Cyber security is a huge topic in 2017. Over the last 25 years, one of the most valuable things I’ve learned is that one of the greatest weapons we have to prevent cyber-attacks is our own education.
There are many cyber security myths, but an accurate understanding of these 5 will be critical to your cyber posture as an individual and business owner.
1. Cyber security is just an IT issue. Everyone is vulnerable to a cyber security attack, not just your IT team. It’s important to remember that cyber security cuts across departments and is the same regardless of the IT implementation. Cyber security requirements are paramount across an organization, from the data center to the branch office to a mobile device.
2. Going back to paper (or disconnecting from the internet) minimizes risk. Nice try, but going back to paper can actually increase vulnerabilities. For example, one can’t know if paper copies of data have been illicitly copied or removed. To make matters worse, a disconnected network makes it harder to monitor because there is less logging data. This will then in turn make it easier for criminals to find the valuable information and strike unnoticed.
3. Using antivirus software is enough. I can’t stress this enough. Hackers have found multiple ways to subvert antivirus software and hide their own attacks in a system. In today’s world of quick and persistent threats, a prevention mindset to mitigate both known and unknown threats is essential. Antivirus is then only a starting point.
4. New features of IoT (Internet of Things) devices trump security. Security by design is starting to become increasingly common in IoT devices. It basically means implementing features so devices can work in a “zero trust” environment. But usability is key, and that is where a lot of IoT devices fail. You can’t expect people, especially elderly users, to jump through technical hoops to ensure security at the expense of productivity. You also can’t expect old IoT devices to have up to date security features on it.
5. You’ll never get attacked and breached. This kind of thinking – that it will never happen to me – is almost a guarantee that it will. There is no such thing as perfect security. Hackers continue to evolve; therefore, your security posture must also grow and develop. You should build security with a prevention-first mindset, and also view attacks as an opportunity to learn about vulnerabilities and grow stronger based on that knowledge.