Hello there. Did you know that small businesses are extremely vulnerable to attack from cybercriminals right now and that most don't survive for more than six months after a cyber incident?
John Byrne here, entrepreneur, insurance professional, online educator, and founder of Surviving Cyber. My goal is to help small business owners and managers like you get to grips with this complex subject of cyber risk.
15 Dangerous Cybersecurity Myths
You may be struggling now, to clearly see the big picture but once you separate the myth from the truth, you can begin to significantly reduce your risk over the next 15 days through this series, I'm going to walk you through "15 Dangerous Cybersecurity Myths You Probably Believe". I'll explain the thinking behind each myth, why it's dangerous to believe it, and the truth you need to hear so that your small business can stay safe.
Now, before we dive in, I want to give you access to my free cyber resilience workshop. It's a 60-minute video workshop that will show you how to create your first survival plan for your small business in 30 days. It's full of practical tips that you can implement. If you don't already have access, use the link survivingcyber.com/workshop to register now.
Myth Number 6 - Small businesses don't have time to manage cybersecurity
Now, today, as we continue the series, we're going to explore myth number six: "Small businesses don't have time to manage cybersecurity”. I hope you're ready to dive in. I'm John Byrne, and this is "15 Dangerous Cybersecurity Myths You Probably Believe".
Myth number six says that small businesses don't have time to manage cybersecurity. Now, this is a very understandable myth that I often hear small business owners say. It’s often expressed as follows:
- I just don't have time to manage cybersecurity as I have so many other things that need to get done and so many other pressures: I simply don't have the time to do it. They are really saying: “cybersecurity is not really a priority for me. I'm too busy with really pressing issues in my business”. And often this thinking leads to saying things like: “I need to make sure I have enough income coming into my business to pay my creditors, I need to pay my staff, I need to get new business. I have so many other issues. Cybersecurity can wait for another day”.
- There is often a fear of the time commitment needed for cybersecurity. I sometimes hear the view: “Achieving anything with cybersecurity will take too much of my time and too much time that I really don't have to make available.” This is really the same thought process: “I don't have time, I'm not prepared to devote the time, it's not a priority for me.”
- This leads to the third point often made which is that cybersecurity can wait until a future date when there will be more time available. The hope, of course, expressed in this view is that nothing bad is going to happen to the business by way of a cyber-attack and “I can afford to wait until a future date when I will have more time”. It's a very human reaction to think like this and it's very reasonable. However, it is a mistake because it's ignoring the reality of the threat environment in which small businesses currently exist and it ignores the fact that cybercriminals won't wait for you to be ready.
A Dangerous Myth
Believing the myth that Cybersecurity is too complicated for small businesses is dangerous because it seeks to avoid responsibility for managing the risk because of lack of time. It's really another version of the myth that cybersecurity is not important for the business, perhaps even not relevant.
If the issue is a priority, as I'm hoping I'm showing you, then management will find the time to deal with it. In my opinion, survival of the business has to be a top priority for any management team, regardless of how big or how small the businesses, so not having time to manage this risk is really another way of saying: “I just don't think that this is important enough”.
Truth Number 6 - managing the implementation of basic cybersecurity measures doesn't need to be time-consuming.
I'd like to show you the truth behind this myth which is that managing the implementation of basic cybersecurity measures doesn't need to be time-consuming, even for the smallest team and the smallest company with limited time. Lack of time doesn't need to be the reason not to tackle the problem.
- You may not recognize cybersecurity as the most business-critical issue for your business but, in fact, it could be your most pressing issue because a cyber incident can be an “extinction event” for a small business; a catastrophic event from which there is no return. So, leaving this topic to the future, and hoping that you won't be the victim of a cyber-attack in the meantime, while you're waiting to address it, is a serious error. Sadly, most small businesses fail within six months of a cyber-attack and so what you're really relying on here is hope, and hope is not an effective strategy for dealing with cyber risk.
- The second point is that even a small amount of time that's devoted to cybersecurity can be very effectively used if you concentrate on taking the essential steps with technology, people and governance risk. And once the structures are put in place, cyber becomes just another business risk that you manage like all the rest. It does require an investment of your time in the beginning, but it pays a handsome return through the survival of your business. What greater return could there be than ensuring the survival of your business?
- Finally, if you don't invest the time to look for problems in your cybersecurity, sadly, somebody else will. That “somebody else” is a cybercriminal. Failing to plan for a cyber incident means planning to fail when this happens to your business, so there is no getting away from this reality and using the excuse of lack of time is not valid because addressing this risk does not need to be time-consuming, even for small business.
Free Cyber Resilience Workshop
Thanks so much for reading today's post. I hope you found it helpful in exploding this myth and revealing the truth. Don't forget to register for the video workshop using the link survivingcyber.com/workshop. I hope to see you tomorrow as we dive deeper into "15 Dangerous Cybersecurity Myths You Probably Believe" so we can uncover the truth of how to keep your small business safe.