“You can’t teach an old dog new tricks.”
This myth has been around since the 16th century and a lot of people actually think it’s true. I did too until Adam and Jamie, from Discovery Channel’s “Mythbusters”, proved otherwise.
The thing is:
In the physical world, there are long-held beliefs like these that have kept people in the dark for so long that a lot of us actually believe them without question. The same is also true in the cyber world.
“I’m too unimportant to get hacked.”
“I can’t get hacked if I’m anonymous on the Web.”
“No one can hack me because my Wifi is secure.”
People have believed and suffered the consequences of these myths for years. But now it’s time to take off your blindfold and step into the light. In this post, I’m busting the top 8 cyber security myths so you don’t have to suffer the consequences of a false sense of security.
So, let’s get to it!
1. I’m too unimportant to get hacked
It’s reassuring to think that only big businesses and important people can get hacked. After all, what would hackers want from a rank-and-file worker or a small business, right?
A lot, actually. A hacker may want to steal your personal or banking information. They may use the personal information they steal as a springboard for other crimes like spear phishing. They may even seek to make your Internet of Things home devices part of their botnet.
Small businesses don’t have it any better too. A study in 2016 says that 43% of cyber attacks target small businesses. This can be attributed to the fact that small businesses don’t have the same budget for cybersecurity hardware, software, and employee training.
Fact: Anyone can be hacked.
2. My strong password is enough to protect me
While it’s true that a strong passwordwill make it harder for hackers to access your accounts, you shouldn’t rely on it solely — especially if you use the same password for all your accounts.
What happens when a hacker somehow gets a hold of your login credentials? Answer: they get uninhibited access to all your accounts along with the services and information they contain.
This is why it’s important to not only have strong passwords but also unique ones. These strong unique passwords should also be coupled with two-factor authentication (2FA). 2FA requires anyone trying to log into your account on a new device to first provide a security code before they’re logged in.
Fact: You need a strong unique password together with 2FA.
3. No one can hack me because my Wifi is secure
You think you’re safe because your Wifi uses WPA2 encryption and is password protected?
While WPA2 may still be the most secure widely-available Wifi protocol today, experts have found a chink in its armor. This chink is called a KRACK attack. This attack allows hackers within range of your network (home or business) to steal sensitive information that was thought to be encrypted.
Thankfully, router manufacturers have fixed the vulnerability that allows KRACK attacks. But, that won’t be any help if you didn’t install your router’s latest security updates. You can also add another layer of protection by installing a VPN (Virtual Private Network) on your router. If you don’t yet know what a VPN is, click on this VPN beginner’s guide.
Fact: Even the WPA2 Wifi protocol can be hacked if it isn’t updated.
4. My antivirus is all I need
A good antivirus, with a built-in firewall, is a good tool to have against malware. Unfortunately, this single layer of security won’t protect you from other attacks such as Man-in-the-Middle (MitM) attacks, phishing scams (where you voluntarily enter your information on a web form), or insider attacks.
Think about the story of the three little pigs:
The big bad wolf easily blew away the straw house and the wooden house but failed when he got to the brick house, right?
That’s how you should look at cybersecurity. The sturdier your cybersecurity, the harder it is to beat. The way you make your cyber security sturdier is by having several layers of defense. Businesses, especially, should invest in cybersecurity since they don’t only risk losing their money but also their clients’ and customers’ data.
Fact: Cybersecurity requires several layers in order to work.
5. HTTPS means safety
You may think that the padlock icon and HTTPS prefixing a site’s URL means the site is secure. You’d be right. These symbols mean that any data flowing to and from that site is encrypted with SSL (Secure Sockets Layer). This means that anyone tapping into your online data via MitM attack won’t be able to read what you sent to an HTTPS site.
The problem is:
While HTTPS sites may be secure, it doesn’t necessarily make them safe. This is because scammers can get SSL certificates for their sites too. This makes it easier to fool people into trusting their sites. In fact, 49% of phishing sites actually use SSL!
Fact: HTTPS means security but not necessarily safety.
6. It’s the IT department’s problem
For employees, it’s easy to rely on your organization’s IT department to handle everything tech related. This is understandable since you wouldn’t want to tamper with something and risk responsibility for any untoward incidents.
When it comes to an organization’s cybersecurity, you have as much responsibility as any person from IT. It’s your responsibility as an employee to learn more about cybersecurity whether by your own research or by attending company-sponsored training or seminars.
It’s also your responsibility to report any signs of a possible or attempted cyber attack when they crop up. This is because IT can’t keep track of all possible attacks against all employees.
Fact: All employees are responsible for their company’s cybersecurity.
7. Threats always come from outside
A cybersecurity threat may spring up where you least expect — even from the inside of your organization.
This is because while many threats your organization faces may come from outside attackers, you’re also likely to get attacked from the inside by your employees, whether by inadvertence or malicious intention. An attack may come from a disgruntled employee, a former employee, or even a corporate mole.
This is why your organization should have a defense plan against attacks from the inside and out.
Fact: An attack can come from inside or outside an organization.
8. It’s possible to become 100% cyber secure
I have to admit that I used to believe this one myself. Chalk it up to being a naive youth I guess. I only learned about the truth once I started studying cyber security.
The truth is:
No matter how many layers of security you have, there’s just no way to be 100% safe. This is because cybersecurity is an arms race. As cyber defenders get better, so too do cyber attackers.
What cybersecuritycan do is reduce the chances of an attack through early threat detection or mitigate the effects of an attack and help you recover more quickly.
Fact: Cybersecurity only reduces the chances of an attack.
The truth shall set you free
Now that you know the facts from the myths, you can start taking the necessary steps towards better cybersecurity.