Information security is a priority for any organization. Unfortunately, the majority of companies forget about it. We have prepared for you 5 the most common IT security myths. Myth 1 – «My business is 100% protected» You have hired a team of specialists who are responsible for information security. They have already completed several important projects and convince you that your business has no fears – your data are completely protected. Don't trust such words, because hacking a system is just a matter of time and budget. You will never be 100% insured against a successful cyber attack. You have the opportunity to minimize all risks, but you need from time to time to contact profile specialists «from outside» who will conduct independent testing of your systems about information security level. Myth 2 – «My country has a low level of cyberattacks» In Ukraine, for example, the level of Internet penetration is not only one of the highest, but the number of cyber incidents is growing to even higher levels. Myth 3 – «I have a small business, I shouldn't pay attention to data security» Do you really think that intruders do not pay attention to small businesses? The difference is that hackers’ attacks can penetrate a big business many times, but the company will rise again. It is not true for small businesses, where such penetrations can be fatal. When your business is an interest to unfair competitors, its size becomes unimportant. Myth 4 – «My business is legal, I shouldn't worrying about it» If there is nothing to hide, then confidentiality is useless. This statement can be found in many organizations. However, there are always things that you don't want to disclose, for example – the financial condition of the company. Even if your business is «perfect», the first thing you should care about is the confidentiality and security of your data. Myth 5 – «Cybersecurity is expensive» You can start with basic protection of your data: educate your company's users to recognize «fraudulent emails», use two-factor authentication, create an incident response plan, and ultimately use strong passwords and update them regularly. Don't forget to educate your users regularly, because people are the weakest point in the attack chain.