Several mistaken ideas about cyber security are lingering and keeping small businesses on the edge of a cyber attack. Knowing the facts, and acting on them, can be the difference between having your data hacked and keeping it safe.

Make a mental note of these misconceptions and then act if you need to:

1. Cyber security is a one-off task

Not at all! Cyber security is an ongoing issue because thousands of new strains of malware are released daily. To be effective, cyber security needs to be managed as an ongoing strategy that includes a means to continually detect and prevent malware.

2. Only some industries are vulnerable to cyber attack

While academic research shows financial institutions and healthcare being most vulnerable to attack, they say these industries are followed closely by small to medium-size businesses generally. Basically, any business that holds personal information and banking details is of interest to a hacker.

3. Hackers only target big business

Forbes business magazine reports that two thirds of the UK’s breach victims in 2018 were small and medium-size businesses, which hackers expect to have less stringent cyber security measures in place.

4. Cyber security threats tend to be external

On the contrary. In-house threats are equally real and often harder to detect. Insiders can, potentially, be more dangerous than third-party criminals because they have access to key applications and storage systems.

5. Cyber security is the IT department’s domain

Ten years ago, the IT team was the only department responsible for a business’s cyber security. Because cyber crime is rife, and most employees have online access, every employee in a business now needs to be educated in keeping the business safe.

6. It’s obvious when you’ve been attacked

It’s not! A cyber attack can lie undetected for months. Most often malware works undercover, slowly collecting data it will then use maliciously. The only way to ensure you aren’t being attacked is to have an effective detection system in place.

7. All you need is a strong password

Alone, a strong password isn’t enough to secure an application, account, database or high-importance file. You need two-factor authentication and a system to control who has access.

8. Antivirus and anti-malware software give total protection

Gone are those days. Software alone isn’t enough to combat cyber crime. The Internet pervades so many aspects of a business’s workings that you need a strategy to guard against cyber attack. That strategy should include detection, response and prevention. Traditional antivirus still carries the zero-day risk, so you’re left vulnerable for at least 24 hours before your antivirus updates with the latest signatures.

9. Wifi that requires a password is safe

Not anymore. If your employees travel for work and use public wifi, they risk being the weak point through which your whole communication network is compromised. Hackers can break into public wifi whether it has a password or not. The only thing to make public wifi safe is a virtual private network (VPN), which your travelling personnel should each have.

10. Personal devices at work are no security risk

Employees who use personal devices for work need to follow the same safety protocols they would use on work equipment. Mobile devices have become useful tools for sending a quick work email when away from the office, so all your devices need to be protected by the same strategy.

If this reminds you that you need to up your cyber security game, start by taking a 30-day free trial.