5 Cybersecurity Myths Businesses Need to Stop Believing
Updated: Feb 25, 2019
While cybersecurity and data breaches continue to feature prominently in our daily news, many businesses still believe that they will never be subject to attack. Here are five myths on which this false sense of security is often based.
Myth 1: I’m too small to be hacked—only big companies are attacked
In today’s world, just the opposite is true. For many attackers, company size doesn’t matter. Businesses are not targeted because of who they are; they are attacked because they are vulnerable. And small businesses are particularly vulnerable. National Cyber Security Alliance statistics indicate that more that 70% of cyberattacks target small business; almost 50% of small businesses have suffered a cyberattack; and that as many as 60% of small businesses that experience a data breach go out of business after six months.
Cyber criminals attack not just to get your company’s data and customer information. Once your system has been breached, it can be used by the hackers in a variety of ways. Your system can be used to, among other things, store illegal content, host phishing content, and access other systems. A heating and air conditioning contractor provided the opening hackers exploited in the massive 2013 Target data breach.
Myth 2: If I install this application I'll be fine
That fancy antivirus software you just bought and installed won’t keep you safe. The truth is there is no one application you can install, or one thing you can do, to keep you safe from a cyberattack. No one program or action can cover all forms of cyber threats. The best security is a multi-layered approach encompassing antivirus software, up to date software, encryption, firewalls, well-designed security policies, and well-trained, security aware employees.
Myth 3: I'm safe because I only access known and trusted websites
We may think that accessing known and trusted locations will keep us safe, but unfortunately that is not the case. Even trusted sites may contain malicious software, designed to remain hidden from antivirus detection, that downloads onto your system and targets private data and financial credentials. Also, trusted websites themselves may be hacked exposing your account's information.
Myth 4: I use strong passwords on my accounts
It is a common recommendation for every user to set a strong password, one that is 10 or 20 characters long and contains various letters, numbers and symbols. But how many of us actually follow this recommendation? Most Internet users set passwords that are easy to remember (“123456” and “password” are the two most commonly used passwords in the world), seldom changed, and reused for multiple accounts. Complex passwords are difficult to remember and using a password management tool is inconvenient, so we write them down on some piece of paper kept in an insecure place (often a post-it note on our monitor). Passwords, strong or weak, are vulnerable to numerous threats, including brute force, phishing, keystroke logging, and social engineering.
Myth 5: I only open emails from trusted sources
Many of today’s phishing emails are highly sophisticated with near perfect logos, graphics and content designed to fool you. It is not difficult for an attacker to spoof an email to display anyone’s name (a friend, a customer, your bank, or the even the IRS) as the sender. If you are multi-tasking or distracted for a moment you could easily click on a malicious link in any email, whether from a trusted source or not.
Myths give us comfort and perhaps easy solutions, but relying on them to keep your business safe could be disastrous. The best protection for your business’ employees, customers, intellectual property, and reputation is having a well-crafted, multifaceted cybersecurity program.
Oh, by the way, the IRS never emails.
This article was re-published in the December 2018 issue of Diversity in Steam Magazine.