5 Common Small Business Cyber Security Myths

computerBy Hanna Burmeister, Michigan SBDC 

It’d be difficult to find a business today that doesn’t use at least one computer-based or online system.  With online cloud-based services available for anything from accounting to file sharing, it’s no wonder that small businesses are adopting (and inventing) these new technologies.  However, as technology gets smarter, so do hackers.

Though cyber attacks on large companies like Target or Home Depot may make headlines, hackers are increasingly targeting small businesses.  Unfortunately, most small businesses are unaware of cyber security threats, leaving them especially vulnerable.

In order to better understand small business cyber security, let’s start by investigating five common cyber security myths:

1. Hackers only target large companies.
Unfortunately, small businesses make excellent targets for hackers. Most small businesses don’t have the resources to invest in heavy-duty security measures, but still possess valuable information.  Additionally, many small businesses are simply unaware of cyber security risks and how to mitigate them. Hackers are a real threat to small businesses, and developing a cyber security strategy is incredibly important no matter a business’ size. 

2. Cyber security is too expensive.
While your business may not have an extensive cyber security budget, making smart decisions now can save you thousands of dollars in the long run.  Here are three simple strategies to better protect your business:

Passwords: The longer your passwords are, the safer they are. Ideally, all passwords should include upper & lowercase letters, numbers, and special characters.  Never use the same password for multiple sites or logins, and never display your passwords publicly (no, not even written down and left next to your computer!).

Enable two-factor authentication (2FA): Two-factor authentication is a technology that uses two different components to identify users. For example, with an account using 2FA you may be asked to enter your username and password, and then sent a text message with a verification code. You will need to enter the verification code before being able to access your account. If a hacker were to obtain your account password, 2FA adds another level of security by sending a unique code to your phone.  Without this unique code, the hacker is stuck.

Train your employees: Your employees are your first line of defense against hackers.  Take the time to establish cyber security policies and procedures, and make sure all employees comply.  Additionally, not all hacking takes place behind computers.  Some hackers may walk into your business, claim they are from an IT company, and ask an employee for access to your database.  Physical security is just as important as online security!

3. Hackers only target businesses with online stores.
Though your business may not have an online store, chances are you still have information that is valuable to hackers.  A cyber hacker could be after e-mail addresses, intellectual property, access to your internal e-mail accounts, or databases.  Don’t ignore cyber security just because you don’t process credit cards online!

4. All cloud-based services are automatically secure.
Cloud-based services offer small businesses an easy way to collaborate, manage e-mails, store files and much more.  However, before you transfer your entire business to the cloud, take some time to determine what service is the safest for your business.  Choose a cloud service that provides data protection during upload, storage, backups, data recovery and technical support.  Additionally, some of your most sensitive data may require extra encryption, so ask any cloud-storage provider about their encryption options.  As always, applying general cyber security best practices like changing your passwords often will improve the security of your cloud-based accounts as well.

5. Using public Wi-Fi to conduct business is always safe.
Many small business owners are on the clock 24/7.  While mobile phones, laptops and public wireless internet make it convenient to conduct business wherever you are, they also offer hackers another opportunity to infiltrate your network. It’s incredibly easy for a hacker to log into that same Wi-Fi network and intercept all of your activity.  Think twice before sending a confidential email, accessing client data, or processing payments on public Wi-Fi.  An even better solution is to set up a Virtual Private Network (VPN). Click here for more information on VPNs.

There are many opportunities for small businesses to improve their cyber security.  Now that we’ve addressed these common myths, review your own cyber security best practices!