6 data loss myths to bust with SMBs right now

Lindsey Klug, Pax8 Continuity Solutions Consultant
SMB data loss myths - Pax8

Let’s break down why SMB data needs backing up.

Selling backup solutions can sometimes feel like trying to sell flood insurance on a sunny day. You’ve got to convince your clients that a potential data loss catastrophe lurks behind every incoming email and every employee delete button – and that they need to protect their business by protecting their data.

The unfortunate truth is, your clients’ data is a lot more valuable and vulnerable than they probably realize. Many small to medium-sized businesses (SMBs) mistakenly think they’re too small to be at risk – 66% of SMB senior leaders believe a cyberattack is unlikely, even though in reality, 67% of SMBs experienced a cyberattack in the last year. In addition to cyberattacks like ransomware and phishing, data can disappear with the click of a button due to user error.

In this post, we cover six myths that are commonly believed by SMBs. You can use the arguments below to push back on their objections and open their eyes to the critical need for backup in today’s modern cybersecurity landscape. While you shouldn’t lean into scare tactics, it’s important to make the threat of data loss tangible.

Myth #1: We’re too small to be targeted.

The stats show that no business is too small to be targeted by a cyberattack. SMBs are softer targets than enterprises in many ways, as they usually have fewer IT resources, less sophisticated cybersecurity defenses, and are more inclined to pay ransoms because they simply can’t afford the downtime. And in fact, nearly one-third of data breaches in 2020 involved small businesses.

Myth #2: We don’t have any data of high value.

No matter the size, every business generates valuable business data each day. Credit card info can fetch up to $5 per record on the black market, while customer and employee personal identifiable information (PII) can be worth up to $450 per record. Then there’s sales and financial information and proprietary IP, which competitors could be eager to get their hands on.

When it comes to ransomware, attackers don’t necessarily care about the resale value of the data they’re holding hostage; they just need the business to need the data enough that they’ll pay to get it back. In fact, the cost of downtime related to ransomware is actually about 50x more than the ransom itself.

Myth #3: Anti-virus software alone will protect us.

With the wide array of sophisticated cyber threats out there, anti-virus is not enough to protect your business data. In Datto’s 2020 Global State of the Channel Ransomware Report, half of the surveyed MSPs reported that ransomware was able to bypass antivirus and anti-malware solutions, including anti-malware filtering, legacy signature-based antivirus, and NextGen anti-virus.

Myth #4: All our data is in the cloud – so it’s safe, right?

SaaS applications have become a top entry point for ransomware. Datto reports that in 2020, 1 in 4 MSPs saw ransomware attacks on their clients SaaS applications, including Microsoft, Dropbox, and Google Workspace.

SaaS applications are also vulnerable to the #1 cause of data loss – human error. Without backup, data deleted in the cloud is no different from data deleted from an on-premises server – gone for good.

Myth #5: Microsoft stores our data, so we’ll be able to get it back.

Microsoft themselves endorse the use of third-party backup solutions in their Microsoft Services Agreement, which states, “We recommend that you regularly backup your content and data that you store on the services or store using third-party apps and services.”

Additionally, Microsoft only stores data for 30 days, which is a very short timeframe for data loss tolerance. Other backup solutions can provide much longer archiving windows to ensure that lost or deleted data is recoverable months or years down the road.

Myth #6: I just don’t need to be that worried about data loss.

Perhaps you have a client who is still determined to ignore all the statistics that show the likelihood that their SMB will eventually experience a cyberattack. Or maybe they are overly confident in the security solutions that they have in place.

In this case, there are three important things to highlight. First, no security solution is 100% foolproof, so they need to be prepared for the worst. Second, data loss can be as simple as an accidental click of a mouse by an employee – no cybercriminals or hackers in the shadows needed. The threat to data is real, from inside and out.

Finally, illustrate that when data loss does happen, it’s painful! Downtime, lost customers, a damaged brand reputation, and lower employee morale all await companies that experience a data breach – not to mention the financial consequences of lost sales, potential compliance fines or legal action, or ransomware payments. Every business, no matter how small, should be worried about data loss.

Don’t let your clients become another data loss statistic.

As your clients’ trusted tech advisor, it’s your duty to paint the picture of the threat of data loss to them. We’ve created a white-labeled fact sheet that you can put your own logo on to start a conversation with your SMB clients about the very real risks of data loss. This fact sheet is filled with facts and stats that demonstrate why backup is simply not optional anymore in today’s cybersecurity landscape.

At the end of the day, it comes down to risk tolerance. The monthly cost of a backup solution is pennies on the dollar compared to the potentially catastrophic consequences of lost productivity and lost revenue due to downtime, ransomware payments, and compliance fines. After you lay out the threats to data followed by the costs of data loss, it’s time to ask your client decision-maker directly, “Are you willing to take that risk?”

Get the guide