As we wrap up National Cyber Security Awareness month, I continue to be amazed at the number of business owners and managers who think they will not be the target of a hacker, malware, or ransomware attack that results in a data breach. Let’s first define the term data breach and then look at some common myths many business people choose to believe, creating a false sense of security.

A data breach is an event where otherwise confidential information is viewed, stolen, or used by an unauthorized person or entity.

Myth #1 – My company is not large enough, hackers are not interested in my data. Depending on whose statistics you read, 60% or more of data breaches reported in 2016 occurred in business with less than 1000 employees. Why? Cyber criminals are smart. They are looking for low hanging fruit and recognize small and medium businesses believe they are not at risk, invest less money in cyber security and are a wealth of data. This data includes personal identity information of employees and clients.

Myth #2 – My company doesn’t have the budget needed to invest in cyber security. Industry data indicates small and medium businesses that experience a data breach spend an average of $14,000 plus in the recovery effort. This may be in the form of technical services needed to recover encrypted files, clean up infected systems, disruption of revenue, overtime, etc. That does not include legal fees, regulatory penalties or damage to your business reputation.

Myth #3 – I’ll be able to tell if a data breach is occurring, and will take action then. In 2016 it is estimated that on average malicious hacks were in place for over 200 days before they were detected. Think about it, your confidential data, exposed, for over 6 months.

Here is the bottom line.

  • Investing in robust, business grade technology is necessary. You cannot afford not to, as there are solutions to fit every budget. Talk to an IT professional who specializes in small and medium business solutions, they will help you find one you can afford.
  • Have your security technology reports and consoles reviewed on a monthly or, at the very least, quarterly basis. An IT professional specializing in security is the best person to perform this review.
  • Invest in a security assessment of your network and computer systems on at least an annual basis, semi-annual is even better. Just as your car needs a regular tune up, so does your technology and without a proper security assessment you cannot ‘see’ problems or changes that may be needed.