3 Misguided SMB Security Beliefs

Today, many small and midsize businesses (SMBs) believe that they’re too small for a cyberattack, their security systems are “good enough,” or they have an IT team that’s on top of their security. But these misguided SMB security beliefs can be detrimental to businesses.

Consider the letter posted to the website of a single-physician practice following a cyberattack:

“On August 10, 2019, we suffered a ransomware attack on Wood Ranch Medical’s computer systems…Unfortunately, the damage to our computer system was such that we are unable to recover the data stored there and, with our backup system encrypted as well, we cannot rebuild our medical records. We will be closing our practice and ceasing operations on December 17, 2019.”

The breach impacted 5,835 patients. Even if the practice were able to survive the attack and recover its patient data, the HIPAA penalties would likely be untenable for this small practice.

3 SMB Security Beliefs That Can Spell Trouble

Belief 1. “It can’t happen to us.” 

 While the speed at which a ransomware attack took down the healthcare provider above is troubling, it is not the first. A related story reported that “another healthcare provider has announced it will be permanently closing its doors as a direct result of a ransomware attack.” That’s alarming.

But business closures due to cyberattacks and data breaches are not limited to healthcare providers. Twenty-two percent of all SMBs impacted by a ransomware attack had to cease operations immediately, according to one report.

SMBs may believe that it can’t happen to them, but it can–and does.

Belief 2. “We shored up security years ago.” 

 For SMBs that think they’ve covered all the security bases, consider that 36% of SMBs in the Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report say that they have “insufficient enabling security technologies.” They also report that:

• 69% experienced a cyberattack that evaded their intrusion detection system.
• 82% reported that the attack evaded their anti-virus solution.

SMB security is not a one-and-done undertaking. A security strategy should be dynamic and fluid and parallel the needs of the business. There should be continual assessments, timely patches and upgrades, and frequent employee awareness trainings and simulations.

Belief 3.  “We’ve got an IT team for that.” 

 Many SMBs mistakenly believe that their IT team (or person, in some cases) is on top of it. But according to Ponemon, 45% of SMBs say that they have “no understanding how to protect against cyberattacks,” and only 30% rate their organization’s effectiveness at mitigating risks, vulnerabilities and attacks as “very high.”

IT professionals working at SMBs often wear a lot of hats. They need to be focused on innovation that can move their business forward. They don’t have the time to become security experts.

And New Vulnerabilities: Remote Workers

When the Ponemon survey was completed in 2019, 56% of SMBs said that mobile devices and laptops were their most vulnerable endpoints, an increase of 13% over 2017.

Now, with more people working from home and accessing the corporate network, those vulnerabilities have only increased. SMBs have become a prime target of cunning and malicious actors who know all too well that home networks lack the defenses of corporate networks and that security practices are minimal. These bad actors are out in full force to exploit them.

What can you do to help your SMB customers protect their businesses?

More SMBs Are Engaging Security Partners

Ponemon reports that 32% of an SMB’s IT security operations are supported by managed security services providers (MSSPs), an increase of four points over 2018—a need that will only increase as SMBs fight to protect their businesses.

Become a partner in protecting your SMB customers’ business. Educate yourself so you can educate your customers. Use the cybersecurity resources available to you from NIST, the Small Business Administration and other sources, as well as industry resources such as Tech Data.

Like having a lawyer or an accountant, it is wise to have an MSSP that can help SMBs lock down their systems to detect and prevent attacks and, if attacked, minimize the damage to their business.

Start the conversation with your SMB customers today. Download this white paper to talk about SMB security best practices that your customers can begin to put in place to guard against cyberattacks. Or visit techdata.com/security.

This guest blog is part of a Channel Futures sponsorship.