By Steven Bearak

Small business owners and managers work continuously to optimize resources and do more with less. Due to limited resources and dedicated expertise around IT, small businesses are also vulnerable to cyber attacks. For example, over the last 12 months, hackers have breached half of all small businesses in the United States, according to the 2016 State of SMB Cybersecurity Report.

And, small businesses are not alone. Although still going through U.S. Senate approval, in March 2017 the Senate introduced the Main Street Cybersecurity Act, which would create a voluntary cybersecurity framework for small businesses, along with “a consistent set of resources for small businesses to best protect their digital assets from cybersecurity threats.”

To help small business owners protect personal and sensitive information about their company and its employees, here’s a list of myths I’d like to address head on:

Myth #1 – You Have Nothing to Worry about if You Have an Antivirus Program

Some small business owners believe that if their computer has an antivirus program installed, that they are safe and secure. However, this isn’t entirely true. There’s a lot more to cyber security than installing a simple piece of software. And, more people than ever before are also using smartphones and tablets on unsecured networks without installing the proper antivirus software on those devices.

Myth #2 – A Strong Password is All You Need

Yes, you should have a strong password to protect your accounts, but a strong password alone won’t fully protect you. Consider using a password with two-factor authentication, and make sure that your team never writes down their passwords. Instead, encourage them to use a password manager.

Myth #3 – Small Businesses are Too Small to be a Target

Most people falsely believe that cyber criminals target only large corporations, but this isn’t true. No one is immune when it comes to cybercrime, even if you only have a single employee: yourself.

Myth #4 – Hiring an IT Professional Will Solve All Your Security Problems

Other small business owners believe that if they hire a good IT pro, they will be all set and won’t have to worry about cybercrimes. Again, this is not true. Though having a good IT professional on your side is always a good idea, it won’t fully protect you – as protecting sensitive information can’t rely on one person alone. It’s a combination of people, processes, and technology.

Myth #5 – There is No Good Insurance Against Cybercrimes

You might be surprised to know that you can get insurance against cybercrimes. In fact, it is one of the areas with the strongest growth in the entire insurance industry.

Myth #6 – Cyber Threats are Overrated

Cyber threats are very real and very dangerous. This can also include ransomware – or malicious software – that threatens to publish the data on your device, or lock down your device, unless a ransom is paid. Your business is at risk every day, every hour, every minute, and every second of the week; no exceptions.

Myth #7 – A Good Firewall Will Keep the Bad Guys Out

In the same way that antivirus software won’t fully protect your business from a cybercriminal, firewalls won’t either. Though you get decent protection by using both a firewall and antivirus software, there are still gaps. If you aren’t addressing best practices and ongoing education with your employees, consider other technologies, like identity theft protection, and keeping an “always vigilant” mentality within your business.

Myth #8 – Cybercriminals are Always Strangers

Again, not true. Even if it is accidental, many cybercrime incidents can be traced back to internal events. This might be a disgruntled employee or even an unintentional phishing email sent by a vendor or partner. In the case of ransomware, the attack can happen when your employees visit malicious or compromised websites. Even email attachments associated with forwarded emails – that are actually spam – can trigger vulnerability. It only takes one wayward click to expose your company – and all your employee’s personal information – to criminals.

Myth #9 – Millennials are More Cautious with Security

Because we often believe that millennials are more tech-savvy than the rest of us, the “fact” that they are more cautious with security is simply incorrect. Millennials are just as likely to put your business at risk as anyone else. So even if most of your company’s employees are Millennials, it’s a very good idea to heed the warnings in this article.

Myth #10 – Companies are Prepared to Combat Cyber Criminals

Most small businesses are far from prepared when it comes to cybercrime. In fact, the National Cybersecurity Alliance has found 60 percent of these small businesses are forced to close following an attack. Take security seriously – for the good of the people you employ, the customers and partners you serve, and the successful business you are running.

In the end, a “myth” is simply a misunderstood or false belief. As long as you are security conscious, do your research, and put the necessary systems and ongoing education and training of your employees in place, your small business should be able to maintain a relatively secure position.

Steven Bearak is the CEO of IdentityForce, a company commercialized from nearly four decades of in-depth experience around personal identity and security services and products. IdentityForce is a leading provider of proactive identity, privacy, and credit protection for individuals, businesses, and government agencies. In May 2017, IdentityForce introduced a mobile app to help members stay protected anywhere, anytime. For more information, visit