Data Privacy Day, which fell on Jan. 28, is a reminder that no matter how small your business is, it simply cannot afford to ignore cybersecurity threats. Target, Anthem and Yahoo might be the first brands that come to mind when you think about victims of cybersecurity crime.

In reality, it could be you or someone you do business with.

A search of the Chronology of Data Breaches, produced by the nonprofit Privacy Rights Clearinghouse, reported 482 public reports of breaches by businesses across the U.S. in 2016. In fact, many of the reported victims were small to medium-size businesses. A sampling reveals fast food, parking, health care, construction, nonprofit, technology, financial and many more industries among the types of organizations affected. The types of breach included payment card fraud, hacking/malware, insider, non-electronic physical loss of documents, portable device, stationary device and unintended disclosure.

Don’t let these five myths about cybersecurity contribute to the vulnerability of your business.

  • Smaller businesses are not at risk. One in four small businesses are affected by cybersecurity attacks annually.
  • Small business owners can’t protect against cyberattacks. More than six out of 10 small businesses have an activity or plan in place in the event of a cyberattack. It should include a security strategy, insurance, legal counsel and information technology team.
  • Lack of resources is the No. 1 reason businesses don’t invest in cybersecurity. A lack of expertise and/or understanding, not the cost, is the number one reason businesses are not proactive about cybersecurity.
  • If a small business is hit by an attack, its financial institution will cover the losses. About four out of 10 small business owners believe their bank or credit union would cover a substantial loss if credentials were stolen. However, the burden of proof lies with the business — the average loss when a business account was hacked was $32,021.
  • If a substantial block of data is stolen, the business should call an attorney first. The business should consult legal counsel when adopting a plan — before an attack occurs. After an attack, the business should first notify those affected by a data breach, such as customers, employees or suppliers.

Angie Barnett is president and CEO of the Better Business Bureau of Greater Maryland. She can be reached at 410-347-3990 and [email protected].