Browse Definitions :
Guest Post

5 cybersecurity myths and how to address them

These myths persist due to misinformation and a lack of cybersecurity awareness.

Poor cybersecurity has been identified as the most pressing threat to businesses today.

Issues with cybersecurity often stem from a lack of cybersecurity awareness. According to the 2020 Cyberthreat Defense Report by CyberEdge Group, a lack of cybersecurity awareness was identified as the biggest detriment to an organization's cyber defenses.

The reasons for this lack of awareness include no training on cybersecurity and persistent misinformation. Despite more media attention than ever, there are still some common misconceptions about cybersecurity that put businesses at risk.

Here are some of the top myths around cybersecurity and how you can address them.

1. Cybersecurity isn't my responsibility

IT security is still viewed as the IT team's problem when that's not the case at all. All employees have a responsibility to ensure the security of their business. Your people are the frontline of your defense and represent its biggest attack surface. They are the people hackers are targeting with phishing campaigns because they're banking on a lack of security knowledge.

This myth can have serious consequences if your people don't practice basic cybersecurity hygiene. If they don't take care when clicking links in emails or downloading software, they could compromise your business's security. Education is critical because your employees need to understand why cybersecurity is so important and that they have a role to play. Training will also equip them with the skills to spot threats and change their behavior for the better.

2. Hackers don't target small businesses

If media coverage is anything to go by, only large such as organizations such as Yahoo, Uber and Marriott get attacked, right?

Wrong.

This myth is particularly persistent because of mainstream news and the fact that hackers can potentially extort higher sums of money from these businesses. But the Federation of Small Businesses reported that U.K. small businesses are targeted with over 10,000 cyber attacks a day. The same report highlighted widespread weak security procedures in small businesses, including a lack of formal password policies, not installing updates and not using security software.

While the financial gain from targeting enterprises is more lucrative, the stakes are higher for small businesses. Cybercriminals know this. A cyber attack could destroy a small business and force it to close, and that's why one small business is successfully hacked every 19 seconds in the U.K. Small businesses that have a limited cybersecurity budget should tap into the knowledge of an IT support service, who can advise on the most suitable defenses.

3. My passwords will keep me safe

There are still two long-held misconceptions around passwords. The first is that adding capital letters, numbers or special characters to your one-word password will make it uncrackable. This myth is perpetuated by a lot of business accounts that have these requirements.

However, the real measure of password security is length. Software can crack short passwords -- no matter how complex -- in a matter of days. But the longer a password is, the more time it takes to crack. The recommendation is using a memorable phrase -- from a book or song, for example -- that doesn't include special characters.

But determining a strong, uncrackable password is only the first step. If the service you're using is hacked and criminals gain access to your password, you're still vulnerable. That's where two-factor authentication and multifactor authentication come in. These methods require you to set up an extra verification step. When you log in, you'll be prompted to enter a security code, which will then be sent to your phone or accessed via a dedicated verification app. That means if a hacker ever gets their hands on your password, they'll still be thwarted.

4. A basic antivirus software will be enough to protect my business

Gone are the days where your McAfee or Avast antivirus software will be enough to protect your business. Now, there are dedicated tools to fight against specific threats, such as ransomware.

A synchronized approach to security -- where your tools all interact with one another -- is generally accepted as the strongest. Your security toolkit should cover your endpoint, firewall, network connections, email and more. In addition, backup and disaster recovery tools are recommended to mitigate any potential incidents.

5. We only need to protect against hackers

While hackers pose an enormous threat to your business, you can't ignore the possibility of malicious insiders or even staff accidents. One of the most highly publicized accidental breaches was a Heathrow Airport staff member losing a USB stick with sensitive data on it. Luckily, the person who found it handed it in rather than using it maliciously. However, the company was still fined 120,000 pounds (around $156,000) for its serious failings in data protection.

Equally, a disgruntled employee who has access to sensitive employee or customer information could willingly steal or share it. Locking down access to your core systems and ensuring fewer employees have access to them can help you protect against this. For accidental breaches, implement policies that state removable devices must be encrypted. You can also configure your email settings to block certain attachments from being shared outside of your organization.

Are you or your staff members guilty of believing any of these myths?

Barry O'Donnell is the chief operating officer of TSG, an IT service management company.

Dig Deeper on Security

SearchNetworking
  • cloud-native network function (CNF)

    A cloud-native network function (CNF) is a service that performs network duties in software, as opposed to purpose-built hardware.

  • microsegmentation

    Microsegmentation is a security technique that splits a network into definable zones and uses policies to dictate how data and ...

  • Wi-Fi 6E

    Wi-Fi 6E is one variant of the 802.11ax standard.

SearchSecurity
  • MICR (magnetic ink character recognition)

    MICR (magnetic ink character recognition) is a technology invented in the 1950s that's used to verify the legitimacy or ...

  • What is cybersecurity?

    Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats.

  • Android System WebView

    Android System WebView is a system component for the Android operating system (OS) that allows Android apps to display web ...

SearchCIO
  • privacy compliance

    Privacy compliance is a company's accordance with established personal information protection guidelines, specifications or ...

  • contingent workforce

    A contingent workforce is a labor pool whose members are hired by an organization on an on-demand basis.

  • product development (new product development -- NPD)

    Product development, also called new product management, is a series of steps that includes the conceptualization, design, ...

SearchHRSoftware
  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

  • hybrid work model

    A hybrid work model is a workforce structure that includes employees who work remotely and those who work on site, in a company's...

SearchCustomerExperience
  • Salesforce Trailhead

    Salesforce Trailhead is a series of online tutorials that coach beginner and intermediate developers who need to learn how to ...

  • Salesforce

    Salesforce, Inc. is a cloud computing and social enterprise software-as-a-service (SaaS) provider based in San Francisco.

  • data clean room

    A data clean room is a technology service that helps content platforms keep first person user data private when interacting with ...

Close