Pagoda Blog

8 Cybersecurity Myths That Put Small Businesses at Risk

May 21, 2020

There’s a lot of misinformation circulating online around cybersecurity that can put your business at risk. These cybersecurity myths can often placate us into thinking that our business is safe when more often than not, the castle gate is likely to splinter at the first battering ram or will open wide to even the most poorly disguised Trojan horse. Remember, bad actors are always on the lookout for vulnerabilities, or, you might say, for chinks in your cybersecurity armor, that they can exploit. This means that regardless of your size, industry, or how much work you conduct online, cybercriminals have motivations to target your business. By staying informed of the current risks—and being able to distinguish myth from fact—you can properly prepare your defenses for a potential attack.    


Myth #1: Strong passwords are enough to protect your data

Creating strong, unique passwords for each of your accounts is a critical part of securing your data, but even the strongest password can be leaked or cracked. (A password management service, however, can greatly reduce the likelihood of either.) You need an extra layer of protection or two- or multi-factor authentication to further deter cybercriminals. Should a cybercriminal crack or gain access to your password(s), multi-factor authentication throws up one or more additional obstacles before granting access. These additional obstacles are in the form of a security question, single-use passcode sent to another selected device, or a physical security key.    


Myth #2: Your business is too small for hackers to notice 

According to Verizon’s 2019 Data Breach Investigations Report, 43% of data breaches involved small business victims. Why? Because small businesses tend to have weaker cybersecurity than large corporations making them easy targets. Regardless of how many employees you have or your annual profit, you need to assume that you could be the target of a cyberattack and prepare accordingly.  


Myth #3: You only need to worry about outside threats

No business owner wants to assume that one of their employees would inadvertently, much less purposefully, exploit sensitive company information or infect their system with a virus.  Unfortunately, 34% of security incidents and data breaches in 2019 involved internal actors. This doesn’t mean that you should lose all trust in your team, but it does mean that it’s important to put preventive measures in place so that you can safely give employees access to the files and software they need to do their job. These measures may include a password management service to securely manage employee access to company accounts, team-wide cybersecurity training, and a BYOD policy if employees ever work from home or outside the office. 


Myth #4: Cybersecurity is the exclusive domain of your IT team 

Your entire team, across departments, needs to be trained in cybersecurity. If this seems overboard, consider this: phishing scams target all team members, regardless of job title, so if one team member falls for the scam, clicks a malicious link and/or shares their account details, your entire network could be compromised. In the month of March alone, phishing scams increased an astronomical 667%, so it’s especially important to keep your entire team informed. KnowBe4 has put together an entire resource center with the latest phishing and security awareness resources to help businesses prepare and defend themselves against these rising scams. 


Related post: How to Train Your Entire Team in Cybersecurity 


Myth #5: Public Wi-Fi with a password is safe

Password-protected public Wi-Fi has the tendency to lull many of us into a false sense of security. When you think about it though, anyone can gain access to these networks—a customer of a cafe only has to ask for the password or often it’s posted on a sign for everyone to see. What you have to keep in mind is that whenever multiple people are using the same Wi-Fi,  there’s an opportunity for bad actors to intercept your information. This doesn’t mean that you can never check your email while on the go again, but you should use a VPN (virtual private network) so that you have your own secure, private network. A VPN establishes an encrypted connection, masking your IP address so that your online activity is nearly impossible to track. It’s also important to ensure that your home Wi-Fi router is secure which you can achieve in 6 simple steps


Myth #6: You’ll know immediately if your computer has a virus

It used to be that when your computer had a virus it immediately affected its performance. Applications would load like molasses, programs would crash, and pop-ups would start taking over your web pages. Malware today has evolved and become more savvy and sophisticated. Now viruses take their time to reveal themselves, slowly compromising your device while everything continues to run smoothly. This gives the virus more time to access your data and cause significant damage before it’s detected. This is why it’s so important to not only install trusted anit-virus software but to also run regular system checks to ensure nothing’s snuck in under the radar. 


Related post: 5 Virus Protection Tips Beyond Security Software 


Myth #7: Only luddites fall for phishing scams and blackmail 

Many people mistakenly believe that all phishing scams are blatantly obvious emails like the widespread Nigerian banking scam. Today, however, phishing emails utilize social engineering tactics to make them much harder to spot. A phishing email often will appear to come from someone in your email contacts or from a reputable company that you know and trust, like your bank. It’s important to remember that no one you trust should ever request that you share sensitive information via email, such as a username and password or your social security number. This in and of itself is a red flag.  If you look closely, the from address and links contained in phishing emails also often contain spelling errors. To mitigate the risk of someone on your team falling prey to a phishing scam, we again recommend training your entire team on cybersecurity using a program like KnowBe4. 


Related post: What to do if You Receive Blackmail in Your Inbox  


Myth #8: You don’t need HTTPS unless you collect personal information 

Regardless of what type of business you run, your website should absolutely use the secure HTTPS protocol. If you haven’t secured your site, every action visitors take can be harvested and used for ad targeting and malicious activity like phishing scams. Without a secure HTTPS connection, your website’s login information is also vulnerable because it’s not encrypted. A cybercriminal who’s gained access to your Wi-Fi could easily lift your credentials, gain access to the backend of your site and steal sensitive information. To learn more about why your website should use HTTPS over HTTP, check out this blog post

Further Reading: 

How to Protect Your Business From Identity Theft 

A Ransomware Attack Shut Down Baltimore’s City Government. Could Your Business Be Next? 

Which is the Most Secure Browser? 


Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing



Want IT to serve you better?





About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at to schedule a complimentary IT consultation.

Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn