Myths- We are small organisation for Cyber Attack
Reality: Some business thinks we are safe, or we are very small for cyber-attack and the truth is Every data or information is important and need to be protected from bad guys hand like a Credit card, personal address other information. Cybercriminal’s, care about the data, they don’t care about the scale of the organization. Data breaches investigation report by Verizon 2020 says, 28% SMB Business involved in data breaches. SMB has to take cybersecurity very seriously & need to provide protection in their digital services. It is easy to attack small organizations as they don’t invest in cyber security. At the end of the day, need to maintain a reputation among customers and save from huge penalties of compliances.
Myths: Anti Virus is enough to protect
Fact: Antivirus and Anti-malware can protect an organization from malicious software and virus but not from threats or attacks. Endpoint security solution vendors are updating their intelligence feed and hackers are very smart and sophisticated that vendors can think. Every day hackers are creating new ways to enter the premises. If a hacker created a new type of malware that is unknown for an anti-virus vendor and that won’t be able to detect then it leads to enter in your system. Every organization should take cybersecurity seriously and implement a defense in depth (Multi-layer protection). Need to encompass from perimeter security to insider threats, physical security, email security, and application security. A report says, 27% attacks happened by Phishing which containing malware and malicious content.
Myths: Strong password is enough
Facts: Strong password one of the cyber security best practices. Only using the complexity of the password is enough to protect from breaches. Organizations need to change the password periodically, Never use numbers, dictionary names, and use different passwords for multiple accounts. Also, keep eyes on authorization (To whom and what access) one reports says 21% folders are open to everyone.
Myths: Bring your own device (BYOD) is safe
Facts: BYOD is not a good practice if you are not having policies and tools to protect. Small organization opening a big cyber risk by implementing BYOD. The organization should install all the software or follow the process in personal device as follow for systems.
Myths: IT Team is responsible for cyber security
Fact: This is right that IT Team is responsible for systems and data management but not only IT, each one plays an important role to protect from breaches because a single click can lead to breaches (intentionally or unintentionally). Verizon’s report says Top 2 threats are DDOS and Phishing. Phishing can be protected from end-user awareness.
Myths: My data is not important
Fact: Every data is important, either personal or business. Let’s understand by an example for both. If I am using an infected mobile and data breaches happened then the bad guy can misuse of photos, passwords and can use for financial or criminal activity. So every data is important.
For an organization, maintaining a reputation is important. If any breaches happened while you don’t have too much data but personal information or system information can break the trust among clients.
Myth: Perimeter security is enough
Fact: Perimeter is one pillar to protect from attack while a survey says 47% insiders are involved in attack. Organizations need to think in a way to protect from 360 degrees and need to monitor the activity of the systems. Like in COVID-19 lockdown, perimeter is enough to protect but users are doing work from home then how to protect endpoints (Computer, Mobile, Laptops etc) from threats. The organization should make plans to protect from each side, we can’t protect by a single wall of the building
Myths: Protecting your data require huge investment
Facts: Investment in cybersecurity would be less as compared to data breaches recovery, reputation, and compliance penalties. Some of the tips and user awareness can also help to protect from attack. Need to consult with the Security consultants.
SMB can also protect by updating internal policies and procedures. They can give the minimum access to the sensitive information or can deploy an IAM (Identity access management) which will help to provide MFA (Multi-factor authentication) and authorization
Be aware Be Secure