How much do you know about cyber risks? If the answer is, “Less than I should,” then your company may be at risk. A data breach can be costly. To minimize your cyber risks, learn the reality behind these cybersecurity myths!
Myth 1: IT is responsible for cybersecurity.
Reality: Everyone is responsible for cybersecurity.
IT may create and enforce cybersecurity policies and procedures, but everyone plays a role in keeping a company safe from cyber attacks. For example, phishing email attacks present a big risk. Effective employee training can reduce the chances of this type of breach and also reduce the harm it causes.
Myth 2: My organization doesn’t have anything of value to hackers.
Reality: Every organization is a target.
Some companies think they’re too small to be hacked. Others believe they have nothing hackers want. WRONG! Every organization has assets that hackers want, including data, money, and business information. Hackers often use a “spray and pray” technique, and small companies can get hacked in the line of fire. Beyond that, hackers often sell information on the black market, especially when a company’s data might interest others!
Myth 3: Only large companies get hacked.
Reality: All organizations are targeted.
The media rarely reports small business breaches, so most people think big companies, like Target, Home Depot, Marriott, and Experian are the only ones at risk. In reality, a recent Verizon report revealed that almost 60% of breach victims were small businesses. Why? Smaller companies may not have the time or resources to put toward a cybersecurity program, which makes them attractive to hackers. Additionally, hackers attack small businesses as a way of accessing their larger partners.
Myth 4: Our organization’s password policy is strong enough to protect us.
Reality: Passwords are important but far from perfect.
Organizations that don’t use two-factor-authentication (2FA) are prime targets. Adding a secondary means of logging into your account, usually through a smartphone, provides more protection.
Myth 5: Cybersecurity is only a digital risk.
Reality: Physical security is a major component of cybersecurity.
Does your company require people to report lost or stolen devices, like laptop computers or smartphones? When physical property is lost or stolen, the cost includes the device itself, lost productivity, the loss of intellectual property, and potential legal fees. Implement a mobile device security policy that includes a provision to immediately report any lost or stolen devices and be sure to password protect and encrypt all mobile devices as well.