There is a lot of misinformation out there when it comes to cyber security. That misinformation can, in some cases, devastate your business. by learning how to sepreate the nyth from reality, you can help keep your business cyber secure. Below are 8 common cyber security myths that could harm your business.
1. Your business is too small to be attacked by hacker
Nothing could be further from the truth. We are used to hearing of big companies getting breached for big dollars. The truth is, small businesses made up over half of all the breaches in 2018. Why? Simply put, most small businesses don’t have the resources to fortify their networks, so the hackers will target the networks that are easier to get into first.
2. Strong passwords are enough to keep your business safe
While having a strong password is much better than a default or no password, having multifactor authentication is even better. Passwords can be hacked or stolen, but having the multifactor authentication adds an extra layer of security. Sometimes that is all that's needed to make a hacker decide to move onto the next target. Check out our previous blog to learn how multifactor could have saved Voova from a breach.
3. Antivirus software will keep your company completely safe
Again, while it is very important, it can’t stop all cyber attacks. Antivirus software can’t protect you from a social engineering attempt where all they need you to do is give away sensitive information. And if your antivirus software isn’t up-to-date, it may not keep the latest malware from infecting your systems.
4. If the Wi-Fi has a password, then it is secure
The reality is any public Wi-Fi can be compromised. When using public Wi-Fi, ensure you are using a VPN first to keep data safe. If that's not possible, avoid doing anything that requires confidentiality on public Wi-Fi. Even better, avoid public Wi-Fi for business altogether.
5. Cyber security threats are only external
Nothing could be further from the truth. One of the biggest breaches in Canada in 2019 happened at Desjardins when an employee started selling customer data. While Verizon’s Data Breach Investigation Report shows 28% of all attacks perpetrated by insiders, note that not all of these insiders were malicious. Some cases were just human error (opened a phishing email). Providing employee education on cyber security, called cyber awareness training, can help reduce some of these "insider threats".
6. Annual employee security awareness training is enough
How good are you at something you only practice once a year? For employees to better recognize phishing and social engineering attacks, regular on-going training is a must!
7. You’ll know right away if you are hacked
Some forms of malware today are designed to hide in a network for a long time undetected before the “payload” is released. According to the Verizon study, 68% of breaches took months or longer to discover. Even worse, once discovered, it can also take a long time before systems are patched, viruses are contained, and everything is up and running normally.
8. Cyber Security is solely the IT department’s responsibility
That’s a lot of responsibility to put on the IT department’s shoulders. Every staff member needs to be trained on cyber security best practices, so they don’t fall for phishing campaigns. The IT department can’t and shouldn't be held responsible for what other employees do at their desks. Everyone in the organization needs to be aware of the following mantra "cyber security is everyone's responsibility."
Need help busting any of these myths? Check out Uzado's services and contact us today.