Small businesses have what I consider to be fallacies about why they’re not investing in cybersecurity.
In my opinion, the number one fallacy that small business owners think about is that, well, I’m too small. Nobody’s going to bother me. And why should I invest in a cybersecurity program when my business is not significant enough to be a target
Now, while your data and your business may not be important to other people, it is important to you and your business.
What happens if you get hit with ransomware and you are down for several days, maybe weeks. Perhaps you don’t even recover from it.
While your business or your data may not be important in the grand scheme of things, it is important to you. Your business is your livelihood. Without the ability to operate the business, you have nothing, and you will pay dearly in ransom for getting your data back. If you don’t have that data, you can’t run your business.
Another fallacy is that you may not think that you’re business is in an industry that is considered “critical infrastructure”. The government has designated certain industries that are critical industries that need to be secured from cyber attack. While your business may not be in such an industry, you need to think about if you interact with those industries in any way. Look at your customers/clients. If any of your clients are in a critical industry, or are a business of some significant size, then your business is a target, because the hackers can get to them through you, as you are the weakest link.
Also, look at your vendors. Just as hackers can get to your customers/clients through you, they can go through your vendors to get to you, or even vice versa. Your business is not running in isolation. It is part of an overall ecosystem comprising all kinds of business, big and small. Any weak link in the chain opens an opportunity for the hackers to exploit.
So, don’t think that your business is too small, not important enough, or not in a “critical” industry. We are all in this together, and everyone needs to do their part to ensure better cybersecurity for all.