Cyber Security Misconceptions

/ Risk Management / By

Cyber Security Misconceptions

mouse and bait

Introduction to Common Misconceptions

 

Cybersecurity misconceptions are the biggest security threat to every business, large and small, around the world. One of the most dangerous cybersecurity misconceptions relates to backup solutions, as businesses often think they are secure because they back up their data routinely, but this creates an illusion of safety that can be easily shattered with one ransomware attack. Let’s look at five of the most common cybersecurity misconceptions, including misconceptions about backups, government protection, and cloud services.

 
 
 

We Don’t Need Cybersecurity Because We Have No Connections to the Internet

 

Many small businesses don’t have any Internet-facing servers, so they think they don’t need cybersecurity. The truth is that any computer network is vulnerable to attack, especially if it contains sensitive information. There are many ways for hackers to gain access to your computers—it doesn’t require an Internet connection. Even if your systems are manual and don’t have internet access or data from customers or partners, those systems can be used as a steppingstone for hackers and malicious actors to reach their targets: critical infrastructure and other organizations with large amounts of valuable data. And most threats come through email and social media accounts. Your employees are the weakest link. Who can guarantee that your employees resist the temptation if a criminal asks them to plug a USB flash drive into one of your servers for $1000? What about for $100,000? That’s especially true for government networks. Even if you are completely air-gapped, you should treat all your business data as part of a larger security risk management process. In other words: secure everything!

The monastery on Lindisfarne island was “totally” isolated from the rest of the country too in 793 AD, until the vikings accidentally discovered it from the seaside, as you can see in the painting. And that’s how England was conquered.

We Don’t Need Cybersecurity Because We Are Small Businesses

 

If you’re a small business owner, you may think that cybersecurity doesn’t apply to you—and that someone else will take care of it. In reality, as we have shown before, nearly every company needs cybersecurity. Even if your business doesn’t have much data or any servers or sensitive information, it still likely has valuable trade secrets and intellectual property. The reasons behind many cyberattacks are opportunistic: Hackers know that smaller businesses often can’t afford enterprise-level security solutions and often don’t prioritize protection as much as larger companies do. So they target them instead because there is less risk involved and they stand to make more money with fewer resources allocated to protecting their systems. 

Many of these attacks come from automated software programs (bots) designed to detect unsecured computers. These bots scour public network ports looking for vulnerable devices and then enter those machines through existing vulnerabilities such as outdated applications or weak passwords. Once they have taken over an unsuspecting computer, they scan its files and folders searching for valuable information. Sometimes you won’t even know your system was hacked unless a customer complains about slow performance or notices an uptick in spam email being sent from your domain name.

whale Feeding

Cloud Will Protect Us

 

There’s a commonly held myth that the cloud will protect us. It won’t. If you run an online business, every interaction you have with your customers is potentially at risk. And, even if you don’t, when was the last time you accessed your local bank branch in person? When someone is trying to hack into your systems, using the cloud doesn’t make them go away; it makes them harder to find and stop. Think about what would happen if hackers were able to breach Amazon Web Services (AWS) and get access to everything Amazon knows about your company: every employee, every server, every file. 

Not good. Even though we can all agree cloud-based services are here to stay, one of their biggest drawbacks as far as cybersecurity goes is how quickly companies assume they’re secure just because they’re off-site. This simply isn’t true, so remember that there’s no such thing as perfect security—even if you are running some of your operations on AWS or Google Cloud or Microsoft Azure.

two men Stealing a Safe

We Have Backups So There’s No Need for Cybersecurity

 

Backups are a form of cybersecurity, but they’re only one part. Backups mean you won’t lose valuable data if your computer is hacked or crashes. And, backups can save you from those common security issues—like a stolen laptop that gets wiped clean by its new owner and has to be restored from your backup data. But, what good are backups if your business is completely laid waste by ransomware? Ransomware doesn’t take your computer hostage; it takes your business hostage! This type of malware encrypts important business files until you pay a ransom to get them back. So, even though we have backed up our work files and operating system, being able to restore after an attack does little good when all our work files have been encrypted with no way for us to decrypt them without paying extortion money.

Don’t let backups lull you into thinking your information is safe because if you don’t secure both digital and physical assets, then cybercriminals will find ways to steal what matters most: your information.

The Government Will Protect Us

It’s true that regulations like PCI DSS and FISMA mandate data security and compliance; however, their effectiveness is a fallacy. For example, even though security standards are in place, more than 471 million records were exposed by major retailers in 2013 alone. In fact, less than half of 1% of IT security budgets have anything to do with regulatory compliance. (Yes, only 0.45 percent.) This doesn’t mean you shouldn’t be compliant—you should! But it does mean you should use a proactive approach based on risk analysis and regular testing of your measures rather than being complacent because of misinformed presumptions about compliance rules. Some may say they follow government protocols to simply show they comply without actually having any impactful security. Don’t take chances; take action.

 
 
 

Conclusion about Common Cyber Security Misconceptions

 

As a business owner, you should not accept common misconceptions as reasons for not doing something. If everyone thinks they don’t need security, it makes it easier for hackers to get into business computer systems and make money from people using your services. By ignoring risk, you make your business vulnerable. Businesses that plan for security will be more secure than those who don’t. This also applies to home computers and families as well. Too many people believe their antivirus program is enough. The truth is most of these programs only deal with software issues, such as viruses or malware. They don’t deal with issues such as default passwords that were never changed from manufacturer settings or vulnerabilities in Internet connections like Bluetooth or NFC ports. Most businesses have employees that connect their personal devices to company networks but are unaware of what information they are giving away by doing so if these aren’t protected properly against outside access. Don’t assume a product works because someone says it does; do your research. Read about what others think about products instead of just blindly trusting someone else’s advice, no matter how valid that person seems to be. Never ignore your own gut instincts when making decisions on how important things are to protect. Personal experiences can teach us valuable lessons we can apply elsewhere.

 

Don't let hackers ruin your business! Receive a free evaluation of your security posture. Feel free to call or message on WhatsApp:
US: +1 919 907 9059
UAE: +971 056 449 6618

“Security is always excessive until it’s not enough” – Robbie Sinclair

Let's Work Together