After all, it’s invisible, phantom like in nature and hard to pick up so why would we. You manage what you see, what’s in front of you not what operates in silence, unseen and unheard. That sort of activity takes you by surprise because you can’t see who’s doing it or what they are doing. You don’t expect it and you don’t understand why someone would target you, nor do you understand the real impact until things start to go wrong, systems shut down, data gets corrupted and your normal day or week is turned upside down.
There are several popular myths about cybersecurity that make it harder to appreciate the need to protect yourself. Let’s bust some of them.
Our business is small, so we are not a target.
It is true that small businesses have less of value than larger businesses. Quite often too they have little or no protection from cyber attack, which unfortunately makes them easy targets. Easy targets are a way of getting to harder targets or to a wider audience. The more easy targets that are accessible, potentially the bigger the impact and disruption.
Cybersecurity does not impact business much.
Time spent on a single problem can quickly telly up in lost productivity. More serious data loss issues can cripple you for much longer. You should appreciate how dependent you are on your business and communication systems and assess the cost to your business of not having them function the way you want them to. That is the impact cyber breaches could have on your business.
We have not been breached so far, so it won’t happen.
This isn’t how statistics work and this is the reason why you take out insurance cover for things such as health, life, car and building insurance. From a cybersecurity point of view you may have already been breached and not even know it. Average detection time varies between 229 and 450 days. That’s right: it can take a year before you know you have a problem, and the impact on your business could be significant.
Cybersecurity it a technology problem, and our IT guy takes care of it.
To be effective in managing or preventing cyber attacks, management needs to understand the risks and provide guidelines and procedures that allow the business to operate within those boundries. Staff need to understand what they can and can not do to ensure the business remains protected, their work remains protected, others they associate with remain protected. It isn’t enough to delegate it to someone else, you need to know what’s going on and get involved.
Cybersecurity is expensive, and we don’t have money for it
Insurance and preventative practices can put a strain on your cash flow and operations but they become insignificant costs if the reason for that protection happens. Cyber security can be implemented in a cost effective manner and as the saying goes “an ounce of prevention is worth a pound of cure”. If you are not covered or prepared, the impact could be catastrophic. It’s all about risk management, reducing the impact an event will have on your business both from an operational perspective as well as a financial one.
We’ve done the security project, and we have insurance now.
You need to check that your security is working on an ongoing basis. New viruses and malware are being developed every day and its estimated that at any one time up to 30% go undetected by commercial scanners. Don’t assume that because you received a clean bill of health in the past that that is still the case now. It is much easier to deal with potential problems, if you make prevention a habit. Also, it is cheaper to ward off problems than to resolve them, even with the insurance.
We have antivirus, firewall, and spam filters – we’re safe.
It is a popular argument, but completely false. Antivirus and firewall will protect you from the known problems. That is, if you keep them up to date, and configure them well. What experts are suggesting is that the greatest cyber security threats are associated with the activities and behaviour of people and systems behind the firewall. Controlled access and monitoring of activity plays just as important a role in reducing this risk.
If underestimated, a lack of cybersecurity can seriously damage your business. It will certainly interefere, interrupt and inconvenience owners and businesses that don’t take it seriously. We are now living in the digital and information age where technology, networks and connectivity to the outside world are part n parcel of business today. A change of mind set is therefore required to realign your thinking about the above listed misconceptions. The next step is to do something about it and embed security checks, both technological and operational, and associated procedures into your business risk management program and embed into normal business practices that are regularly reviewed along with all other risks that impact your business.