CEOs and business owners of small businesses in the Chicagoland area share many of the same beliefs about cybercriminals and the odds that their own businesses will be attacked. They have a FALSE sense of security. The reason is that many of them buy into two common misconceptions.
Misconception #1: Our business is too small. Cybercriminals are mainly targeting major corporations.
On the surface, that brand of thinking seems logical. After all, why would you target small businesses when these global giants have a ton more data and money to steal? Plus, you tend to only see headlines about cyberattacks involving major players like J.P. Morgan, Target, Experian, Home Depot, and Yahoo.
That’s exactly what cybercriminals are counting on you to believe. It makes small businesses easy prey because they tend to put zero protections in place or grossly inadequate ones.
Why don’t you hear about banks being robbed anymore? Because criminals know that banks have incredibly sophisticated security measures in place. Not only is it very difficult to rob a bank, but it’s also nearly impossible to get away with it without getting caught. Therefore, most criminals go after soft targets, such as homes or gas stations. This same logic is the reason most cybercriminals target small businesses and not Fortune 500 companies. They know you’re not spending millions on cybersecurity, and you don’t have a massive IT team working 24/7 to protect your assets.
The National Cyber Security Alliance reports that one in five small businesses has been a victim of cybercrime in the last year. Of course, that number includes only the ones that self-reported. Most small businesses are too embarrassed or afraid to report breaches because they don’t want the PR nightmare. Also, while many states have adopted the “you must report a security breach” mentality, business owners know there are no penalties or fines if they don’t report. Of course, states are now working on legislation to penalize those who do not self-report.
It’s safe to assume far more small businesses have been hacked than the statistics show. And if you never implement stronger IT security measures, you are essentially a “sitting duck,” just waiting for the inevitable to become another small business statistic.
Misconception #2: We have competent IT people / We have adequate protections in place.
If you have an entire IT department or even just one IT person, you may believe you already have a shield of protection around your computers, important files, and network. But wouldn’t you agree that your IT personnel and protections are nowhere close to the sophisticated security of eBay, Marriott, Equifax, Uber, Home Depot, and Google?
In November of 2018, cyberthieves stole data from approximately 500 million Marriott International customers. These attackers first entered their network in 2014 and were not detected until four years later!
Equifax, one of the largest credit bureaus in the US, had a data breach that exposed 147.9 million customers. Even worse, 209,000 consumers had their credit card data compromised.
Approximately 5 million usernames and passwords of Google Gmail account holders were compromised and leaked on a Russian forum site.
If these titans of industry with the newest cyber security software and technologies and scores of cyber security experts can get hacked, so can small businesses like yours.
I want to make sure Chicagoland’s small businesses stay safe, which is why I’ve written a book that’ll give you everything you need to know about what you can do to keep from becoming a victim. Grab your book here: https://www.hodgsonconsulting.com/underattack/