Paul Rosenthal, founder and CEO of online encryption specialist, Appstractor Corporation, takes a look at the five most common myths and misconceptions held by SMB owners when it comes to online security and encryption, and why these thoughts are putting them at risk.
High profile cases in the media have made many business owners and executives aware of the threats posed by cyber criminals. But for SMBs, the threat can easily feel like something only experienced by large corporations with billions in revenue, or governments with highly classified and sensitive documents.
In reality, SMBs are under just as much risk as bigger businesses, if not more so, and the misconception that cyber security isn’t a priority is the very thing putting them at risk.
When it comes to online encryption and cyber security, there are several common myths and misconceptions that have crept into the mind set of SMBs which, if not rectified, could see them becoming victims of cyber-attacks and their businesses irrevocably damaged.
- “We are too small to be targeted” – although large businesses are still hit most by cyber-attacks, more than a quarter (27 per cent) of smaller businesses suffered from cyber-attacks in the last 12 months – according to the 2018 Hiscox Cyber Readiness Report, with 51 per cent of these being hit more than once.
Small businesses that don’t bother to deploy security or online encryption software make it easy pickings for cyber criminals and, as the business grows and expands, not having the proper cyber defences will only make them a bigger and easier target.
- “We don’t have anything worth stealing” – underestimating the value of assets is another stumbling block for SMBs. Many are exploited by cyber criminals to gain access to bigger organisations that the SMBs support, so protecting customer data is just as important as protecting their own. No matter how small the organisation, there will be plenty of sensitive documents and personal information hosted either on-premises or in the cloud that make SMBs a prime target for cyber criminals.
- “There is no commercial benefit to deploying cyber security” – although integrating a cyber security programme is a cost, it is far more expensive to gamble on a company never being affected. The commercial benefit comes from being able to protect your own and, in extension, your customers’ data, as lost data can mean lost customers. Cyber breaches cost UK businesses £29 billion in 2016, a figure that will no doubt rise if businesses continue to dismiss its importance.
- “We have nothing to lose” – one of the biggest costs of cyber breaches for businesses, minus the financial aspect, is the damage it brings to brand reputation. This is especially important for SMBs, as building reputation is a key part in their service offering and what will help distinguish them from large corporations. But customers will have a hard time trusting to do business with someone they think can’t properly handle and protect their data.
- “My anti-virus software will keep my data safe” – although many anti-virus products have been able to keep up with the increased sophistication of cyber-attacks, the software can only protect businesses against one form of attack. Because cyber-attacks come in all shapes and sizes, businesses need more than one type of defence in order to stay protected. anti-virus, along with online encryption, anti-malware and two factor authentication, should all be essential components of any business’ security model.
It is clear that there is a dangerous delusion amongst many SMB owners that they are not the prime target for cyber criminals but by carrying these misconceptions they are only increasing the chances of them suffering an attack their business may never recover from.