Cybersecurity Threats are continuing to increase not just in prevalence but severity and sophistication. The evolution of cybersecurity, along with changing regulations, give rise to confusion, challenges and sometimes cybersecurity myths. The last thing any business needs is a swarm of myths and misunderstandings feeding common and frequent errors that businesses of all sizes make in safeguarding data and infrastructure. Take a look at some of the most common cybersecurity myths and their busts:

Myth: Cybersecurity is a huge financial investment.

Bust: Many efforts to protect your data require little or no financial investment.

Small efforts that cost $0 such as practicing good password security, keeping your systems up-to-date, and being overly suspicious of online material can play the biggest part in securing your systems and data. Since most data breaches are caused by human error, making these small, free changes are one of the first steps you should take to practicing better cybersecurity.

Myth: Cybersecurity is the IT guy’s problem.

Bust: Cybersecurity is everyone’s responsibility.

As a business owner/operator, it is your duty to make sure your staff (not just IT staff) is properly educated and practicing good cybersecurity. In a functioning business, your company is only as strong as its weakest link. Implementing cybersecurity training for your employees will only strengthen your security and allow you to have confidence that your employees are practicing the best cybersecurity possible.

Myth: Cybercriminals aren’t interested in small to medium-sized businesses (SMBs.)

Bust: Cybercriminals frequently target SMBs because they assume their systems are less secure than large businesses.

This myth can be particularly dangerous because it makes SMBs believe that if there’s no risk of a cyber-attack, then there’s no reason to take measures to prevent it. In reality, 43% of cyber-attacks target small businesses, and 60% of those victims will go out of business within six months after an attack. It’s important for SMB owners to get rid of the “it’ll never happen to me” mindset. Increasing statistics show that these businesses are, in fact, a large target for cybercriminals.

Myth: Antivirus protection will protect my business from cybercriminals.

Bust: Anyone who is connected to the Internet is a target for cybercriminals.

It’s easy to assume that if you have antivirus, you’re safe from cybercriminals. At least that’s what antivirus advertisements have made people believe. In the 90s, solely relying on antivirus to combat cybercrime was an adequate method of security. However, in this day and age, cybercrime threats are much more evolved, so relying only on antivirus as a security solution won’t necessarily protect you from these attacks.

Don’t get me wrong, antivirus still plays an important role in endpoint protection strategy. It is completely necessary. Just make sure it isn’t the only cybersecurity measure you’re taking.

Myth: If it happens to us, we’ll recover.

Bust: The majority of SMBs that suffer a breach go out of business after six months.

Remember that statistic we mentioned earlier about 60% of SMBs go out of business six months after a cyber attack? Well, it’s a fact and something you shouldn’t take lightly. SMBs hear about data breaches in the news, and for the most part, they see those larger companies recover and move on with their business. However, those huge losses don’t compare to what a data breach could mean for a small business.

According to AppRiver, the average data breach for an SMB is $149,000, which in some cases can be the entire value of the company. The truth of the matter is, data breaches can destroy SMBs.

Myth: Cyber threats only come from the outside.

Bust: Insider threats are just as common and more difficult to detect.

While outsider threats are certainly a concern and should be monitored extensively, insider threats are just as dangerous and should be watched just as closely. In fact, studies show that insider threats can account for up to 75% of data breaches. These threats can come from anyone on the inside of the company, from an angry employee looking for revenge, to a perfectly fine employee who isn’t properly trained in cybersecurity. It’s essential to have a system in place to combat and monitor insider threats. Breaking down these misconceptions throughout your organization can help you combat cyber-attacks and become resilient against potential threats.