Cyber security myths

Poor cyber security has been identified as the most pressing threat to business today.

Cybersecurity issues often stem from a lack of cybersecurity awareness. According to CyberEdge Group’s CyberEdge Cyberthreat Defense 2020 Report, lack of cybersecurity awareness was identified as the greatest detriment to an organization’s cyber defense.

Reasons for this lack of awareness include lack of cybersecurity training and persistent misinformation. Despite more media attention than ever, there are still some common misconceptions about cybersecurity that put businesses at risk.

Here are some of the biggest myths surrounding cybersecurity and how you can address them.

1. Cyber security is not my responsibility

IT security is still seen as the IT team’s problem when this is not the case at all. All employees have a responsibility to ensure the security of the business they work in. Your people are the first line of your defense and are your biggest attack surface. These are the people hackers target with phishing campaigns because they rely on a lack of security knowledge.

This myth can have serious consequences if your people don’t practice basic cybersecurity hygiene. If they are not careful when clicking on links in emails or downloading software, it could compromise the security of your business. Education is essential, because your employees need to understand why cybersecurity is so important and that they have a role to play too. Training will also equip them with the skills to identify threats and change their behavior for the better.

2. Hackers don’t target small businesses

If you analyze what’s in the news, it would come out that only large corporations like Yahoo, Uber, and Marriott are being attacked.

Wrong.

There are now programs that scan websites for vulnerabilities. An unprotected computer will get infected with a virus very quickly. It’s not about who you are, it’s about whether or not your information is protected.

This myth is particularly persistent because of the news stories in the press and the fact that hackers are looking to make more money out of these businesses in particular.

Even though the financial gain from targeting large businesses is more lucrative, the stakes are still higher from attacking small businesses. Cybercriminals know this. A cyber attack could destroy a small business and force it out of business, which is why a small business is successfully hacked every 19 seconds in the UK. Respectively, small businesses are easier to blackmail. Businesses with a limited cybersecurity budget should take advantage of the expertise of an IT helpdesk, which can advise them on the most appropriate defenses.

3. My passwords will keep me safe

There are still two long-held misconceptions about passwords. The first is that adding capitalization, numbers or special characters to your one-word password will make it hard to identify. This myth is perpetuated by a lot of business accounts that have these requirements.

However, the true measure of password security is its length. Software can crack short passwords – no matter how complex – in days. But the longer a password is, the longer it takes to crack it.

But determining a strong, unbreakable password is just the first step. If the service you use is hacked and criminals gain access to your password, you are still vulnerable. This is where two-step authentication and multi-factor authentication come in. These methods involve setting up an extra verification step. When you log in, you will be prompted to enter a security code, which will then be sent to your phone or accessed via a dedicated verification app. This means that if a hacker ever gets hold of your password, it will still be hard to crack.

4. Basic antivirus software will be enough to protect my business

Gone are the days when McAfee or Avast antivirus software IS enough to protect your business. Now there are dedicated tools to fight specific threats such as ransomware.

A synchronized approach to security — where your tools interact with each other — is generally accepted as the most powerful. Your security toolset should cover endpoint, firewall, network connections, email and more. Additionally, backup and disaster recovery tools are recommended to mitigate potential incidents.

5. Just protect against hackers

Even if hackers pose a huge threat to your business, you can’t ignore the possibility of an attack from malicious insiders or even staff accidents. One of the most publicized accidental breaches was a Heathrow Airport staff member who lost a USB stick with sensitive data on it. Fortunately, the person who found it handed it in instead of using it maliciously. However, the company has still been fined £120,000 (about $156,000) for its serious data protection failings.

Also, a disgruntled employee who has access to sensitive information about other employees or customers could willingly steal or share it. Blocking access to your core systems and ensuring that fewer employees have access to them can help protect against this. For accidental breaches, implement policies that specify removable devices must be encrypted. You can also configure email settings to block access to certain attachments outside your organization.

6. If I don’t open emails from people I don’t know, I’m safe from viruses.

Not true. There are a lot of cases where certain viruses attack people in your contact list, which means that email from your mom could contain a virus and cause viruses to be sent to other people you know in emails that appear to have come from you.

7. I will know if my computer is infected.

Not always. In the old days, you’d get pop-ups about attacks or your computer would run slowly. Now there are programs that are almost undetectable. Your personal information is accessed with no outside sign that anything is going on.

8. Cyber security is expensive to implement and maintain.

Given the information your business could lose, cybersecurity is surprisingly affordable. The important thing is to consider what your business needs. It can come in the form of off-the-shelf software or it can be a custom solution. It will certainly be cheaper than rebuilding an infected system and replacing lost information.