Cybersecurity is a topic that comes up on a daily basis when we talk with our clients. This comes as no surprise with the increase in cybercrime across the world. According to Cybersecurity Ventures, cybercrime is predicted to cost $6 trillion annually by 2021, up from $3 trillion in 2015.
As cybercrime becomes more common place, it is now more important than ever to stay informed on the latest and most accurate cybersecurity information to future proof your business.
Below are seven common cybersecurity misconceptions and the reality behind them.
Myth 1: Your business is too small to be targeted by hackers.
Reality: Small business made up over half of last year’s breach victims.
The news often highlights high-profile cyberattacks against larger entities, which may mislead many small businesses to feel they are safe from being targeted. In reality, all businesses regardless of size are at risk. According to the 2019 Verizon Data Breach Investigations Report, 43 percent of data breach victims are small businesses.
Myth 2: Strong passwords are enough to keep your data.
Reality: Two-factor authentication and data monitoring are also needed.
Strong passwords are an important foundation of good cybersecurity practices for businesses. However, hackers’ password cracking techniques grow more sophisticated each day and a strong password alone does not provide enough protection against unauthorized access. Multi-factor authentication, which relies on a piece of personal information beyond your password to grant access to an account, is an important way to safeguard your accounts against breach even if your password becomes compromised.
Myth 3: If Wi-Fi has a password, it’s secure.
Reality: Any public WiFi can be compromised, even with a password.
Many hotels, coffee shops, train stations, airports and other public places offer free Wi-Fi for patrons to connect to. These public Wi-Fi hotspot sources are convenient but can be compromised, even with a password. Other users using the same Wi-Fi password can potentially access any sensitive data being transmitted.
Myth 4: Anti-virus software will keep your business completely safe.
Reality: Software can’t protect against all cyber-attacks.
Although anti-virus software does a commendable job as one line of defense in securing your system against cyberattacks, no anti-virus or anti-malware software can keep your system safe from all types of cyber attacks. To maintain an edge, hackers are continuously evolving their strategies and improving their attack methods, to try to bypass anti-virus software and making their efforts increasingly difficult to detect.
Myth 5: Cybersecurity threats are only external.
Reality: Insider threats are just as likely, whether from human error malign intent.
While third-party threats are certainly a concern that should be monitored extensively, a comprehensive security plan requires that internal threats be watched just as closely. Research suggests that insider threats, whether from human error or malign intent, account for nearly three-quarters of data breaches. It is vital to have a system in place to deter and monitor these types of threats.
Myth 6: Annual employee security awareness training is sufficient.
Reality: Regular phishing exams and training prepares employees to recognize attacks.
One of the most effective measures you can take to protect your business and your bottom line is to train your employees and yourself in cybersecurity awareness. Yet, training employees how to recognize and defend against cyber attacks is the most under spent sector of the cybersecurity industry. Annual employee security awareness training is simply not enough to ensure they are able to identify and respond appropriately to continually evolving scams. Employees that are frequently trained to recognize the signs of phishing attacks become your organization's best line of defense against cybercriminals.
Myth 7: Cybersecurity is solely the IT Department’s responsibility.
Reality: Every staff member should be familiar with good cybersecurity practices.
Cybercriminals are attacking individuals, no longer just networks. The 2019 Official Annual Cybercrime Report reports that more than 90 percent of successful hacks and data breaches stem from phishing, emails crafted to lure their recipients to click a link, open a document or forward information to someone they shouldn’t. Ultimately it is the responsibility of each and every employee to be aware of the threats, know how to detect them and how to report them.