In our digital world, where everything about us and our businesses exists in a digital format, cybercrime and data loss are potentially the biggest threats to the success of your business. In 2019, cybercrime was a 1.5 trillion-dollar industry with forty-six percent of attacks targeting small businesses. If that wasn’t bad enough, studies show that sixty percent of small businesses that suffer a data breach file for bankruptcy within six months.
This phenomenon results from misconceptions about cybersecurity shared by many business leaders. The biggest one? “My IT guy has me taken care of.” Cybersecurity is not just the concern of IT professionals and large corporations. We all rely on technology to perform tasks that are essential to the operation of our business. Hackers target people, not computers. Computers are just the tools they use to get to us. Cybercrime is on the rise and small and mid-sized businesses continue to be targeted. Let’s address the top cybersecurity myths so you know how to target your business security needs.
Myth #1: My IT guy/team/company has it taken care of.
If you don’t have a dedicated team of security engineers constantly watching over your business, you are vulnerable. Simply put, most businesses do not have a skilled expert on staff to adequately handle security. That’s not a knock against any IT person. Almost everything runs on the data network in your office. In the past, it was only your computers, but now you have phone systems, camera/alarm systems, printers, and smart devices all using your network to access the internet. Most IT departments are spread too thin because there is just too much to stay on top of without a dedicated security professional or team. Most IT departments are responsible for making sure the PCs, servers, printers, mobile devices, and phones work; on top of that, also they have to worry about the vulnerabilities created through digital marketing and social media platforms.
Finding time to keep up with basic IT skills in an ever-evolving field is challenging enough without adding in advanced cybersecurity skills. Figuring out how to maximize the use of technology within your organization is a challenge. Understanding what you need to protect in the future is a challenge. To top it all off, you are still expected to keep the systems running and put out every fire that pops up.
The reality is that most IT departments are so busy maintaining the system, they don’t have time to think about improving security, let alone actually do it. Criminals understand this challenge and they use it to their advantage. It’s the reason they’re always three steps ahead of the current security model. They don’t have to worry about maintaining a network, making sure everything works, or resolving issues that come up.
Myth #2: We would immediately notice if our systems were hacked.
Ten years ago, we would have agreed with this line of thinking. At that time, if a computer was infected, it showed noticeable signs: The computer started running slow. Pop-ups appeared all over the screen. Sometimes it became completely unresponsive. However, cybercrime has grown into big business for the criminal underworld. Their methods have evolved and if you don’t have a way to rapidly detect when something has gone wrong, it’s too late. By then you’re in trouble: expect to be on the news or find yourself out of business.
It doesn’t matter what industry you’re in, what you’re doing, or the situation. When it comes to minimizing damage, the name of the game is speed. Think about it: if you could detect and locate a fire in the forest right when it starts, you’d have a much better chance of stopping it before it grows into a raging wildfire. The same holds true in data security. Unfortunately, the average data breach in the US goes undetected for 206 days. That’s almost seven months of someone having access to your company data without your knowledge.
Let’s put that in perspective:
- A regular Major League Baseball season is only 187 days.
- It only took NASA 158 days to send a probe to Mars.
- A luxury cruise around the world takes 106 days.
You could sail around the world twice before the average business detects that their systems have been compromised.
Even if you’re twice as good as the average business out there, that still leaves you vulnerable for three and a half months. So, ask yourself, how many records could be compromised in just three and a half months? I think the better question may be, how many records do you have on your system? When you look at it from that perspective, you understand why data breaches are so expensive and why sixty percent of small businesses don’t survive them.
The average data breach in the US goes undetected for 206 days
Myth #3: We’re too small to be a target. I don’t have anything worth stealing.
The vast majority of cyberattacks are untargeted attacks. Criminals simply write a bunch of programs designed to find vulnerabilities in machines or programs to trick a human into clicking on something. Once their program finds a vulnerability and gets inside a business, it alerts the cybercriminal. That’s when the real attack begins. The cybercriminal takes the next seven months, on average, going through all of your stuff looking for anything they can monetize. That could be your files, your financials, your intellectual property, your identity, and even your employees’ identities. Can you imagine the lawsuits you would face if your employees’ identities were stolen simply because you had a data breach?
This is often just phase one of an attack. After cybercriminals have looked through and copied everything valuable, they move to the second phase: asset control. In phase two cybercriminals use your resources to launch other attacks. This could mean sending emails out to all of your contacts or even using your computing resources to launch larger organized online attacks. I once saw a criminal using space on a company’s server to store child pornography.
The bottom line is you are always a target. Even if you don’t have something a criminal can directly monetize, which is almost impossible, gaining access to your computer resources helps them in other ways.
Even though risk is always present and the consequences can be destructive, you can create a plan. There are ways to guard against risks, to prevent them, and to minimize their effect if and when they occur. To speak to someone about a risk assessment or creating a customized plan for your company, touch base with one of our specialists.
