The last thing any business needs is a ton of myths and misinformation that leads to common and frequent errors that organisations of all sizes make in safeguarding its systems and data.
Cybersecurity is an integral component in the any good business model. It’s impossible to encounter an enterprise that doesn’t have some form of cybersecurity policy as part of its infrastructure. But even cybersecurity programs built with good intentions can fall short because the best intentions are often based on myths brought about by a combination of mistrust, misunderstanding, and lack of information. These are the myths of cybersecurity, and we break down some of the most common ones found throughout the industry.
1 – You read about data breaches all the time. Big companies suffer penetration attacks with millions of user data compromised by hackers. “Well,” you think, “that’ll never happen to my business, there’s not enough value, we’re too small.” And that’s just wrong. In 2016, 43% of all cyberattacks were conducted against small to medium-sized businesses. This is an alarming trend, with malware and malicious attacks escalating in both complexity and frequency. You’re as likely as a target as any major enterprise, so don’t buy into this line of thinking.
2 – The downfall of any security policy is the lazy “set it and forget it” mentality. Cultivating this lethargic approach is the adoption of complex passwords and believing it’s good enough. You have your staff memorize a 12-character login phrase with special characters, caps, and numbers? That must be enough! It’s not, because a mix of social engineering and complex malware attacks can circumvent it with alarming ease. Password reuse across multiple platforms makes you dependent on the security of other organisations, where a breach of their password database places accounts at risk on your systems. Malicious third parties employ a wide range of bots and auto-attacks to hasten their process, and without two-factor authentication and a level of encryption (especially on vulnerable public networks), one password just isn’t sufficient in today’s dangerous cyber world.
3 – Much like the “set it and forget it” password philosophy, this equally applies to your antivirus setup. It’s tempting to believe the fancy software your enterprise invested so much capital in will thwart any and all attackers, but again, that’s not true. Antivirus is of foundational importance, but good cybersecurity requires a rigorous program that includes protection, detection, and response preparation along with safe practices for user behaviors.
4 – It’s also important to protect your network from attacks over the internet by keeping your router secure. Your router directs traffic between your local network and the internet. So, it’s your first line of defense for guarding against such attacks. If you don’t take steps to secure your router, strangers could gain access to sensitive personal or financial information on your device. Strangers also could seize control of your router, to direct you to fraudulent websites.
5 – Competent security requires just as a hard a look at internal staff and policies as do the various third-party attacks. This is because — whether from human error or malign intent — cybersecurity risks are as likely to emerge from your own enterprise as outside of it. More is at risk, too, considering staff are the pathway to the most sensitive info.
6 – Competent security requires just as hard a look at internal staff and policies as do the various third-party attacks. This is because — whether from human error or malign intent — cybersecurity risks are as likely to emerge from your own enterprise as outside of it. More is at risk, too, considering staff are the pathway to the most sensitive info.
7 – A recent study has found that more than 60% of businesses have been subject to targeted cyber attacks and not know it, until it’s too late. Early detection is key to an effective cyber-attack response plan.
8 – Computers are hard, so let IT handle everything, right? This, again, is a foolish way to look at cybersecurity. Some businesses lack the capital to hire experienced staff. And, even with a good IT team, said staff are limited in what they can handle. If you expect your IT team to manage every single tech-related problem, from resetting logins to managing network infrastructure and dealing with potential intrusions, you’re asking for trouble. Every staff member should be familiar with good cybersecurity practices.