Cybercriminals love hacking small and medium-sized businesses to steal valuable customer and employee data and to use you as a gateway to larger companies. Protect your business now with an effective, proactive cybersecurity strategy. Centriworks can help.

Think your business is too small to worry about cybersecurity?

Here are just 3 of the top 10 cybersecurity misconceptions for small and medium sized businesses, as compiled by the National Cyber Security Alliance. This list is based on the experiences of business leaders and employees from across the United States.

MISCONCEPTION #1: My data (or the data I have access to) isn’t valuable.
Organizations of all sizes maintain or have access to valuable data worth protecting. Such data may include but is not limited to employment records, tax information, confidential correspondence, point of sale systems, business contracts. All data is valuable.

Take Action: Assess the data you create, collect, store, access, transmit, and then classify that data by its level of sensitivity so you can take appropriate steps to protect it. Learn more about how to do this.

MISCONCEPTION #2: Cybersecurity is a technology issue.
Organizations cannot rely on technology alone to secure their data. Cybersecurity is best approached with a mix of employee training, clear, accepted policies and procedures, and implementation of up to date technologies such as antivirus and anti-malware software. Cybersecuring an organization is the responsibility of the entire workforce, not just the IT staff.

Take Action: Educate every single employee (in every function and at every level of the organization) on their responsibility to help protect all business information. Our cybersecurity experts can guide you in this process.

MISCONCEPTION #3: Cybersecurity requires a large financial investment.
A robust cybersecurity strategy does require a financial commitment if you are serious about protecting your organization. However, there are many steps you can take that require little or no financial investment.

Take Action: Create and institute cybersecurity policies and procedures; restrict administrative and access privileges; enable multi-factor or 2-factor authentication; train employees to spot malicious emails and create backup manual backup procedures to keep critical business processes in operation during a cyber incident. Such procedures may include processing payments in the case a third party vendor or website is not operational. Our IT professionals work with companies of all sizes and budgets to create proactive cybersecurity plans.

MISCONCEPTION #4: Outsourcing work to a vendor will wash your hands of security liability in the case of a cyber incident.
It makes complete sense to outsource some of your work to others, but it does not mean you relinquish responsibility for protecting the data to which a vendor has access. The data is yours and you have a legal and ethical responsibility to keep it safe and secure.

Take Action: Make sure you have thorough agreements in place with all vendors, including how company data is handled, who owns the data and has access to it, how long the data is retained and what happens to data once a contract is terminated. You should also have a lawyer review any vendor agreements.

MISCONCEPTION #5: Cyber breaches are covered by general liability insurance.
Many standard business liability insurance policies do not cover cyber incidents or data breaches.

Take Action: Speak with your insurance representative to understand if you have any existing cybersecurity insurance and what type of policy would best fit your company’s needs.

MISCONCEPTION #6: Cyberattacks always come from external actors.
Succinctly put, cyberattacks do not always come from external actors. Some cybersecurity incidents are caused accidentally by an employee – such as when they copy and paste sensitive information into an email and send it to the wrong recipient. Other times, a disgruntled (or former) employee might take revenge by launching an attack on the organization.

Take Action: When considering your threat landscape, it is important not to overlook potential cybersecurity incidents that can come from within the organization and develop strategies to minimize those threats.

MISCONCEPTION #7: Young people are better at cybersecurity than others.
Often, the youngest person in the organization becomes the default “IT person.” Age is not directly correlated to better cybersecurity practices.

Take Action: Before giving someone the responsibility to manage your social media, website, network, etc., educate them on your expectations of use and cybersecurity best practices.

MISCONCEPTION #8: Compliance with industry standards is enough for a security program
Complying with the Health Insurance Portability & Accountability Act (HIPAA) or Payment Card Industry (PCI), for example, is a critical component to securing sensitive information, but simply complying with these standards does not equate to a robust cybersecurity strategy for an organization.

Take Action: Use a robust framework to manage cybersecurity-related risk. Our certified professionals have worked with hospitals, law offices, government entities and other highly-regulated environments. We can help you stay compliant and protected.

MISCONCEPTION # 9: Digital and physical security are separate.
Many people narrowly associate cybersecurity with only software and code. However, when protecting your sensitive assets you should not discount physical security.

Take Action: Include an assessment of your office’s layout and how easy it is to gain unauthorized physical access to sensitive information and assets (e.g. servers, computers, paper records) in your planning. Once your assessment is completed, implement strategies and policies to prevent unauthorized physical access. Policies may include controlling who can access certain areas of the office and appropriately securing laptops and phones while traveling. Our experts can help you with this process.

MISCONCEPTION # 10: New software and devices are automatically secure when I buy them.
Just because something is new doesn’t mean it’s secure.

Take Action: The moment you purchase new technology, make sure it is operating with the most current software and immediately change the manufacturer’s default password to a secure passphrase. When creating a new passphrase, use a lengthy, unique phrase for the account or device. Sign up for a new online account? Be sure to immediately configure your privacy settings before you begin using the service.

Let our friendly, certified IT professionals provide expert guidance on creating a customized cybersecurity strategy for your small or medium-sized business. Contact us today to get started.


We’re ready to help you work smarter.

Call us at (865) 524-1124 or use this contact form. Let us know what you’d like to know more about and one of our experts will be in touch with you soon.

6 + 2 =