Myth Busters

Any business, be it a one-man-band or a massive multi-national, is of interest to criminals. Criminals look for vulnerabilities. Small businesses will rarely have in place complex technical defences. Nor, frequently, will they have the resources to maintain comprehensive governance networks. For these reasons, they often present softer targets that are easier to attack.

ALL businesses hold data. Remember that any identifying data of any person must be protected adequately. That means employees as well as customers and clients.

Any business, no matter what it does, is of interest to criminals. The fact that it believes that it does not present a target, in and of itself, increases the likelihood of attack. Criminals do not only seek to steal from their targets. They are always looking for opportunities to attack other victims from unexpected directions. They also constantly collect intelligence to use in socially engineered attacks. Names, roles, email addresses, facts and back-stories can all be used to create credibility for the criminal with the ultimate victim.

Whilst online training is better than nothing, it is only just. All firms must have in place a constant and comprehensive system of governance that ensures that all employees understand the threat, understand their place in countering the threat and understand what their responsibilities are. The board is ultimately responsible for a company’s data protection and executives must ensure that meaningful governance is in place and is enforced. The days of blaming someone else for failures in governance are long gone.