Mythbusters: 4 Cybersecurity Myths SMBs Believe, But Shouldn’t

It can be a challenge to convince small to medium-size businesses (SMBs) that they need cybersecurity solutions. To overcome SMBs’ objections, MSPs need to understand that businesses of this size often have a belief system based on a lack of understanding about the risks, security best practices, and what a data breach could mean in terms of dollars and cents. Unfortunately, these false beliefs stand in the way of taking measures to protect sensitive customer, employee, and proprietary information.

MSPs have the opportunity to share myth-busting information that can shed light on the truth about cybersecurity. Here are four examples of cybersecurity myths and ways to debunk them:

Myth 1: Cybercriminals aren’t interested in SMBs.

This myth can be particularly dangerous. It makes SMBs believe that if there’s no risk of a cyberattack, then there’s no reason to take any measures to prevent it.

There are hard facts that prove this myth wrong, however. For example, research for the 2016 State of Cybersecurity in Small and Medium-Sized Businesses report from Ponemon Institute reveals that in the past year alone, 55 percent of SMBs were victims of cyberattack, and 50 percent experienced data breaches. SMBs are a target, probably because cybercriminals are counting on their systems being unprotected. This makes SMBs easier to steal data from than larger businesses that use security solutions in place.

An SMB might argue that they have nothing a hacker would want to steal. Debunk this by asking if the data kept on file includes employee records containing sensitive information, customer or financial information, other personal information, or whether records may be mission-critical enough or interesting enough to hold for ransom or release to the press. If the answer is yes, they need to protect it.

Myth 2: I trust my employees and contractors.

SMBs can be lulled into a false sense of security because they trust the people they hire and the people they routinely do business with. The problem is that an employee or contractor doesn’t need to have sinister motives to be a weak cybersecurity link.

The Ponemon study found that after web-based attacks, which account for 49 percent of incidents, phishing is the most common type of attack against SMBs — 43 percent of attacks last year fell into this category. Employees who are not trained in how to spot a phishing email may provide information to a cybercriminal or click on a link that helps a hacker gain access to a business’ network.

Additionally, SecurityScorecard reports that data breaches related to third-party vendors continue to be a challenge. Criminals may pose as an employee of the vendor company to request login information, figure out a default password used for the system, and breach the third-party vendor’s system integrated with the SMB’s network.

SMBs may trust their employees’ and vendors’ character, but they may not be able to count on their savviness when it comes to cybersecurity. Security solutions need to be in place when an unintentional mistake creates a vulnerability that a cybercriminal will exploit.

Myth 3: I have antivirus. That’s enough.

SMBs may believe that the antivirus program they have installed can protect them from every type of attack. Educate your SMB prospects and clients on how additional layers of cybersecurity such as a firewall, data backup, and encryption may be warranted to protect their data beyond the threat of malware to guard against or create an alert when other types of attacks or intrusions occur. Don’t forget to emphasize that employee education, training, password management, and access control are also necessary layers of a comprehensive security strategy. 

Myth 4: If it happens to us, we’ll recover.

SMBs hear about data breaches in the news just like everyone else, and, for the most part, they see those companies recover and move on. The astronomical losses reported in those news stories aren’t easily extrapolated to illustrate what a data breach could mean for a small business.

An article in Security magazine points out that the average cost of a data breach for an SMB is $36,000 and total losses can be as much as $50,000. Security explains that this may be close to the value of a small business. Furthermore, according to Experian, 60 percent of SMBs that suffer a breach go out of business after 6 months. The truth is, data breaches can destroy SMBs. They can’t afford to risk leaving their businesses unprotected. 

Tell the Truth

A conversation centered on exposing cybersecurity myths can be a tough one, but there is help available. Intronis’ Cyber Security Resource Center, for example, offers partners a variety of tools, such as a security readiness quiz, on-demand webinars, and rebrandable data sheets that can help SMBs evaluate whether they have the right security solutions in place.

If you educate your SMB clients and prospects about their cybersecurity risks, you can ultimately help protect their data, their networks, and their businesses.

Chris Crellin is senior director of product management for Intronis MSP Solutions by Barracuda. Read more Intronis MSP Solutions blogs here.