Common SMB Cybersecurity Misconceptions

The National Cybersecurity Alliance (NCSA) has published its list of 10 common cybersecurity misconceptions common among small and medium-sized businesses. This is timely information for National Cybersecurity Awareness Month so I felt it worth posting about.

You may learn more at

Following as these 10 misconceptions:

1. My data (or the date I have access to) isn't valuable.

All data is valuable and you should never assume otherwise.

2. Cybersecurity is a technology issue.

Cybersecurity is a human issue. Technology alone will never defeat the threat.

3. Cybersecurity requires a huge financial investment.

It may, but it also may not. There are several things you may do that will not.

4. Outsourcing to a vendor washes your hands of liability during a cyber incident.

Nothing you do, least of all outsourcing, will wash your hands completely.

5. Cyber breaches are covered by general liability insurance.

Not necessarily. Consult with a qualified insurance professional.

6. Cyberattacks always come from external actors.

They do not. Internal threats can be just as dangerous.

7. Younger people are better at cybersecurity than others.

Age has nothing to do with it. Everyone needs the be made aware of the risks.

8. Compliance with industry standards is sufficient for a security strategy.

Compliance is just one part of a comprehensive strategy.

9. Digital and physical security are separate things altogether.

Not entirely. Taken together, they are part of a comprehensive plan.

10. New software and devices are secure when I buy them.

New does not equal secure. Treat new and old with the same scrutiny.

Download the misconception poster from this link and share it in your office.