Security is top-of-mind for everyone because it's quickly becoming one of the hardest variables to control for as user error becomes more prevalent across businesses. Where does this human vulnerability stem from? Unfortunately, too many businesses are assuming they're safe and aren't taking proper precaution. As an IT professional, you’re familiar with the threat landscape and you understand the risks, but how can the SMBs you serve distinguish fact from fiction?

Put yourself in their shoes for a moment. As a small business owner, you’re not necessarily worried about data breaches on a day-to-day basis – you’re focused on acquiring new business and keeping the company on its feet. Many small- and medium-sized businesses (SMBs) are generally unaware of IT security prevention best practices and easily fall for the common misconception that they have nothing to worry about. However, there are certain myths that can lead these organizations to incorrectly assess the three tenets of cybersecurity:

  1. System Susceptibility – answers the question, "what is the potential risk?"
  2. Threat Accessibility – answers the question, "what is the likelihood that the risk can be exploited?"
  3. Threat Capability – answers the question, "what is the potential impact if the risk is exploited?"

By failing to account for each of these three concerns, they're endangering the safety of their data and livelihood of their business. Fortunately, they have you to help them define and enhance their IT security strategy, as well as navigate the turbulent cybersecurity landscape. 

As an MSP, your mission is to protect clients with your managed IT services support, education and expertise. In order to effectively communicate this value and sell your solution, you have to dispel myths that prevent SMBs from reaching a business-grade security posture. So what are these security myths exactly?

1. Only larger organizations are being targeted.

Why would any hacker want to focus on targeting a small business? This myth originates from the thinking that smaller companies have fewer resources and less money, so they’ll be pushed aside as attackers go after the larger businesses. In fact, as long as a business has a digital identity, they’re a valuable target. A recent Ponemon Institute study actually found that 55 percent of SMB respondents have experienced a cyber attack in the past year, and another 50 percent have experienced a data breach involving customer and employee information.

For a hacker, SMBs are seen as tempting and easy targets because less is being done to protect their data, and they generally don’t have the resources to fight back. This is why it’s dangerous to assume that cybercriminals will ignore a company simply because of its size. Every business is a potential target, therefore every business needs the proper defenses.

2. I don’t have any important information worth stealing.

It may not always seem like it, but every business has data worth stealing. This could include information about clients, employee records, financial details or more – all of which are useful to cybercriminals in some way. Another Ponemon Institute study sponsored by IBM found that the average cost per lost or stolen record is $158. It doesn’t seem like a lot, but this number grows quickly once you steal them by the hundreds.

Also, it may not be the company’s data that a hacker wants – it could be the computer itself. Any device that can connect to the Internet is an opportunity for hackers, and because of that, automated bots are constantly scouring the Web for vulnerable computers and networks. This proves that it’s not just a matter of protecting a business’ information, but their endpoints as well.

3. Security technology alone will keep me protected.

I’m sure you’ve heard this one many times before: “But I’ve got antivirus, I’m protected!” When businesses rely entirely on a sole security program that’s supposedly bulletproof, they’re placing too much trust in a single line of defense. It’s been found that signature-based antivirus solutions detect on average less than 19 percent of malware threats. While implementing this software is a necessary first step, it clearly isn’t enough, and the best protection is delivered through a multi-layered solution.

Also, it’s important to remember that not all threats are external. Careless employees can fall victim to phishing scams or even bring unsecured devices into the workplace – causing them to pose as much of a threat as cybercriminals. This is why education is a critical component to IT security, and yet another point that illustrates why businesses can’t just rely on software to keep them protected.

Overall, suffering an IT security incident is not a question of if, but when. No matter how extensive a business’ network security is, attackers will get through at some point. The best thing a business can do is to make it as difficult as possible to infiltrate their systems and develop an effective incident plan for responding and recovering after an attack occurs. 

Did you know that 79 percent of small businesses do not have an incident response plan? Without one, businesses may never be able to fully recover when a security incident becomes a reality. These types of plans are essential to a robust IT security strategy because they act as specific, step-by-step guides detailing how organizations should respond to a disaster situation or incident. SMBs don’t always have the proper personnel or bandwidth to set up and execute on these plans – but that’s where they can turn to an MSP. You provide the complete toolkit of expertise, technology and experience to know exactly what is needed to limit the damage of an attack and reduce the time it takes to recover. You also have the ability to test these plans in a fictional disaster scenario to ensure that there are no hiccups.

To help convince clients and prospects to partner with you for their IT security needs, we’ve gathered data from Nationwide’s Cyber Security Survey. Use this chart in your next MSP sales presentation, and ask if they have any of the following plans in place:

Is Your IT Security Strategy Incomplete Chart.png

Want to use this chart right away? Click here to download a customizable version!


Continuum Partners: In continuing our commitment to help you accelerate sales through ongoing marketing support, every week we will be uploading customizable PowerPoint templates with relevant charts and data that you can use in your own decks. And because it's white labeled, you'll be able to add your own logo and branding to stand out against the crowd! Just keep checking back on the Partner Support Portal for files to download!


Debunk even more IT security myths with this eBook!