When you’re protecting your small business from digital threats, what you don’t know—and what you think you know—can hurt you.
These common security misconceptions leave businesses open to attacks that can steal their data, drain their accounts and even cause them to fail.
Let’s bust these myths and see what works instead.
Myth #1: My Business Is Too Small to Be a Target
Reality: Any business can be a target.
In 2018, 43% of all data breaches hit small businesses, according to the Verizon 2019 Data Breach Investigations Report. Why?
First, a lot of small businesses don’t keep up with cybersecurity best practices. That makes them easy targets.
Second, hacking often looks different from what you might imagine. In many cases, it’s not a lone hacker targeting specific businesses one at a time. Cybercrime can also be big, organized conglomerates using botnets to search the web for vulnerable sites to infiltrate and exploit.
Most cybercrime is less like a guy with a fishing pole and more like a big ship that sweeps up unprotected businesses of all sizes in its net. So, it’s important to take cybersecurity seriously, even if you’re a solopreneur.
Myth #2: I Don’t Sell Products on my Website, so I Don’t Need to Worry
Reality: You still need website security, even if you run a service business or brick-and-mortar shop that doesn’t have an online store.
There are two big reasons why.
First, without proper malware protection, your site could be hacked and vandalized by attackers so that when prospective customers arrive, they see random or offensive messages instead of information about your business.
Second, if your site lacks SSL protection, you’ll be penalized in two ways. Most browsers will warn visitors that your site is insecure and that their data could be at risk. That will prompt most people to leave. And Google uses SSL as a ranking signal, so sites that don’t have it get a lower spot on search engine results pages.
Myth #3: We don’t Have Anything Worth Stealing
Reality: You might, though.
Why would anyone go after your small business when there are multinational conglomerates and big banks sitting on much more valuable data? Here are a few reasons.
- To hold your business hostage. Ransomware attacks make the news when they disrupt cities and big businesses, but small businesses are frequent targets, too. In 2018, an estimated 70% of ransomware attempts went after small businesses. The typical ransom for owners to get their data back and get their business up and running again? About $116,000.
- To use your checkout to test their stolen card data before going elsewhere to commit bigger fraud. “Card testing” fraudsters use bots to test batches of stolen credit card numbers by making small purchases on poorly secured websites—sites that don’t limit the number of times a shopper can try to enter the right CVV code for a card number, for example. When they manage to buy some small-ticket items, they can commit bigger fraud on better protected sites. And the small shops where they card-tested are stuck with chargeback fees.
- To use your business to go after someone you do business with. Remember, the Target data breach started with a vulnerability at one of the company’s HVAC vendors.
To protect your business, your bottom line and your relationships with your customers:
Make it a company policy never to click on links in emails from unknown senders and to keep your software and operating systems up to date. Ransomware attacks and data breaches often depend on phishing attacks and unpatched programs.
If you take payments on your website, limit the number of times a customer can try to match their card number to other data to prevent card testing fraud.
Myth #4: Our Stuff Is Password-Protected, so We’re Good
Reality: Passwords aren’t foolproof, as countless hacks and breaches show.
Passwords work if they can’t be cracked. But most passwords are easy to figure out, either by guessing or with a bot that keeps trying combinations until it gets a match.
That means that if you and your employees are using weak passwords, it’s time to change them to something stronger.
It’s also important to use a different password for each account, instead of using one password for everything. Otherwise, your password becomes a skeleton key to your entire business if it ever ends up in the wrong hands.
There’s one more password issue to consider: the default passwords on devices like your office wireless router, smart speakers and wireless cameras. Not everyone is aware that those devices have passwords, but they do, and hackers know the defaults.
Changing device passwords can be a bit of a hassle, because you need to look up instructions for each type of device. But having thieves or pranksters in your network is a bigger hassle. Read this to how to set a secure password.
Myth #5: My Employees and I Know How to Spot a Phishing Email
Reality: Phishing attempts are a lot harder to detect than a few years ago—and they don’t always use email.
Yesteryear’s badly written tall tales that blatantly asked for money have evolved into today’s email, text and voice messages that appear to come from your customers, utility providers or vendors. They may be asking for money, immediate “past due” bill payments, sensitive data, or for you to click on a link that lets ransomware into your system.
And while most of us are confident we can spot these kinds of scams, about half of 4,000 office workers surveyed by Webroot said they had clicked on links in emails from unknown senders.
We’ve already covered the importance of not clicking on links from random senders. It’s also important to double-check any unexpected requests for money or sensitive information that come from vendors, co-workers or clients. They could be legitimate requests—or they could be phishing attacks by imposters.
Myth #6: Setting Up Your Cybersecurity Is a One-Time Event
Reality: Criminals are always finding new ways to steal information, so cybersecurity best practices are always adapting.
It’s good business to keep up with the latest security news and keep educating yourself. The National Cyber Awareness System has information on dozens of cybersecurity topics to keep you and your employees up to date.
It’s also critical to have security tools that are always on and monitoring your business data.
In the office that means using firewall and anti-virus software. For example, Windows Security comes with Windows 10 and according to PC World, it works as well as the top paid solutions. It also lets you layer a second anti-virus program on top for added coverage.
Security and Your Small Business Website
Your website needs always-on protection, too.
A good web host will provide security tools like automatic scans to detect and remove malware and viruses, an SSL certificate to encrypt information your customers enter on your site, and regular site backups so you always have a recent “good” version you can restore in case of a problem.