Trouble explaining importance of security to a small non-tech company

Does anyone ever find it difficult talking to people who own small businesses that are non-tech and telling them why it is important to have a good cyber security posture??

This is an elevator company I am talking about and usually the reaction I get is that we do not have information worth protecting…or no one is going to want to try to break into our system…

I as well have trouble giving a reason sometimes…With in my field it is easy to say we have information to protect… Sometimes I try telling them to protect the privacy of their employees but usually get a shoulder shrug to that as well…

They have the mindset of “It will never happen to me!” and that is a bad way of thinking. I take extra steps when it comes to security and privacy because I work with services and websites but even every day people who just browse online are at risk. My own father has someone swipe his information, set up credit cards, and his social security number was found for sale on the dark web. He is still recovering from the damage and it has been 8 years.

Ask them the following:

  • Can I have your login credentials to your bank, social media, and other sites?

  • Can I get access to your internal systems to see customer data so I can exploit them?

If the answer is no, explain to them that these questions do not get asked by hackers, they just do it without your consent. A good security protocol is the “no” that you don’t get to say.

This is a very common problem with non tech savvy companies. They usually don’t take security seriously unless they fall victim to an attack.

Some people have different mindsets thinking that negative things won’t happen to them because they are too careful on what they’re doing. I really try my best to explain it in the simplest form as possible and giving and sharing them scenarios and events that happened to me.