5 Common Cybersecurity Myths Your Business Should Be Aware Of
5 Common Cybersecurity Myths Your Business Should Be Aware Of
Thankfully, businesses are now more aware than ever of cyberthreats and are starting to take cybersecurity very seriously. However, as awareness of cyber threats grows, so does the number of cybersecurity myths that circulate. Cybersecurity myths or misinformation could leave your business vulnerable to threats and may render your security infrastructure ineffectively. Here are the top cybersecurity myths you should be aware of right now, to support your digital security.
Myth 1: Hackers don’t target small businesses
We understand why some small business owners feel like cybersecurity isn’t important to them. Cybersecurity can be a big investment for smaller firms and start-ups and many decision-makers would prefer to spend that money on other sections of the business.
However, there’s no truth in the misconception that hackers don’t target small businesses. In fact, a report from Barracuda found that cybercriminals are up to three times more likely to target small businesses than larger firms.
Why? Hackers see smaller businesses as low-hanging fruit’ and target their inadequate security infrastructure. They can take advantage of insufficient security training of staff for social engineering attacks.
Furthermore, the lasting damage of cyber attacks to smaller businesses is greater than for enterprises. 60% of small businesses fail within six months of a cyber attack or data breach.
Myth 2: Antivirus and firewalls will protect my business
Firewalls and antivirus software are an excellent first line of defence for your digital infrastructure. However, attacks can, and will, get through them. A holistic cybersecurity strategy incorporates other methods of protection such as backups, cybersecurity awareness training and two-factor authentication.
First of all, antivirus software and firewalls are only effective if they’re regularly updated and configured correctly. How can you make sure they’re running effectively? We recommend working with a Managed Service Provider (MSP) like ours to configure your security infrastructure for you.
Secondly, antiviruses and firewalls can only protect your business from malicious software and intrusions. They’re less effective at preventing social engineering attacks such as phishing scams, mishandled login credentials or internal threats. We’ll cover what’s needed to prevent these attacks later on.
Myth 3: Phishing attack are easy to spot
A common misconception is that only the tech-illiterate fall for phishing attacks and that cyber awareness training is a waste of time for those who are good with computers. In reality, this just isn’t the case. Phishing attacks – especially those specifically targeting your business for espionage – are becoming increasingly more convincing.
One of the most common forms of phishing is a spear phishing attack – where attackers use gathered intel about your business to make the email (or phone call) look legitimate. Over 65% of targeted attacks are done this way.
They commonly ask for payment or urgent action for a convincing reason. Attacks may also spoof a legitimate email – for example, a manager, the CFO or CEO.
Businesses need to train staff on spotting phishing attacks and the type of emails to be suspicious about. However, even then, some phishing attacks may be too convincing to spot. For that reason, you’ll also need an email filter actively looking for possible phishing scams.
Myth 4: A long complex password will keep my account safe
A strong password policy is a cornerstone of a cybersecurity strategy. However, there are some other considerations to make in addition to having a long, complex password:
- Enforce a policy to regularly change passwords. Some hackers may gain login credentials through phishing or a data breach. Changing passwords regularly removes this opportunity.
- Encourage employees to remember passwords and not write them down. What’s the point of a complex password if it’s available for everyone to see on a post-it note or a text file?
- Your employees should never share their passwords – even with trusted colleagues, friends and family.
- Implement multifactor authentication to ensure that hackers can’t gain access to your employees’ accounts even if they have their passwords.
Myth 5: The only real concern is external threats
Insider threats pose just as much of a concern as external threats – if not, more as they’re difficult to protect against. According to Gurugul, 98% of companies are concerned about insider threats whilst only 11% believe they’re well protected from them.
Internal threats fall into three broad categories:
- Negligent Insider
- Stolen Credentials
- Malicious Insider
Negligent insider threats are when an employee or executive negligently exposes your business to a cyber vulnerability – unintentionally (or at least without malice). This is the most common insider threat.
These types of threats can be prevented through cyber awareness training or a Data Loss Prevention program.
Stolen credentials involve the loss of credentials – mainly through social engineering attacks such as phishing. Protecting from these attacks involves awareness training, two-factor authentication and suspicious activity detection.
The least common type of insider threat is the malicious insider attack – where an employee or business partner causes damages or steals data intentionally. This is by the hardest to protect from as companies generally assume all their employees aren’t out to sabotage them.
The best way to protect from this is by enforcing strict access permissions (and ensuring employees can only access the data they need) and using data loss prevention (DLP) and monitoring tools.
These steps prevented a huge data incident in October 2021 when a Pfizer employee uploaded 12,000 confidential files to a Google Drive account – according to Reuters. This suspicious activity was detected and prevented by DLP software. It transpired that the employee had accepted a job offer from competitor Xencor, and this was attempted espionage.
How can Extech Cloud help secure your business?
Cybersecurity infrastructure is a long, complex process. However, the return on investment (ROI) of cybersecurity projects is immense due to security expenses avoided is immense.
For instance, according to IBM’s Cost of a Data Breach Report 2021, the average cost of a data breach is $4.24M! That’s why we highly recommend upgrading your security infrastructure and protecting your business from increasingly dangerous cyberattacks.
Want to learn how we can help you secure your business? Looking to deliver effective cyber awareness training? Want to explore what software solutions are best for protecting your business?
Get in touch with us today and see how we can level up your business’s cybersecurity.
Book a free online consultation
We love talking to businesses and understanding what they do and what they need. If you'd like to book a short, no obligation consultation, please provide us with your details. We understand that you may already have an IT company, consultant or team, so all contacts are treated as completely confidential. A fresh new IT approach could begin here...
Get answers to common questions here.
News & Resources
Get latest updates, downloads and white papers.