Internet security is one of the biggest challenges most businesses face today. With so many facets and risks, how much do you really know about the security market? Can you distinguish between a half-truth and a real threat? Cyber awareness should be a part of every employee’s onboarding training when joining a new company since this area of business is where you are most likely to be breached. Here are seven misconceptions you might have about cyber security.
1. Criminals don’t target SMEs, cyber security is only for big businesses
It is this way of thinking that makes SMEs more prone to cyber-attacks. You become less vigilant which results in less internal education around the risks as well as a lack of investment in cyber security software that would otherwise help prevent or identify cyber threats.
Some questions you have to ask yourself is: “How important is my business’s information?”, “What is the implication of this information leaking?” and “What am I willing to pay to get access back to it?” It isn’t about outrunning the bear; you just have to make sure that you’re ahead of everyone else its chasing. Cybercriminals rely on automated systems and processes. In many cases they are unaware of the size of your business, they’re only interested in how they can breach you and what they stand to gain from it.
2. A ‘strong password’ is sufficient to keep my business safe
Strong password practices are a great foundation and forcing them to be changed regularly is even better. However, this is only the start since like everything else in the world, hacking software is evolving. They are becoming increasingly smarter and more efficient by the day. This malicious software is capable of trying millions of different password combinations in the space of a few seconds.
The correct combination could be only seconds away, investing in solutions that make multi-factor authentication possible is the best way to go. There are however two sides to the coin. In this case it is equally important to exercise stricter control of internal information in terms of who has access to it. This is a concept often referred to as ‘Zero Trust.’
3. Anti-virus software is adequate protection for my business
While anti-virus software is incredibly important to safeguard your business against specific threats, it doesn’t protect you against everything. You can compare it to taking insurance against theft in your home. You might think that you’re adequately covered, but then the oven stops working or the foundation on a major wall collapses. Since you didn’t have comprehensive insurance, you’ll be getting quite a hefty bill.
Just like with insurance, ensuring you have a complete security solution is essential. These days ‘anti-virus’ is substituted for ‘anti-malware’ since cyber-attacks come in a variety of shapes and forms. Anti-malware software in combination with ongoing internal training for employees is a good place to start in terms of preventing cyber-attacks.
4. The IT department has it ‘under control’ and will take care of security
This is a cyber security favourite. The IT department is an integral part of any business, whether they are a third-party or a handful of employees coordinating your business’s assets. Part of their responsibility is to ensure that there is a cyber protection strategy in place and that policies are implemented, monitored and reviewed regularly. However, IT specialists are different from cyber security specialists.
Without getting into too much detail, these roles should actually be separated considering how much responsibility and knowledge is associated with each. Imagine for a moment the risk of emails, a critical business tool that almost all of your employees have access to. On average they will spend 70% of their day using it. In most cases, all it takes is one tired employee who isn’t paying attention to click a phishing link and expose your business to a very serious cyber security threat.
5. I outsource it, so I don’t have to worry right?
Do you understand all the cyber security risks that exist and their potential threats to your business? How are they being address? Most large businesses don’t have an answer to this question, so we can assume that it would be near-impossible for SMEs to have one.
Similar to the IT department, there is only so much an external supplier can control. Just because they are responsible for implementing and reviewing cyber security policies doesn’t guarantee your business’ safety. What internal measures are you taking to ensure the necessary security and protection of critical data is in place?
Does your external provider follow best practices, or are they simply looking to check the box and relinquish themselves of responsibility if something were to go wrong?
6. Cyber security threats are only external to my business
In IBM’s 2020 Cyber Security Intelligence Index, it was highlighted that roughly 64% of cyber attacks businesses have suffered are a result of internal threats. External cyber security threats are of a real and serious concern but SMEs need to consider that their biggest weaknesses are often internal.
Disgruntled employees or even curious ones who wonder what is on a stray USB stick they found could compromise your business’s security. As a business it is your responsibility to put measures in place to monitor activity and protect against malicious activity, internal or external.
7. Cyber security is too expensive and cumbersome to manage
Just like with any other business function be it Operations or Marketing, you have to sit and consider what is at stake when you don’t implement certain procedures. In terms of cyber security, you need to analyse what you stand to lose, the impact on the livelihoods of the people you employ, the reputational damage against your brand, legal fees, fines for non-compliance and more. After all this, most businesses realise how affordable and critical cyber security solutions really are.
There are cyber security solution providers who make their offering more affordable. Their models are adapted to keep the SMEs wallets in mind. Providers who offer subscription models and monthly payment plans are an incredibly viable option. Often times, during cyber security assessments operational procedures are drastically improved. This leads to substantial cost saving wherein cyber security ends up paying for itself.
Cyber security is here to stay, and it is becoming increasingly more advanced every day. Ensure that you do your utmost to secure your business against a potential cyber security attack. Educate your employees to be as vigilant and aware as possible. Ensure that you understand as many cyber security risks your business may face as possible and how you would respond if they were to happen. Remember, it isn’t about outrunning the bear, its about making sure you’re faster than everyone else its chasing. If your business takes the necessary steps to ensure its bases are covered, your chances of being breached are significantly lowered.
Thuthukani Technology Solutions is a proud National Partner of the NSBC