Cybersecurity myths are pervasive ideas people have about cybersecurity that weaken your cybersecurity posture. These myths often are defense mechanisms, rationalizations for apathy and inaction. It is important to dispel these myths. Otherwise, you could be opening yourself, or your business, to vulnerability.
Cybersecurity Myth #1: Cybersecurity is the IT Guy’s Problem
If you work in an office or company, it is tempting to not engage in cybersecurity. After all, it is not your area of expertise, and the IT expert knows what they are doing. But the thing is, cybersecurity is everyone’s problem. In a functioning business, your company is only as strong as your weakest link.
In 2016, Ponemon Institute polled 601 individuals associated with companies regarding cybersecurity. The study found that 55% of individuals stated that their organization had a “security incident or data breach due to a malicious or negligent employee“. Therefore, it is necessary to educate all employees on proper cybersecurity hygiene, lest some intern clicks on a phishing link.
Myth #2: Only Large Places Like Target, Equifax, or Facebook are Targeted
A small business owner often assumes that they will never be the victim of a breach. This cybersecurity myth is so common because it seems odd that a small business would be attacked. Why would Fat Cat Produce or Uncle Jimmy’s BBQ be on someones radar? And yet, According to the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, 61% of small/medium businesses experienced a cyber attack within the previous 12 months.
Because of this cybersecurity myth, many small businesses have no idea what to do when they are breached. Many companies do not have a planned budget to deal with the fallout of an attack. Additionally, a lot of companies aren’t prepared to mitigate a threat efficiently, even if they did have the budget.
Myth #3: You can Avoid a Data Breach by Having a Good Password
We have talked extensively on the importance of having a good, solid password. However, a good defense is a multi-layered defense. A hacker can crack even the most proficient passwords. To have a truly secure system, you need to enable multi-factor authentication. Additionally, you need to model your defense system to be predicative and actively monitor your systems.
Myth #4: You will Know When Your Computer is Affected Immediately
Just last week, we saw a glaring example of this cybersecurity myth being categorically false. The Marriott Breach took four years to find. It can take months before you realize that you have been compromised. Modern strains of malware are often stealthy. Additionally, hackers are always breeding new strains for the specific purpose of slipping past ex-filtration systems and other blocks.
Myth #5: Cybersecurity can be Fully Achieved
The ultimate cybersecurity myth is that there is a silver bullet. There is no miracle solution, no cure all to cyber attacks. Cybersecurity is a constant threat and the fight for data privacy is daily. The key is resilience. Your goal is not to achieve perfect security, but to have the systems in place that empower you to reactive quickly to a cyber attack, and mitigate it before it causes much damage. Additionally, it is important to be able to have procedures set in place that allow you to efficiently get your company back on track efficiently.