While 58% of businesses with 100 to 1,000 employees say they're concerned about information security, only 14% rate their ability to mitigate cyber risks, vulnerabilities and attacks as "highly effective", according to the 2017 State of Cybersecurity survey.
Why the huge discrepancy? Lack of personnel, budget, and technology are all factors. So is the fact that, as security threats evolve, myths about information security can make it difficult to discern the best course of action.
To help you distinguish fact from fiction, we're debunking 5 common myths about information security below:
Myth: Security is the IT department's job
Fact: The number one greatest information security threat to a company is its own employees. According to IBM's 2014 Cyber Security Intelligence Index, 95% of all security breaches are the result of human error. Employees and contractors need to be trained to make sure they understand their role in security compliance and the consequences of non-compliance.
Myth: Small to mid-size businesses aren't going to be attacked
Fact: The 2017 State of Cybersecurity survey found that 61% of small and medium size businesses reported a cyber attack, and 54% reported a data breach in the last 12 months. Furthermore, the survey revealed that the vast majority of SMBs lack the budget and personnel to protect against attacks. In other words, small to mid-size businesses are an ideal target for cyber criminals.
Myth: We don't have any data worth stealing
Fact: EHS information contains loads of sensitive personal and company data. That makes it the perfect target for hackers. But having your data stolen isn't the only risk. You should also consider the risks of losing critical data if your computer crashes, being locked out of your system by ransomware, or losing suppliers or customers due to insufficient information security practices.
Myth: Storing data in-house, on our company's sever, is safer than storing it remotely "in the cloud"
Fact: Using a private server is significantly riskier than using the cloud. Private servers are vulnerable to both physical threats (break-ins, fires, floods) as well as digital threats (hackers, viruses, malware). The truth is that most mid-sized companies simply don't have the resources to provide the level of security that reputable cloud software providers can offer. Learn more about cloud vs. on-premise EHS software here.
Myths: We'll just deal with a security breach when it happens
Fact: It costs far more to recover from a single breach than what you would have paid for proper security. The 2017 Cost of Data Breach Study from IBM and the Ponemon Institute puts the global average cost of a data breach at $3.6 million, or $141 per data record. A reputable cloud-based EHS software provider will provide multiple layers of security included in the cost of your software.
Your next steps
At Perillon, we take information security seriously. To learn more about keeping your EHS data secure, here are some resources you might find useful:
- Learn about the dangers of using spreadsheets in EHS.
- Learn about common software security risks and how to avoid them.
- Visit our risk management page to learn what EHS risk management looks like now, and see some of the tools available to help you meet today's challenges.
- Is it time to update your software? Download our free guide to help you discover which type of software is right for you.