Security Myths

Debunking a few common security myths.

Myth 1: My company is too small to be the target of an attack.

According to a 2013 report issued by Verizon, 75% of attacks were opportunistic and not targeted at a specific individual or company.  The report further details that of the data breach incidents:

  • 78% required no specials skills or resources
  • 76% exploited weak or stolen credentials
  • 40% involved malware
  • 29% used social tactics to gain information

In short, you are putting yourself at risk if you aren't putting in place at least the most basic security measures.

Myth 2: We don't have any information of value.

Even casual computer users typically have some information of value on their systems.  Does your browser remember your login credentials?  banking information, personal information that could be used for identity theft.

Myth 3: We use Apple/Mac so we don't have to worry about viruses and malware

Threefold: 1) most new threats are targetted towards applications, not operating systems.  So, both Windows and Mac systems are equally as susceptible.  2) a larger percentage of total vulnerabilities are discovered for Mac vs Windows. 3) There are just as many incidents of Macs systems get hacked as Windows systems when market share is taken into account.

Myth 4:  We do regular backups of our data, so it doesn't matter if the information is corrupted/lost.

Silent corruption can go unnoticed beyond the backup retention policy.  Identity theft and data leaks are not recoverable through backups.

Myth 5: We are safe because we have a firewall, use anti-malware, and update regularly.

These are excellent practices for establishing security; but, they are insufficient if they are the only security measures you are using. 

Myth 6: We change our passwords every XX days so we are safe.

It has been shown that unless these are complex passwords, frequent changes are often less safe.  Complex passwords are harder to remember and frequent changes encourage individuals to come up with creative ways to placate the password requirements.  Users will begin to write them down or make incremental changes in numbers such as MyPa$$word1, MyPa$$word2, MyPa$$word3.  Either way, it weakens the strength of your security.

Myth 7: Advanced hacking techniques render security worthless.

Looping back to Myth 1, most attacks happen to non-secured or weekly secured systems.  This is the "low hanging fruit" for hackers.  While a higher level of security will never guarantee 100% protection, it can certainly motivate hackers to seek easier targets.