Cyber Security Myths
Cyber security, despite common misconception, is not the concern of IT professionals and large corporations alone. We all rely on technology to operate our business in some capacity, and as time goes on this dependency only increases.
Cybercrime is always on the rise, and the targets of these criminal cyber exploits are increasingly small businesses & individual persons.
We would like to share some common cyber security myths and the truths that debunk them. With this knowledge and a few key cybersecurity measures, you can implement safe solutions regardless of your operations or expertise.
We don't think that we will ever be attacked.
This is the big one. The “If I can’t see it, it can’t see me” mentality in everyday cyber safety. This is a widely-held cyber security myth that security professionals refer to as "security through obscurity".
This is the misinformed belief that the virtual space is so vast that no one would really want to target your company. The belief that attacking you would be a waste of time compared to larger companies.
The truth? The vast majority of attacks don’t have a specific target in mind. It’s much more efficient for a scammer or cyber criminal to target thousands of small businesses rather than a few, high-security large organisations. When criminals cast their net wide, it is only a matter of time before your organisation experiences an attack.
No one company is a low-value target for these cyber criminals. There is no obscurity - eventually, your organisation will be noticed. as online culprits regularly & often automatically search for vulnerable computers and networks. They will then work to exploit your existing security gaps to compromise your system(s) and data.
Your personal or corporate information is not the only valuable asset to cyber criminals. There’s also a lot of value in your Internet-connected system for the simple use of it to carry out malicious exploits against other targets.
In summary, your business, regardless of its size or assets, is always of value in the realm of criminal exploits. Always stay aware and make the effort to stay safe.
Once I install this security application, it will all be OK.
Another security myth is the proverbial "magic bullet" which is supposed to guarantee complete cyber security.
Here's a common scenario: You purchase anti-virus software and you expect 100% protection for your entire computer system. However this belief actually gives a false sense of security, and a perception that you’ve already sorted out your cybersecurity.
The truth is that you should not place all your trust in one software to provide a complete defense against online predators. Each software is configured differently and provides coverage for different areas of your system. You should also be aware that 90% of cyber attacks are said to occur as the result of human error, simple mistakes that are often not covered through anti-virus software or firewalls.
By all means, do install an antivirus programme that guards against the usual threats such as viruses, worms and Trojans. However, you should also ensure that the staff are operating safely in consideration of social engineering (spam), access control, and safe-browsing practices.
We recommend that you create your own multi-layered security processes, combining anti-virus, firewalls, and safe practice in order to provide complete protection for your systems and actions online.
I'm really good at setting strong and complex passwords to all my accounts, so I'll be fine.
Great! We definitely want to use strong passwords that are difficult to crack or guess. The best practices in cyber security indicate that your passwords should have 10 to 20 characters, and contain various letters, numbers and symbols. It is also recommended that you make a password long and complicated (such as by using an obscure phrase instead of words) so that it presents great difficulties for someone trying to hack your system.
The problem is that strong passwords are often surrounded by poor password etiquette. For example, these complex passwords are generally hard to remember, which prompts you to record them either on paper or on your PC. These actions undermine the original purpose of a strong password and increase the likelihood of unauthorized access to your system or your accounts.
Furthermore, you can have the longest, strongest password on the planet, but if you haven’t changed it in a year and are using it for all of your logins, it’s only a matter of time before it’s compromised in some form.
So yes, please continue to use strong passwords! They’re great! But the use of a strong password is only the first layer of defense against cyber criminals. We recommend the use of two-factor authentication systems, password management software, and strong password etiquette (such as regularly changing your passwords and using separate passwords for all of your logins).
I don't open emails from people I don't know, so I shouldn't have any problems.
The above is good practice, but it doesn’t account for a few common scenarios. Firstly, it is quite easy for cyber criminals to spoof or impersonate persons that you know.
An email from a recognised sender may simply be on account of their email address being compromised and used to perpetuate a cyber attack. Furthermore, an email can appear to be from a particular sender, wherein it has actually been spoofed and made to fraudulently appear as a trusted sender.
Therefore, the decision to only open emails from persons that you know is far from foolproof.
If an email is requesting that you provide confidential data, or is asking you to do something that you were otherwise not expecting, verify the request through another form of communication as well. This can be done through a phone call, through face-to-face interaction, or at the very least, by confirming with a second-look at the email from your colleagues.
Why would they attack me? I don't have any special information or confidential data on my system.
You may believe that you have nothing important on your system, but is that completely true?
Do you save your passwords for your online accounts, banking websites and email addresses in your browser?
What is your tolerance level if any of these accounts got hacked?
Cyber criminals like to assemble the puzzle pieces of your online life that they obtain from various sources. They can later use your completed profile to steal your identity and wreak havoc.
Even if these culprits are not after your personal data, they still find the control and use of your device valuable for other illegal purposes. They can use your system's hard disk to store illegal content, install a bot to recruit your computer in a coordinated online attack, host phishing content or share criminally acquired materials on your computer. These online criminals can also use your Internet connection to send spam to persons on your contact list and access remote websites.
There's no way we wouldn’t notice if we were infected by some cyber virus.
Traditionally, whenever a computer got infected it would show noticeable signs. These signs would include the computer running slow and pop-ups appearing all over the screen. However modern cyber criminals have evolved, as their methods and efficiency levels have improved so that their actions are undetectable to their victims.
The latest malicious software is built to be undetectable and untraceable by anti-virus programs. These malware can also perform a variety of illegal tasks such as accessing personal and financial data, and using your computer in a coordinated cyber attack without your knowledge. These cyber criminals work in the background, evading normal detection programmes.
Perform regular virus scans, and ensure that your anti-virus software is update. If you do notice anything suspicious on your computer, consult with an I.T. professional to ensure that your system is not breached.
–
We hope that you have now debunked these widely-held cyber security myths! Cyber security is a concern for all of us, and we all need to take action to keep our cyber hygiene up to date, and our digital assets secure.