Cybersecurity breaches are in the news all the time. People hear about things happening yet persist in thinking it can’t happen to them. When we ask them why we are often told things such as, “I am too small, no one will bother with me; I have antivirus, so I don’t need anything else. I’m covered; I wouldn’t have anything they want.”

These are not reasons why an attacker will not bother you. Security by obscurity, otherwise known as the ostrich sticking its head in the ground does not work.

Cyber security is about risk management. Many factors are going to affect your business’s risk. Do you have credit card info? Do you have usernames and passwords? Do you have some special proprietary data? Do you have access to other companies’ networks? Do you have information systems such as web pages, email, social media? Do you have employees? Do you have customer lists? What type of vetting do you do with your supply chain? These are all factors that will affect your level of cyber security risk and whether an attacker will target you.