There are a lot of misconceptions surrounding the adoption of Cyber Security for Small and Medium Sized Businesses. Sometimes, when we speak to small business owners, we’re concerned because many believe that a formal Cyber Security plan isn’t relevant to their business, and they therefore ignore protecting their data in favor of convenience.

COVID-19 has changed many aspects of everyone’s day to day lives, predominantly adapting to a new working-from-home lifestyle. Our daily operations have become intrinsically linked to technology and we’re more digitally dependent than ever.

Consequently, it’s inevitable that cyber attacks will only adapt and become more sophisticated as the everyday dynamic changes. Industry expert, Ankit Saurabh, Assistant Lecturer, School of Engineering and Technology at PSB Academy, prompts that “During this critical time, businesses need to work even harder towards improving their security postures to protect customer and organizational data.”1

Despite insights from industry thought leaders on cybersecurity, a survey conducted by the Australian Cyber Security Centre reported in 2019 that SMEs may not be getting the level of protection they need, leaving them vulnerable to malicious cyberattacks. 2

Today we want to tackle some of the most common misconceptions we hear from a high level perspective. Opening up this dialogue about cybersecurity will hopefully allow you to walk away with these insights so you can ask your in-house or external IT folk the right questions.

Small and Medium Sized Businesses aren’t targeted by Hackers.

Small and Medium sized businesses are tricked into thinking they aren’t the target of hackers, as high profile attacks cycle the news more often. In reality, the opposite is true.

According to a 2018 Data Breach Investigations Report by Verizon, up to 50% of data breach victims are small businesses. SMEs typically have less funding for advanced protection and skilled security. This is precisely why small businesses fall prey to targeted attacks and perhaps need external help when safeguarding their IT.

Only Certain Industries are Vulnerable to Cyber Attacks

Similarly to the myth that some businesses believe they aren’t the target of hackers because of their size, the same argument can be made for businesses assuming they won’t be attacked because of the industry they’re in.

Regardless of the industry you operate in, you likely have sensitive data that needs protecting, from addresses to credit card numbers. Both of which make any business a target as it’s something worth stealing to a hacker.

Using an Anti-Virus Software is Enough

Anti-virus software, like most, has its limitations. Traditional software mechanisms aren’t built to protect and block cyber-attacks. It’s largely limited to identifying and stopping malware that it has already seen and is familiar with.

Unfortunately, not even the best anti-virus software is enough to prevent attacks alone. It certainly should be a necessary component of your cyber security plan, but it’s only the first line of defence. We are in the age of countless digital and technological advances. Of course, not all of those advances are altruistic. Hackers are taking advantage of these technological changes as well and adapting their attacks to become more sophisticated, targeted and seamless. Attacks that unfortunately, your anti-virus software alone isn’t capable of protecting your business from.

Here are some resources below to see how your business can protect itself from sophisticated cyberattacks:


  1. Curve of Convenience 2020 Report Highlights
  2. Small businesses on the front line as Australia’s cybersecurity strategy released
Hayden McMaster