Cybersecurity Myths That Threaten Your Business
Before we get to the excuses, let’s talk about cybersecurity facts:
- There was a 388% increase in ransomware attacks from Q2 2020 to Q3 2020
- The average cost of a ransomware attack if you DON’T pay the ransom is $761,106
- The average ransom paid is $233,817
Ransomware is on the rise. No one disputes that. However, many small businesses in the Ozarks still tell us it isn’t their priority Ozarks. And inevitably, we get some variation of one of these excuses:
We Don't Have Data That Anyone Would Want.
Do you communicate with your staff and your customers via email? Those email addresses are valuable to sales and marketing groups. Your HR department retains Social Security Numbers for your employees, correct? Those are worth a ton on the dark web.
Think like a salesperson for a minute. Everything is worth something if you find the right buyer. But for argument’s sake, let's say that hackers don’t want your data. Does that mean it isn’t valuable? Absolutely not. Why? Because it’s worth something to you. You can’t run your business without your data.
That simple fact makes any data you have valuable. Hackers can lock you out of your systems and hold your data for ransom until you have the money to get it back.
The TRUTH
All data is valuable because there’s always a buyer. And sometimes that buyer is you.
We're Too Small to Be Concerned About Cybersecurity
It’s because of that attitude that hackers specifically target small businesses.
Which is easier to break into a Fortune 500 corporation or a mom-and-pop down the street?
It’s the same when it comes to your digital environment. Large corporations understand the value of their data. So they have more security in place, do more training, and have better internal security practices.
Which means you’re the low-hanging fruit.
If you don’t emphasize cybersecurity, walking into your network is like child’s play to an experienced hacker. Why would they take the time and risk attacking one large corporation when they can simultaneously attack ten little ones for the same payout?
The TRUTH
Because you’re a small business, you need to start thinking about cybersecurity now. It’s easier to fix vulnerabilities and implement security practices when you’re a $5M company instead of a $100M corporation.
We're Cloud-Based, So We're Secure
First, most businesses aren’t 100% cloud-based. Even if you were, cloud-based environments are complex. That complexity puts you at more risk for cyber threats because there are more variables to manage.
More than likely, you have a hybrid cloud environment. These environments have even more complexity, which means you’re at even more risk because you create openings between the Internet and your network every time you share data from your network to the cloud.
Without the right configurations in place, that might as well be a giant billboard with a flashing sign saying “Enter Here.”
The complexity of the environment leaves you vulnerable. But it’s the passwords that will kill you.
Cloud applications might have all the necessary security protocols in place to protect your data. But what if your password to access that data is compromised? It’s much easier to get ahold of a password than to execute a brute-force attack on a firewall.
The TRUTH
Hybrid-cloud environments protect you from a lot of risks. But they come with some, too. Don’t just read the headlines when looking at new tech. Ensure you read the fine print and understand what you’re getting into.
You’re risking your business, livelihood, and name if you ignore cyber threats. Is keeping your head in the sand really worth it?
The Basics of Cybersecurity
Cybersecurity doesn’t always require an in-house specialist (though it’s certainly helpful). If you’re just starting, there are some quick changes you can make to boost your security and mitigate some of your risk in the next 30 days.
Update Your Password Policies.
Updating your corporate password policies will go a long way toward securing your business data. The bare minimum requirements should be:
- At least eight characters long
- Should not contain any personal information (your name, username, or company name)
- It must be unique and not used on other websites
- Should not contain any word spelled correctly
- Should contain uppercase, lowercase, numbers, and special characters
Some of these can be automatically enforced through Active Directory. Require what you can through software security settings and train on everything else.
Implement Multi-Factor Authentication.
We know. Multi-factor authentication is annoying. But it’s critical to the integrity and security of your environment. And can save you mountains of money in the long run. Check out our multi-factor authentication resources for help getting started.
Train Your Team.
Most cyber threats don’t come via brute force attacks anymore. Instead, they’re hidden in your email inbox. Phishing scams are some of the most damaging attacks because they look harmless and target your weakest link: your employees.
Train your team to know what a phishing email looks like. Create and mandate secondary approval processes for bank or wire transfers via email. The more checks and balances you implement, the less likely a ransomware attack will hit you.
