Security Myths

Myth 1: My company is too small to be the target of an attack.

A 2013 report issued by Verizon found that 75% of attacks were opportunistic and not targeted at a specific individual or company.  The report further details that of the data breach incidents:

• 78% required no specials skills or resources
• 76% exploited weak or stolen credentials
• 40% involved malware
• 29% used social tactics to gain information

In short, you are putting yourself at risk if you aren't putting in place at least the most basic security measures.

Additionally, in recent years some of the largest, most public data breaches were fount to be the cause of a supply chain vulnerability through which a vendor or contractor (often a small or medium-sized business) was used as an entry point to exploit a larger organization. It's important that your company take the necessary steps to make sure you don’t pose a cyber threat to those you provide goods or services to. 

Myth 2: We don't have any information of value.

Even casual computer users typically have some information of value on their systems.  Does your browser remember your login credentials?  Any banking information or personal information that could be used for identity theft or fraud is valuable.

As malware and other types of fraudulent activity become more pervasive, a seemingly benign interaction can have serious consequences.

Myth 3: We use Apple/Mac so we don't have to worry about viruses and malware

Threefold:

1) most new threats are targetted towards applications, not operating systems.  So, both Windows and Mac systems are equally as susceptible.  

2) a larger percentage of total vulnerabilities are discovered for Mac vs Windows.

3) There are just as many incidents of Macs systems get hacked as Windows systems when market share is taken into account.

Myth 4:  We do regular backups of our data, so it doesn't matter if the information is corrupted/lost.

Data backups cannot prevent the extensive collateral damage, such as Identity theft, that can be caused by a data breach.

In addition, some of the largest, most public data breaches in recent years were caused by a supply chain vulnerability through which a vendor or contractor (often a small or medium-sized business) was used as an entry point to exploit a larger organization.

By simply hacking or spoofing a company administrator's email,  fraudulent requests can be made to change the bank account numbers to which payments are wired, leading to large sums of money being lost. Once the data is made available, hackers can exploit it in many ways you wouldn't expect. It's important that your company take the necessary steps to protect your data to ensure that you don’t pose a cyber threat to your clients or employees. 

Myth 5: We are safe because we have a firewall, use anti-malware, and update regularly.

These are excellent practices for establishing security; but, they are insufficient if they are the only security measures you are using. 

Such protection cannot defend against malicious code directly introduced to a system by a user. This can be caused by employees browsing unsecured websites, opening attachments or links from unfamiliar sources, or downloading email attachments from unknown senders. 

According to CareerBuilder’s latest nationwide study, 9 percent of workers have accidentally downloaded a virus on their computer at work, 18 percent of workers have opened an email attachment or clicked on a link from a sender they didn’t know, & 18 percent have looked at a website that they knew wasn’t secure while at work.

In addition, the physical security of devices is often overlooked. Workers may be unknowingly putting their company or themselves at risk by leaving unlocked computers unattended, saving information on local storage drives that aren't password protected, or taking unsecured work devices offsite. Of the 26 percent of workers who reported having office laptops, 61 percent said they have critical, sensitive information stored on them, so if their laptop were stolen any information on its local storage could end up being compromised. 

Myth 6: We change our passwords every XX days so we are safe.

It has been shown that unless these are complex passwords, frequent changes are often less safe.  Complex passwords are harder to remember and frequent changes encourage individuals to come up with creative ways to placate the password requirements. Users will begin to write them down or make incremental changes in numbers such as MyPa$$word1, MyPa$$word2, MyPa$$word3. 

Ultimately, all password-protected systems are susceptible to hacking, but there are steps you can take to help thwart password cracking. To learn more, check out our article on Best Practices for Securing Your Passwords. 

Myth 7: Advanced hacking techniques render security worthless.

Looping back to Myth 1, most attacks happen to non-secured or weekly secured systems.  This is the "low hanging fruit" for hackers.  While a higher level of security will never guarantee 100% protection, it can certainly motivate hackers to seek easier targets.

Myth 8: Cyber breaches are covered by general liability insurance. 

Many standard insurance policies do not cover losses caused by cyber incidents or data breaches. Speak to your insurance representative to make sure you policy provides coverage for cyber incidents. 

Even if you outsource your IT to a vendor your organization is still legally and ethically responsible for protecting sensitive data. Put sharing agreements in place with your IT vendor and consult a trusted lawyer to help you determine your level of liability in the event of a data breach. 

Take Aways

Its easy for most people to take cybersecurity for granted, especially if they've never experienced data loss or theft before. The first step to securing your information and online accounts is by becoming more informed about potential threats and how to protect against them. 

The Wildcard Corp. blog archive is full of useful informational material covering may topics including cybersecurity, web development and IT solutions. Many of our cybersecurity articles are created for the purpose of educating the general public about cybersecurity best practices and how they help prevent data loss/theft.