It is very easy to become a cyber security ostrich. Put your head in the sand and believe that hackers will just go away. We become secure in the thought, “what I don’t see can’t hurt me”. But like everything else in life, the more you are aware of what is happening around you, the more likely you are to avoid having a problem. Below are some cyber security myths that may be putting your small business at risk.
We don’t have anything that a hacker would want.
You might be surprised what hackers want and why small and medium businesses are such a tempting target for them. It’s no longer bright teenage kids sitting in their basements hacking for fun you need to worry about. Some of today’s hackers are state sponsored, military grade, professionals. Others are organized crime, both domestic and abroad, who encrypt your data for a living. And they know that small businesses are easy targets. Why? Because they know you’re unlikely to have up-to-date cyber protection tools in place or a full-time staff of IT professionals working to lock down your network.
I have a firewall, that is all the protection I need.
Everyone needs a firewall, but that is only the first line of defense. Think of using just a firewall as locking the front door but leaving your back door and all your windows unlocked.
Basic firewalls just block certain ports coming into your network but are usually not configured correctly to close other important ports. More advanced firewalls scan the traffic coming in and out looking for misbehavior and can block suspicious traffic from other countries. The problem with relying solely on your firewall for protection is if the data is encrypted, it can’t read it. Cybercrime is an ever-evolving beast, and your protection strategy needs to evolve with it. You need to employ as many tools as you can and update frequently.
Adding security protocols is too expensive.
Yes, adding security to your network has a price associated with it. But what is the cost of a breach to your network? If you get ransomware, you’ll most likely end up paying the ransom to get your data back. You’ll have to enlist the help of a cybersecurity professional to perform forensics to uncover the depth of the breach, retrieve as much lost data as possible, and deploy the tools needed to prevent it from happening again.
There are other costs associated with a breach as well. You’ll need to contact your customers to inform them of the breach and how it may have impacted them. There may be compliance issues to deal with. But perhaps the biggest cost of all, is the cost to your reputation. Will your customers continue to trust you with their data? Will potential future customers have confidence in your security?
The sad fact is almost 60% of small businesses who experience a data breach, close shop within 6 months*. Don’t become one of those sad statistics.
Multi-Factor Authentication is too hard.
Any time security is added to your systems, there will be some loss of ease of use. The same holds true for multi-factor authentication (MFA). Instead of just using your username and password to login to your network or applications, you’ll need to verify your identity using your cellphone or a key fob. But it’s not as cumbersome as you might think.
You’re already used to keeping your mobile phone and keys close by. It takes just a couple of seconds to approve the login and you’re ready to work. Trust me, after a few days of doing this, MFA becomes second nature. And what’s a few seconds of time when you consider the benefits. Microsoft reported that MFA can prevent over 99% of compromise attacks. That’s a pretty good return on investment on your extra few seconds of time.
You may be wondering what happens if you forget your phone or keys. How will you login to your systems? Not a problem. Your IT provider can simply give you a temporary access code until you have your MFA device back in your possession.
My antivirus software will keep all malware off my computers.
A few years ago, a good antivirus software gave you good protection. Today, antivirus helps, but when was the last time you heard of someone getting a computer virus. The computer industry has advanced from antivirus to endpoint protection. Traditional antivirus software uses signature technology (think of it like a fingerprint) and the antivirus manufacturer must have seen this virus in the past. If it is new, it will slip right through. Endpoint protection software uses artificial intelligence to see if there is misbehavior happening on your computer and to stop the bad program from running. This significantly reduces the chance that ransomware will encrypt your computers.
Cybercrime has changed at a rapid pace and will continue to do so. Security breaches are in the news every day. Putting your head in the sand won’t make it go away. Putting cybersecurity tools and processes in place will greatly minimize your risk of loss when hackers come for you.
Eric Olmsted
CEO, On Line Support
