Debunk Cybersecurity Myths to Keep SMB Clients Safe

Cybersecurity myths lull SMBs into a false sense of security. The truth is SMBs are just as much a target are enterprises and must follow the same best practices to keep their businesses safe.

With large volume attacks on companies such as LinkedIn and Uber, businesses should be concerned about cybersecurity safety and preparedness now more than ever. The problem is that small to medium-sized businesses read headlines about LinkedIn and Uber and believe the cybersecurity myth that hackers are only interested in larger enterprises. The truth is, predictions put the number of cyberattacks on the rise for all types of businesses, large or small, and last year, small businesses accounted for more than half of all data breach victims.

Varonis, a data security and analytics software provider, developed an infographic that separates fact from fiction when it comes to cybersecurity. Here are some myths that could be putting your clients at risk:

  • All you need is a strong password. It’s true that using strong passwords is a cybersecurity best practice. The cybersecurity myth is that it’s adequate to protect data and networks. Software solutions that control access to sensitive files and monitoring users is also crucial.
  • Only certain industries are targets for cyberattack. Your SMB clients may believe the cybersecurity myth that they don’t have anything worth stealing. But if they have payment information, personal information about employees, or files pertaining to intellectual property, they have data that has the potential to be monetized or held for ransom. Virtually any business can be a target.
  • Antivirus and antimalware are enough to keep a system safe. Antivirus and antimalware are important, but dispel the cybersecurity myth that protecting data and networks ends there. Educate your clients about the importance of firewalls, intrusion detection, backup and recovery — and employee training — to build a comprehensive approach to security.
  • If you need a password to access Wi-Fi, it’s secure. More and more professionals are working remotely or accessing data and software applications from the field. If employees are using public Wi-Fi, they could be putting their businesses at risk for cyberattack. The password for public Wi-Fi is usually in place to limit users on the system, not to protect it. Provide your clients with VPN for secure remote access.
  • Personal devices don’t need to have security for work. Security a bring-you-own-device (BYOD) environment is vital to maintaining security. If any device is used for work, it should have the same cybersecurity measures as a company-owned device. And users should follow the same best practices.
Additional Cybersecurity Myth: Old Data Doesn’t Matter

In Varonis’ 2018 Global Data Risk Report, based on an analysis of 6.2 billion files randomly selected from 130 companies, the research found, on average, that 54 percent of a company’s data is stale, and that 74 percent of companies have more than 1,000 stale files containing employee, customer, or business-sensitive data. Not only is state data costly to manage and store, but it opens the door to an unnecessary security risk. Stale data is often unmonitored and, sometimes, easily accessible. Your clients need solutions that can identify and archive or delete data as soon as it’s no longer necessary.

The report also found that nearly half of companies have stale, but still enabled, user accounts. These accounts can be targets for hackers, enabling them to gain access to applications and valuable data. Solutions that monitor activity and flag unusual actions can help protect systems from a hacked account.

In the company’s 2019 follow-up report, Varonis added more data that highlights at-risk data. Here are some key findings:

  • On average, every employee had access to 17 million files and 1.21 million folders
  • The average company found more than a half-million sensitive files (534,465)
  • 53% of companies found over 1,000 sensitive files accessible to every employee
  • 51% of companies found over 100,000 folders open every employee
  • 22% of folders were open to every employee
  • 17% (117,317) of all sensitive files were accessible to every employee
  • 58% of companies found over 1,000 stale user accounts
  • 53% of data, on average, was stale

Sensitive files contain credit card information, health records, or personal information subject to regulations like GDPR, HIPAA and PCI. Exposed files and folders are folders that are accessible to every employee. Global access indicates files and folders open to everyone (all employees). This data represents the biggest risk from attack. Stale data is information no longer needed for daily operations. Stale user accounts (aka “ghost users”) are enabled accounts that appear inactive and often belong to users who are no longer with the organization.

Separate Myth from Truth for Your Clients

Consider sharing the Varonis infographic with your clients to help educate them on the complete list of 10 cybersecurity myths and what they really need to believe to keep their businesses safe.


The former owner of a software development company and having more than a decade of experience writing for B2B IT solution providers, Mike is co-founder of XaaS Journal and DevPro Journal.