If you run or work in a small- or medium-sized business (SMB), ask yourself if any of these statements sounds familiar:

• “My staff and I are too smart to be fooled into installing malware on our computers.”
• “My business is too small for hackers to be interested in.”
• “Of course we’re protected—we’re using the free antivirus software that came with the computers.”
• “What’s malware?”

Are these hitting a little close to home? If so, you may be among the many SMBs that have made, and continue to make, phenomenally bad decisions regarding cybersecurity. It’s time for an intervention. First, let’s review these decisions and why they are bad for your cyber health.

Reliance on Inadequate Security Tools

There are many providers of anti-malware software out there, and many of them offer “freeware” versions of their products. Great way to reduce costs, right? Wrong. The free versions are usually crippled in some way: They don’t provide continuous system monitoring (that is, you have to manually launch the software to scan your computer), or they don’t automatically update themselves with the latest malware information, or they work for only a limited trial period, or they have some other shortcoming that magically disappears when you pay the subscription fee.

There’s no such thing as a free lunch. A sad fact of life is that cybersecurity costs money, so you might as well get over it and budget annually for some solid, comprehensive cybersecurity software that will protect you automatically and unobtrusively. Do your homework and find the product that best fits your business situation and your budget.

Denial

At first blush it’s counterintuitive, but hackers don’t necessarily focus all their efforts on the big fish in the pond—the Home Depots, Targets, Equifaxes, and other high-profile hacking victims that have made the headlines in recent years. If anything, most hackers are more interested in smaller organizations. Why?

• SMBs often lack expertise or rigor in cybersecurity and are more likely to have unpatched vulnerabilities to exploit. In a word, they’re easier targets.
• SMBs might have less data to steal than a larger business, but if hacker can get the same amount of data by successfully hacking 10 SMBs for a fraction of the effort of hacking a large organization, you can be sure they will do it.
• SMBs are far more likely to fall prey to a ransomware attack, and an alarming number of them never recover.
• People make mistakes, and people in SMBs are no exception. You may have the smartest staff in the industry, but even smart people make cybersecurity mistakes.
• Healthcare SMBs are particularly vulnerable because the patient data they hold is even more valuable that credit card and Social Security data.

And if you think your business is too small to attract hackers’ attention, think again. If you have a presence on the web or on social media, you are on some hacker’s radar somewhere. Modern-day cybercrime takes advantage of sophisticated tools that can probe hundreds of websites and social media accounts in a short period, looking for potential vulnerabilities.

No Decision

Doing nothing is not an option. Yes, as an SMB, you have a thousand things more pressing to do. But the longer you put off really addressing cybersecurity, the more likely you are to become a victim. And SMBs victimized by cybercrime are far more likely to fail than those who adequately protect themselves.