There isn't a lot of margin for error in cybersecurity. One outdated application, incorrect router configuration or mistakenly downloaded email attachment can precipitate a significant breach of your SMB. The WannaCry ransomware that swept the world in 2017 showed how a small oversight can lead to big problem; in that case the infection of thousands of PCs due to them simply running a legacy version of the Server Message Block protocol.
Staying safe requires being able to distinguish truly effective cybersecurity practices from ones that simply waste your time without providing real protection. To help you make this distinction, we've put together a list of some of the biggest myths in SMB cybersecurity so you're not caught off guard.
Myth #1: I only need to worry about professional cyberattacks
More than half of the SMBs surveyed for the 2017 State of Cybersecurity in Small & Medium-Sized Businesses report said some of their sensitive data had been exposed in a recent incident. The leading cause? "Negligent employees," who were cited by 54 percent of survey takers.
This result indicates that sometimes – to borrow the lingo of thriller movies – the call is coming from inside the house. Mitigating the risk of insider threats, whether malicious or accidental, requires a mix of modern cybersecurity tools, processes and training, including but not limited to a security information and event management (aka SIEM) platform, intrusion detection/prevention systems and advanced access controls requiring multiple factors instead of just passwords.
Myth #2: My organization is too small to ever be targeted
When news of security breaches breaks, it often pertains to major attacks affecting many thousands if not millions of records. Naturally, a lot of these incidents involve major companies, like big box retailers or massive healthcare conglomerates.
It can be easy for SMBs to think, in this context, that they're not at risk. That isn't the case, though. The 2018 Data Breach Investigations Report from Verizon found that 58 percent of all breaches involved SMBs. Cyberattackers often go after SMBs because they're relatively soft targets, without the extensive security infrastructure or large teams to continually guard against evolving threats.
Myth #3: It's simply too expensive to keep our security technology up-to-date
Cybersecurity has a reputation for being expensive. Solutions like SIEMs, next-generation firewalls and endpoint detection and response can take a big chunk out of the typical SMB's budget, especially given how little growth there's been on that front in recent years.
However, there are plenty of options for cost-effective yet robust defense. Working with a managed service provider (or managed security service provider), leveraging cloud-based solutions and collaborating with contractors can all curb the costs of cybersecurity, either in absolute terms or by spreading them out so that there's much less of an upfront burden.
Myth #4: I can stay safe with nothing more than antivirus software
Antivirus (AV) software is the most famous cybersecurity solution, probably because it's something many consumers have experience with. AV provides important defense against known threats - it scans for them using a signature database.
At the same time, AV isn't as effective against threats like ransomware, rootkits and keyloggers. Dealing with these problems requires other tools and processes, which an experienced partner can help select and implement based on your existing network and IT environment.
Building a better defense against security threats
Modernizing your cybersecurity can seem like an insurmountable obstacle, but it doesn't have to actually be one. To find out more about how our team can put your IT security strategy on better footing through a gamut of service offerings that best suit your existing IT environment, reach out today.