Cyber attacks have been increasing for a number of years, with remote and hybrid working accelerating this trend. While organisations are gradually waking up to the threats (through measures such as Cyber Essentials) there are still cyber security myths that small business need to correct urgently. With our five myths, we demonstrate how you can improver you cyber security defence:
1. Small businesses aren’t a target for cyber attacks
This common cyber security myth needs debunking immediately. Most small and mid-size companies think they are not visible enough to be the target of an attack. The reality is that hackers don’t care how big your organisation is. Yes, highly-sophisticated attacks will target high profile and large organisations. But most cyber attacks work at volume rather than sophistication. And that’s if they’re targeted at all: some viruses spread via victims’ email contact lists or data. So cyber criminals won’t know – or care – who is affected. So cyber security measures need to be in place, no matter the size of the business.
2. Having anti-virus software is enough
Anti-virus software is an essential part of keeping IT systems safe. But it only protects against certain kinds of threats. In fact, cyber criminals often assume anti-virus measures are in place, so try to deploy malware in ways that your anti-virus wouldn’t be able to recognise or stop. So don’t rely on anti-virus alone – have multiple defending options such as a firewall, anti-ransomware, proactive threat detection, as well as staff security training.
3. Only IT needs to worry about cyber security
Your IT partner or department may be very good. But they can’t stop all user negligence or malice. Each individual in a company is responsible for cyber security, from employees to senior and executive teams. All company employees need to be trained adequately to spot signs of avoidable cyber threats, such as downloading malware through emails and unsafe websites. And training needs to be tailored to the types of risk experienced: finance departments need to be trained to spot invoice spoofing, while marketing needs to know how to handle data safely, for example.
4. Small business cyber security threats are only external
Most people think that cyber threats only come from outside. Wrong. The ICO reports that approximately 90% of data breaches are the result of human error (i.e. your staff). And a Verizon report suggests that one in five cyber threats are internal. This could be a discontented employee, an ex-employee with a grudge, a mistake by an employee or misuse of work equipment (see more about shadow IT). This is where effective IT security training and robust IT policy are key.
5. Your system is fully secure
You can never be 100% sure about your cyber security – ever. Just because you have invested in sophisticated cyber security solutions doesn’t mean you cannot be hacked, or that someone inside your organisation won’t make a mistake. New security threats emerge every day, sometimes in the most mainstream of software. Continuous management of your IT (such as Akita’s Proactive Support) is required to minimise risk.
In addition, periodic cyber security audits can assess how well your IT systems and policies protect your small business. The investment is always less than the cost of being a victim.
To find out more about our Cyber Security services: