security policies that all employees must follow, including:
- Passwords must be highly secure
- Protocol for email security
- Best practices for handling sensitive data
- The rules of social media and internet access
It’s crucial that “everyone in your company understands the dangers [of cyberattacks] and knows what to look for” in emails.
2. Our passwords won’t get hacked.
Jumbling together numbers, letters, and symbols drastically reduces the likelihood of a password being “cracked.” But with advanced software, any short password can be cracked.
At a minimum, experts recommend using a password with 16 characters, including numbers, letters, and symbols. It’s important to avoid using words or proper nouns in the password, as these can be easily guessed by hackers. A complex password can be difficult to remember, so it’s recommended to use a password management app to keep your passwords organised and secure.
In addition, small businesses should consider implementing two-factor authentication. This additional verification step requires entering a security code sent to an employee’s phone or app. This makes it harder for hackers to break into your system, even if they have managed to hack your password.
3. Basic anti-virus software is all the cyber-protection we need.
It’s a common misconception that basic antivirus software can protect against sophisticated cyber attacks. Instead, business security solutions should cover endpoints, firewalls, network connections, emails, and more. It’s also important to have backup and disaster recovery solutions to mitigate any potential incidents.
4. Hackers are after the “big guys,” not us.
Small businesses are not immune to cyber attacks, and hackers often target them due to their lack of funding and resources to fight cybercrime. According to StationX, almost 50% of small and mid-sized businesses worldwide experienced a cyber security incident in the past year. An estimated 90% of cyber security breaches worldwide occur in small businesses.
5. Cyber threats only originate outside of a business.
Business leaders should not assume that cyber threats only originate from outside the workplace. Insider threats, such as disgruntled employees with access to sensitive data, can pose as much of a risk as external threats. Ongoing education and training can help minimise this threat from within.
No matter the size or industry, every business is a potential target for cybercriminals. Implementing complex passwords, two-factor authentication, and other cybersecurity resources can help minimise the threat to your business.