By: Steven Bearak, CEO of IdentityForce
Building an effective cyber security strategy is critical for all small business owners. When running a lean operation, it’s common for a small business to do more with less. IT resources can be scarce, even for those small to mid-sized companies that are in the high-tech and IT fields. In fact, when 600 IT leaders from small and mid-size businesses were surveyed for a 2016 State of SMB Cybersecurity Report, only 14 percent of the companies indicated that they were highly effective at mitigating cyber risks, vulnerabilities, and attacks.
The first step to protect your small business is to really understand perceived myths versus the truth around cyber security protection. So, let’s get started:
Myth #1 - A Strong Password Keeps Everything Secure
Strong passwords are important, but they won’t fully protect you. Consider using a password with two-factor authentication, and make sure that your team never leaves passwords lying around the office or their homes. Instead, encourage them to use a password manager.
Myth #2 – I’m Prepared! I have an Antivirus Program
Many businesses, including small business owners, believe that an antivirus program will keep their data safe and secure. While it helps, there’s a lot more to cyber security than installing a simple piece of software. And, more people than ever before are also using smartphones and tablets on unsecured networks without installing the proper antivirus software on those devices.
Myth #3 - A Good Firewall Will Keep the Bad Guys Out
In the same way that antivirus software won’t fully protect your business from a cybercriminal, firewalls won’t either. Gaps remain even if you are using both firewall and antivirus software. In today’s work environment where Bring your own Device (BYOD) and telecommuting are prevalent, many of the risks come from a lack of communicating and enforcing best practices with your employees. Other solutions such as identity theft protection can further protect your employees’ Personally Identifiable Information (PII).
Myth #4 – Cyber Attacks Don’t Happen to Small Companies
Cyber threats are very real and becoming more prevalent. This can also include ransomware – or malicious software – that threatens to publish the data on your device, or lock down your device, unless a ransom is paid. Your business can be a target 24 hours a day, 7 days a week. And, according to a 2017 IT Risk Report by Netwrix, 73 percent of small businesses don’t have a dedicated function to handle information security, therefore making them an appealing and easy target to cyber criminals.
Myth #5 – I Don’t Know Any Cybercriminals, Therefore I’m Safe!
Even if it accidental, many cybercrimes can be traced back to internal events. This can be an unintentional phishing email sent by a vendor or partner, or in the case of ransomware, the attack can happen when your employees visit malicious or compromised websites. Often spam in the form of email attachments forwarded among colleagues can leave your business vulnerable.
Protecting your small or mid-sized business starts with knowledge. Always keep security in mind, research and install security software on your computers and devices, and conduct ongoing training with your employees. And, it’s not a one and done effort; you must refresh your practices every few months or at least twice a year to ensure you are keeping up with the latest cyber threats and attack methods.
Steven Bearak is the CEO of IdentityForce, a company commercialized from nearly four decades of in-depth experience around personal identity and security services and products. IdentityForce is a leading provider of proactive identity, privacy, and credit protection for individuals, businesses, and government agencies. In May 2017, IdentityForce introduced a secure mobile app to help members stay protected anywhere, anytime. For more information, visit www.identityforce.com