Many businesses have a difficult time understanding data and network protection, as well as the necessary steps involved in preparedness despite all the emphasis put on those activities in recent years. We’ve witnessed login credentials stolen from online platforms, phishing and ransomware attacks that cost unsuspecting companies millions of dollars, and internal breaches, both accidental and intentional.
Everyone should understand that there are risks, but that’s often where their awareness stops. Many end-users believe the responsibility for cybersecurity belongs to someone else and rarely take responsibility for their own protection. They fail to understand their role and the danger of inaction.
Their employers don’t always help the situation. SMBs are notorious for pushing back on cybersecurity and electronics policy creation and ignoring, or at least not stressing, the importance of login and network access protocols.
The hardest obstacle for MSPs to overcome is misconceptions. The lack of understanding in the SMB, especially with individual end-users, is astounding and can increase risk if not countered with accurate information. Let’s debunk a few of the more common myths about cybercrime, data protection, and defensive strategies.
1. Strong Passwords are Enough
The case for effective access control has been discussed for years since it sets the foundation for good cybersecurity practices. Unfortunately, for many companies, those standards do go deep enough.
Even if an employee is using a secure password, changing out those credentials regularly, and managing that information with technology, hackers can still get around those safeguards. Multi-factor authentication (MFA) or two-factor authentication (2FA) gives your clients a significant advantage in this fight. Adding these layers of protection for your customers ̶ sending an email, text, or notification to some other application ̶ makes it that much harder for malicious actors to prevail.
SMBs can complement strong password management with restricted access to specific data. For example, if all staff members can freely view sensitive business information, then hackers just need to find a way into one account to steal anything and everything. Implement “least privilege” controls to prevent theft of your clients’ most important data.
2. The Security Team is 100% Responsible for Protection
While it should be obvious to everyone today, the truth of the matter is that cybersecurity is the responsibility of every single employee. Office workers may use multiple devices, and their remote counterparts might occasionally utilize personal computers and smartphones on suspicious and unsecured networks. In those cases, employees may believe their activities are well covered by the security team, allowing them to do pretty much anything at any time.
That misconception can be costly if there’s no one proactively monitoring and protecting their networks and devices. Especially when you realize that there are specific threats that only end-users can stop – i.e., phishing and social engineering attacks, two of the most effective ways for infiltrating a company’s defenses.
While personnel may be hesitant to break old habits or take on responsibilities outside their comfort zones, businesses need everyone to take an active role in cybersecurity today. It’s no longer considered an inhibitor to productivity, but a part of the job for anyone with network access or who answers the phones. Cybersecurity training is an essential piece of that equation.
3. Technology is Enough
Piggybacking on the last point is the myth that software meant to protect our inboxes, secure the perimeter, and prevent malware is enough defense. Those applications are essential in every sense of the word.
However, there is no silver bullet when it comes to cybersecurity. Employees are the last line of defense and need to know what to do, when to do it, and the people to contact when something looks or seems suspicious.
There are a plethora of electronic threats today. However, the most effective is by far phishing emails, and people are the biggest failure point for businesses. Constant and frequently updated training is key to preventing your client’s employees from falling for these types of malicious attacks and similarly dangerous social engineering campaigns.
4. No Outside Help is Needed
Cybersecurity demands can be challenging for internal IT departments to manage in real-time due to a lack of resources, including staff and budget. Managing devices on the corporate network, as well as employees’ personal devices, can be daunting for overwhelmed IT teams. It’s easy to miss updates, patches, and OS changes that can leave an vulnerability for talented cybercriminals.
Resource shortages present an excellent opportunity for MSPs. Whether considering co-managed IT scenarios or focusing on cybersecurity support alone, your team can provide the services and expertise needed to address the risks facing the SMB today.
Facts vs. Myths
The things your clients don’t know can be extremely dangerous.
As an MSP and cybersecurity expert, it may be your responsibility to educate and set them straight. Make sure your clients and prospects are not only aware of these myths but are working to overcome those misperceptions, as well as any others that may come along.
These misconceptions can be a great opener, too, helping potential customers come around to the idea of strengthening their security postures. Regardless of how far along you are in those discussions, be sure to emphasize the various measures they’ll need to overcome these myths. That’s not a hard close, but a responsible conversation for MSPs to have with any business owner.