Data security is a major concern for businesses of all sizes. Every year, hackers invent new attack strategies and software to steal valuable data from businesses across the world.
Yet, as important as data security is for small to midsize businesses, many of these businesses operate under some severe misconceptions.
These myths can lead small businesses to make dangerous decisions about how they secure their data, leaving them open to attack.To counter these common misconceptions about small business data security, it’s important to know them first.
Misconception #1: My Business is too Small to Be a Target
Many small business owners assume that because they’re small, they won’t be the target of an attack. This just might be the most dangerous misconception of all.
As noted in a McAfee article citing surveys of small business owners and industry research by Verizon:
A super-majority [of small businesses] (66 percent) felt confident that their data and devices are secure and safe from hackers, with 77 percent responding that they haven’t been hacked… Seventy-two percent of data breaches investigated by Verizon Communications’ forensic analysis unit were focused on companies with less than 100 employees. The discrepancy suggests that many SMBs are not aware that they’ve been hacked. —McAfee
This misconception may exist because small business hacks rarely make headlines. However, the truth of the matter is that small businesses make prime targets for hackers, specifically because many think they aren’t targets, and thus fail to take the necessary security precautions.
Not only will hackers try to steal any credit card and banking info that a small business might have, some will extort small businesses by uploading ransomware to their system. Ransomware, once on the network, will encrypt all of a business’ data, and the hacker will then offer to provide the encryption key in return for a ransom.
So, a small business, even one without much sensitive or proprietary data to steal, still needs to take data security seriously.
Misconception #2: A Firewall is Enough to Protect My Business
Firewalls are a great security feature that can thwart many external attacks against a business’ data. However, no single security layer will protect against every threat.
For example, what happens if an employee with legitimate access to your system decides to steal data, or a vendor abuses their access to your network to upload malware?
To protect against internal threats and the most sophisticated external attacks, businesses need multiple security layers for their IT infrastructure, including not just perimeter firewall, but antivirus, two-factor authentication, per-app and per-database firewall, data-at-rest encryption, and intrusion detection.
The more barriers businesses can put between thieves and their data, the better.
Misconception #3: Using the Cloud is Less Secure than Using My Own Hardware
This item tops CIO’s list of small business misconceptions about the cloud. Many smaller businesses assume that using remote, cloud-based environments is less secure than running IT infrastructure on hardware owned by the business and located on their property.
However, this is not the case. As noted by CIO’s article, “few small businesses can even afford to set up their own IT department, much less hire dedicated security staffers with the skillset and experience to properly protect their organizations from the bad guys.”
Any IT infrastructure is only as secure as the measures used to protect it. Cloud service providers just happen to be able to apply much stronger, enterprise-grade security measures to their environments. This allows cloud providers to create much stronger data security for their small business customers.
Misconception #4: All Cloud Security is the Same
It’s important to remember that not all clouds are the same. Any business looking for a secure cloud solution should thoroughly examine what security features are a standard part of the provider’s cloud environments, and what optional features are available.
Some cloud hosting services are little more than online data storage, with few data security features and protections, and no redundancy or backup should something happen to the server hosting the data.
Sorting out the misconceptions about small business data security can help business owners make better decisions about how to protect their data. Knowing the myths can at least help small businesses avoid the biggest data protection mistakes, such as not using any security for data at all.