Unfortunately, common business network security myths have led many small to medium sized business owners to believe they are well protected against hackers, malicious insiders, and online criminals. They perceive their network to be secure, but that confidence may be misplaced.
Sure, they know they are not impervious to attack but, on balance, confidence in their ability to prevent a cyberattack is high. Even if an attack is suffered, they think they will be able to identify it quickly enough in order to protect their data. However, the reality is that confidence is often based on some widespread business network security myths. The reality is many businesses are wide open to attack.
Common business network security myths that need busting
Some of the commonest business network security myths are listed below. Make sure that all of your IT staff are aware of the following misconceptions. Expel these business network security myths and you will be able to gain a much better understanding of how well your business, and its data, are actually protected:
It is easy to avoid phishing campaigns
That may have been true a few years ago. It used to be easy to spot a phishing or scam email. However, the situation has now changed. Phishing schemes have become much more sophisticated and it can be very difficult to identify scam emails, certainly by the majority of employees. Many of the major security breaches suffered over the past few years have started with a member of staff responding to a phishing campaign. The massive data breach at Target is a good example. Hackers gained access to Target via a HVAC company used by the retailer. Malware was installed on that company’s network. The attack on Target was launched from there.
I trust my employees not to expose data or infect my network
Your employees may not knowingly compromise your network or reveal sensitive company information but, due to the high phishing risk, they may do so inadvertently. Even after training employees to be more security aware, they can still accidentally fall for a scam and install malware on your network.
That is not the only problem. Your loyal and trusted employees may not turn out to be quite so loyal when they leave for another job. The Wall Street Journal recently conducted a data security survey, and half of employees admitted to taking confidential company data with them when they left their employment.
My business is too small to be targeted by cybercriminals
Cybercriminals want to gain access to as much data as possible. They want to infect as many computers with malware as possible and build bigger botnets. They also want to sabotage companies that they feel are doing harm, or acting irresponsibly. That means larger corporations are targeted. They have more data, they have more computers, and they tend to cause the most offense – by damaging the environment or making obscene profits, for example. They are also more of a challenge, and many hackers see that as reason enough to try to break through their defenses.
However, don’t think that as a smaller business you are a smaller target. Your defenses will probably be inferior to a multi-national corporation, and criminals like the path of least resistance. Your data is likely to be just as valuable as data held by a larger corporation. You just store a smaller volume of it. Small businesses are being targeted and there is actually a high risk of attack. As was the case with the Target data breach, a small company was targeted first and was used to attack the retailer.
If a cyberattack is suffered, you may not be able to cope with the aftermath. Data suggest that two thirds of small companies end up going out of business within 6 months of suffering a cyberattack.
I have not been hacked, so my security protections are sufficient
How sure are you that you have not been hacked? Many companies do not discover their systems have been compromised for months or even years after an attack has taken place. Take the eBay data breach for example. The massive online marketplace was first attacked in February and it took 3 months for the company, with all of its IT security resources, to determine that data had been stolen.
Network security protections are expensive
If you want the best protection for your company, you do not have to necessarily spend a small fortune, or a large one for that matter. There are many cost-effective protections you can put in place to protect your network from attack. In fact, it is probably not necessary for you to implement advanced threat analytics, but you should use email and web security solutions to protect against phishing attacks.
Weigh up the cost of implementing these software solutions against the cost of suffering a data breach. According to the Ponemon Institute, the average cost per record exposed in a cyberattack is $246. Multiply that by the total number of customer records you have and that will give you an idea of the likely cost of resolution. Unfortunately, small businesses tend to pay much higher costs per exposed record due to economies of scale. Ponemon has also calculated the chance of suffering a data breach over a two-year period is 22%.
Dispel these common business network security myths and you will be taking five steps toward a more secure network, and will actually be much better protected than you currently believe you are.
