Updated: Jun 18
Cybersecurity preparedness is one of the major obstacles businesses are facing today. Yet, despite the increased focus on making companies cybersafe, there are several common cybersecurity misconceptions that still pervade the business world.
And if you or your employees believe any of the myths below, you could be opening up your business to unknown risks or potential cyberattacks.
So here are 11 cybersecurity myths you need to stop believing right now:
Myth #1: Small and medium-sized businesses aren’t targeted by hackers
Reality: Small businesses made up over half of last year’s breach victims.
This is one of the most common cybersecurity myths that need to be debunked right this instant! A lot of Small and Medium-Sized Businesses (SMEs) think that they are safe from any kind of digital threats because they’re off the radar. But, let me just put this out here and say that hackers don’t care about the scale of your organization to target it. Of course, some prefer to hack the bigger organizations, but most cyber attackers would settle for smaller businesses. In fact, according to the 2018 Verizon Data Breach Investigations Report, 58 % of data breach victims are small businesses.
This is because while many businesses aren’t targeted specifically, some businesses fall prey to what’s known as “spray-and-pray” attacks — where hackers set up automated systems to randomly infiltrate businesses. And as these attacks are random, any business can be damaged, regardless of size.
However, small businesses tend to be viewed as “softer” targets, as they have less funding for advanced data protection software and often don’t have skilled security teams, which makes them more likely to fall victim to spray-and-pray attacks. Targeted attacks also tend to focus on small businesses, precisely because they’re unprotected.
Myth #2: Only certain industries are vulnerable to cyber attacks
Reality: Any business with sensitive information is vulnerable to attack.
Much like some businesses believe they won’t be attacked because of their size, other businesses wrongly assume that they won’t be attacked because of the industry they’re in. Again, this is not true! Every industry is at risk.
In fact, let’s just put it this way: if you are connected to the Internet in one way or another, then you are at risk of getting digitally attacked. The reality is that hackers target whatever they can, whenever they can.
What’s more, even if the data being targeted doesn’t have resale value on the darkweb, it may be imperative for the business to function. Ransomware, for example, can render data unusable unless you pay for a decryption key. This can make attacks very profitable for cyber criminals, even if the data is deemed “low value.”
Myth #3: A strong password is enough to keep your business safe
Reality: Two-factor authentication and data monitoring is also needed.
In truth, no password can be 100% secure. No matter how many numbers and special characters you use in your passwords, there’s always a possibility that they can be cracked or leaked in some way. Most people think that their regular passwords are strong enough to stand against multiple break-in attempts. However, that’s a wrong mentality to have.
This is why while it is still important to include capitalization, numbers and special characters into your password, it is just as important to keep changing your passwords regularly. It could be weekly, bi-weekly, or monthly, but you need to regularly change your passwords, and have your employees change theirs.
However, while strong passwords are one of the foundations of good cybersecurity practices, especially for businesses, implementing and enforcing strong password policies is only the start. In fact, one of the major components of cybersecurity preparedness that companies overlook isn’t how people access the information — it’s what information is available in the first place.
Not only do employees need strong passwords, companies need to be more aware of who they allow to access what data. In a recent study, we found that 41 % of companies had at least 1,000 sensitive files open to all employees. Many companies also don’t have a system in place to monitor admin access. Strong passwords help keep your company safe, but there’s a lot more at risk once employees are in the system.
Myth #4: If Wi-Fi has a password, it’s secure
Reality: All public Wi-Fi can be compromised, even with a password.
Now with most employees working remotely due to COVID-19, they may incorrectly assume that a password keeps a Wi-Fi network safe. In reality, Wi-Fi passwords primarily limit the number of users per network; other users using the same password can potentially view the sensitive data that’s being transmitted. These employees should invest in VPNs to keep their data more secure. And remember, using public Wi-Fi is not always safe!
Myth #5: Anti-virus/Anti-malware software is enough to keep your company safe
Reality: Software can’t protect against all cyber risks.
Anti-virus software is certainly an important part of keeping your organization safe — but it won’t protect you from everything. No anti-virus or anti-malware can keep your systems 100% safe and secure from all types of cyberattacks. Now at this point in time, if you are scratching your head wondering then why did you spend all those $$$ on investing in such software to protect your business, let me explain further.
This is because anti-virus and anti-malware software relies on a large database that has information about all the malware/viruses out there. However, hackers are becoming smarter and stealthier, so if these hackers use a new kind of malware to infect your network or PC, then there’s a high chance that your software won’t be able to detect those immediately. So the bottom line is, don’t solely rely on such software. While they will protect your business from existing viruses and malwares out there, they are only the first line of defence for your system and you should always have multiple defending options available.
Myth #6: Our cybersecurity system is PERFECT
Reality: Cyber preparedness is ongoing, with new threats emerging every day.
Here is the thing, no one is perfect! You can never be too sure about your cybersecurity ever. I mean, technology is advancing with each passing hour, which in turn means that new threats are emerging each day. You need to constantly adapt newer cybersecurity policies and practices to avoid any havoc.
Hence, cybersecurity is an ongoing battle, not a task to be checked off and forgotten about. New malware and attack methods consistently put your system and data at risk. To truly keep yourself cybersafe, you have to continuously monitor your systems, conduct internal audits, and review, test, and evaluate contingency plans.
Myth #7: Cybersecurity threats are only external
Reality: Insider threats are just as likely, and harder to detect.
Let me ask you this, when you think of a hacker, what image comes to your mind? Some random person sitting in a dark basement wearing a black ski mask and trying to hack into your organization’s network? Yes, I’ll admit that’s the image in my head as well.
But, we cannot be any more wrong! In fact, did you know that up to 75% of cyberattacks or data breaches are a result of someone on the inside? I mean these threats can come from anyone on the inside – from disgruntled employees looking for professional revenge to content employees without proper cybersecurity training. Therefore, it’s important to have a system in place to deter and monitor insider threats.
Myth #8: Cybersecurity is solely the IT department’s responsibility
Reality: All employees play a role in keeping your company cybersafe.
While IT has a big responsibility when it comes to implementing and reviewing policies to keep companies cybersafe, true cybersecurity preparedness falls on the shoulders of every employee, not just those within the information technology department. Employees should thus be properly trained on cybersecurity best practices, such as how to avoid downloading malware through emails or unsafe websites, how to spot phishing scams and avoid unsafe links.
Myth #9: We don’t need tests or training
Reality: 90% of all successful cyberattacks are caused by human error.
This could be the most dangerous and fatal myth out there. Watching YouTube videos or reading a few cybersecurity-related articles will not bring employees up to speed with all the risks and counter-measures. Like mentioned in the previous point, all employees play a role in keeping your company cybersafe. Hence, it is important to have all employees go through a cybersecurity training program to protect your business from any possible cyber risks.
Penetration tests and assessments should also be conducted regularly to find any vulnerabilities and fix them in time.
Myth #10: Bringing your device is safe
Reality: All smart devices, including wearables, can compromise a network’s system.
Employees often assume that their personal devices are immune to the security protocols the company’s computers are subjected to. As such, Bring Your Own Device (BYOD) policies have opened up companies to cyber risk they may not be aware of. Employees who use their personal devices for work-related activities need to follow the same protocols put in place on all of the network’s computers. These rules aren’t limited to cellphones and laptops. BYOD policies should cover all devices that access the internet, including wearables and any IoT devices.
I know I know, it is cost-effective to have your employees bring in and connect their devices to your organization’s network. And now, with most employees working remotely now, they will most likely be using their own personal devices if companies had only provided them with a desktop at work and not a portable laptop.