Myth #1: “My business is too small for hackers to bother”

Small businesses are a great target for hackers – particularly when business owners have this attitude towards cyber security. This is because it means they usually haven’t taken the time to put precautions in place to protect against attacks, making it easier for cyber criminals to access their systems. Their systems can then be hijacked to attack others by becoming part of a botnet.

Myth #2: “Hackers wouldn’t be interested in the type of data we hold”

Even if your business doesn’t hold – for example – credit card information, any personal data such as names, email addresses, usernames and passwords can be stolen in a cyber-attack. And because people use the same details across multiple websites (such as their online banking), any data that is stolen can be sold on – putting your customers and employees at risk.

Myth #3: “Cyber security is too expensive”

It is likely less expensive than you think, and compared to the cost of recovering from a cyber-attack, it’s a much better deal; the average cost per business of all cyber crimes (excluding phishing) experienced in the last 12 months was £20,900.  Even the reputational damage suffered after a data breach is likely to be far more costly than investing in cyber security in the first place.

Here are 5 ways you can start improving your cyber security on a budget.

Myth #4: “We have anti-virus software, that’s good enough”

While anti-virus software is an important layer of protection, it’s not enough by itself. As malware is constantly changing, it becomes unrecognizable to antivirus scans, leaving your business vulnerable. Other layers of protection are needed to give your business the best chance it can have of staying safe from cyber-attacks.

Myth #5: “My company is too big to be vulnerable”

“The biggest cyber security risk is complacency, not hackers” – The UK information commissioner.

In December 2022, The Guardian was victim to a ‘highly sophisticated’ ransomware attack that was most likely caused by a phishing attempt. Other recent companies that have fallen victim to cyber attacks include Royal Mail, and a major IT provider for the NHS.

The assumption that a company is so large that it must have impenetrable cyber security measures in place can lead to employees at all levels unknowingly taking cyber risks.

Myth #6: “My staff would never be victims”

Anyone can be a victim of a cyber-attack – and attacks are becoming more sophisticated (and harder to spot) by the day. One employee innocently clicking a link in an email that appears to be from the CEO could be all it takes for hackers to get in your system, so it’s crucial your cyber security measures and staff training are up to date to help prevent this from occurring.

Myth #7: “Phishing attempts are easy to spot”

Again – cyber-attacks are getting harder to spot each day. And not all attacks are quick, chance attacks. Often, criminals will ‘play the long game’ spending weeks or months gathering data to create a sophisticated attack that even the most cyber-savvy person in your business couldn’t identify.

Myth #8: “We would know if someone attacked our devices”

It might not be a case of a skull and crossbones appearing on your monitor – a cyber criminal could be inside your system for months without being detected, and the longer they’re in, the more damage they can cause. The average time for a cyber-attack to be identified and contained is 277 days. (Source: IBM Cost of a Data Breach report 2023)

Now that you’ve seen the truths behind these common cyber security myths, it’s time to make sure your business is cyber secure. Learn more:

What’s my current level of cyber security? Quiz

IT checklist for employees joining your organisation