Here you can find the answers to popular myths and misconceptions
Our business is too small to be of interest to hackers.
Any business, be it a one-man-band or a massive multi-national, is of interest to criminals. Criminals look for vulnerabilities. Small businesses will rarely have in place complex technical defences. Nor, frequently, will they have the resources to maintain comprehensive governance networks. For these reasons, they often present softer targets that are easier to attack.
Our business does not hold any data.
ALL businesses hold data. Remember that any identifying data of any person must be protected adequately. That means employees as well as customers and clients.
Our business does not do anything which would be of interest to hackers.
Any business, no matter what it does, is of interest to criminals. The fact that it believes that it does not present a target, in and of itself, increases the likelihood of attack. Criminals do not only seek to steal from their targets. They are always looking for opportunities to attack other victims from unexpected directions. They also constantly collect intelligence to use in socially engineered attacks. Names, roles, email addresses, facts and back-stories can all be used to create credibility for the criminal with the ultimate victim.
Our employees have all had some online training done.
Whilst online training is better than nothing, it is only just. All firms must have in place a constant and comprehensive system of governance that ensures that all employees understand the threat, understand their place in countering the threat and understand what their responsibilities are. The board is ultimately responsible for a company’s data protection and executives must ensure that meaningful governance is in place and is enforced. The days of blaming someone else for failures in governance are long gone.