July 1, 2019
(Summary: Knowing these cybersecurity myths will help you identify the real threats and how to stay protected from them.)
- You will be killed if you are hit by a penny falling from the Empire state building.
- Lightning never strikes at the same place twice.
- Elephants are afraid of mice.
Well, these are some myths that are ridiculously funny. Myths are everywhere. And our digital world is not an exception. Such funny myths are prevailing even regarding a serious matter like cyber-security.
Simply put, the practice of cybersecurity is plagued with many misconceptions. These misconceptions hold businesses back from getting updates or employing the right strategies. Even worse, they make them vulnerable to cyber-attacks and these cyber attacks are common during the festive season that runs through Black Friday.
Here are some common cybersecurity myths you shouldn’t believe anymore.
My Business is Too Small to Be Hacked
Most small businesses think that they are immune to cyber-attacks because they don’t have critical data or big resources. Therefore, they are not that serious about their cyber-security.
As a result, they don’t implement strong cybersecurity practices like strong passwords, updated antivirus software and secure data processing. In addition, unlike their larger counterparts, they don’t invest heavily in cybersecurity.
This approach makes them vulnerable to cyber-attacks. In fact, they are a soft target for any hackers. According to one report, nearly 70 percent of small businesses have experienced cyber attacks in some form.
All You Need is Antivirus Software to Stop All Cyber Threats
This may have been true in the mid-90s.
Modern day hackers are so advanced and sophisticated that they can outwit the average antivirus software easily. Remember, antivirus is a precautionary step but isn’t enough to fortify your security.
Outdated antivirus software will only detect older viruses. It is not able to detect or prevent new spyware, worms, and ransomware. Such threats can break into your system through social media, software, devices and online services. Even the leading antivirus company, Norton, has admitted that antivirus software may not be enough.
It is important to employ other security measures to stay protected.
It’s the Duty of the IT Department to Protect against Cyber Attacks
IT pros have the technical expertise required to deal with cybersecurity threats, but employees, intentionally or unintentionally, often pose the biggest threat. This is something that the IT department can’t control. For example, employees may be using weak passwords or not scanning their devices while transferring data. Sometimes they click on a malicious attachment being sent via emails.
Surprisingly, over 95% of cyber incidents are due to human errors. Hackers look for non-tech employees or the weakest link to break into your network. Moreover, insider threat incidents like employees stealing data are all too common.
Therefore, cybersecurity is not the duty of your IT department only. Instead, it should be a responsibility for everyone from the bottom to the top of your organization.
Reporting a Security Incident will Stain My Business Image
An important requirement to deal with security breaches is your business’ mindset.
No matter how good your security practices, you can’t tell if you are 100% secure. Well, in reality, no one is.
Even big companies often face threats despite cutting edge security tools.
If you hide things, you are hindering your ability to stop incidents and handle the situation if hackers take on your organization. For example, sharing or reporting a security incident will help you find better ways to deal with it and will alert other businesses to the threat.
You are preparing yourself to prevent the next attack while helping others by pooling information. A customer or client will have more peace of mind knowing that you are going above and beyond to keep their data safe.
Will it harm your reputation? The truth is trying to sweep it under the rug will cause more damage in the long run.
Weak Passwords or Relying Only on Strong Passwords
Weak passwords are low hanging fruit for hackers. Only relying on strong passwords is not right either.
Weak passwords pose a great threat because they are easily predicted by cybercriminals. Using passwords like 1234, ABCD or even your date of birth, are easily guessed by hackers. No wonder that 81% of businesses faced data breaches because of weak passwords.
Make sure your password is composed of numbers as well as letters and special characters.
This, however, is not the only step you should take. Hackers are definitely looking for new ways to crack passwords. Therefore, you should implement new security measures like two-factor authentication.
Going Offline Means No Risk
The Internet is not the only way to get on the radar of cybercriminals. You are also vulnerable to attacks even in offline mode.
You may have people that are working inside your firewall with devices like laptops, external HDDs and USB drives. These devices can easily inject malware into your systems. Once malware gets into your system, it can bring down the entire network.
My Business Genre is Safe
No business is safe online, regardless of whether you sell curtains or offer advertising services. Every industry is at risk.
Hackers may steal your sales data and demand a ransom for releasing it (remember Wannacry). Or, they may derive sadistic pleasure by injecting malware to destroy your data.
Cyber-attacks have gone beyond the finance and tech industries to other businesses. Cybercriminals can target whatever appeals to them. Even if you are not a bank or financial services provider, there’s still the risk of someone getting into your network and creating mayhem.
So these are the cybersecurity misconceptions you shouldn’t believe anymore.
As noted above, however, achieving total cybersecurity can’t be guaranteed in this era of ever-increasing cyber-attacks. In fact, cybersecurity is a constantly evolving learning process to deal with new threats. Again, cybersecurity is a strategy rather than a tool or software to prevent an attack.
And, it is equally important to get your employees educated on cybersecurity. Cybersecurity training will help them identify the threats and the ways to deal with them.
What do you think? Please let me know by dropping your comment below. Stay safe!
Ahmad Hamidi is an author and editor at Secure Guard Security Services, a leading security guard company in California region.