Unraveling Six Myths of Cybersecurity

unraveling six myths cybersecurity 810x650
October 12, 2017

When it comes to cybersecurity, we are all at risk. However, understanding cybercrime and taking a proactive approach to data security can significantly decrease the chances of a breach. Let’s look at some of the most common myths associated with cybersecurity.

Basic Anti-Virus Protection is All We Need

Anti-virus software sounds more impressive than it actually is. And, while it is part of the solution, it certainly doesn’t guarantee that you are safe. This type of software is most helpful in containing damage once an attack has occurred, not necessarily preventing the attack. The promises of anti-virus software have lulled many organizations into a false sense of security that ironically makes them even bigger targets.

We Don’t Keep Credit Card Information on File, So We’re Not at Risk

This is a common misconception since credit card fraud is typically the most public cybercrime and frequently happens to individuals and companies. Credit card data is a target, but it’s not the only one. Cyber-criminals are after personal, confidential information that can be exploited or sold. This may include many pieces of data including social security numbers, bank accounts, passwords, etc. Never underestimate the worth of the information you store for your employees and clients.

We’re a Small Business, Cyber-Criminals Aren’t Interested in Us

We hate to burst your bubble, but cyber hackers often prefer small businesses because they can serve as gateways to larger ones. A case in point is the famous attack on Target in 2014. That enormous breach resulted from an HVAC vendor’s lack of security measures. No matter your size, securing your information is critical. Small businesses that don’t implement security protocols and have a plan in place risk a significant loss of production and in some cases, can’t recover from the financial loss and impact on their reputation.

To large businesses reading this section, your company is only as safe as your weakest third party. Many organizations simply don’t realize the number of outside sources they risk exposure through. Whether it’s an outside payroll provider, a subcontractor, or a vendor, ask questions about their security measures before entering into a business relationship.

Our Passwords Are Strong, What Could Go Wrong

Gone are the days of using your dog’s name as your password, yet even with the crazy combinations of numbers, symbols, and special characters, complex passwords don’t provide all-encompassing protection, it’s merely one layer of protection.

Even if your password is strong, don’t be tempted to use it for multiple accounts. Once criminals discover one password that works, they will attempt to use it on other associated accounts. For an added layer of protection, it is recommended to utilize second-factor authentication. Also known as two-step verification, this process requires a user to provide two authentication factors to verify who they are. It’s yet another wall between you and the hacker.

We Only Open or Download Items from Trusted Sources

Countless companies will tell you how safe they were until one employee opened one wrong email. Criminals are more and more sophisticated in how they assume trusted personas. Also known as “spoofing,” these emails appear legitimate to even to a technologically savvy employee. It’s extremely common and extremely dangerous. All it takes is one employee to be tricked into opening and/or downloading the wrong email or file, and with the click of a mouse, your company becomes infected with malware. If you’re lucky, you have IT staff and processes in place that can quickly detect this type of breach, but even then, damage can occur rapidly. Today’s criminals are highly aware of how to cover their tracks and disguise an infiltration to prolong the time it takes your company to react.

We Stay on Top of Software Updates, Well Usually

Patch management is key to keeping your company current and updated with the latest security patches that address system vulnerabilities. Look no further than the WannaCry attack in May 2017 for evidence of what happens when you don’t stay on top of software updates. Two months before the attack was launched, Microsoft released an update to fix the specific vulnerability that WannaCry was designed to exploit. Unfortunately, it is not unusual for an organization to take months to patch vulnerabilities. That’s more than enough time for hackers to play your procrastination to their advantage.

If your IT department is too overwhelmed to manage patches, it may be time to consider a third-party vendor. Effective patch management may be one of the single most important preventative measures you can take against cyber-attacks.

Today, businesses must take a proactive stance against cyber-attacks. If you are uncertain about your level of exposure, consider a vulnerability assessment to identify areas of weakness before they become part of a cybercrime news report.

Phil Keeney - Stambaugh Ness