There are many misconceptions about cybersecurity. Today I'm going to look at some of these myths. It's a good reminder for all of us to check our thinking.
Myth #1: Only the rich and famous are targeted
Cybersecurity is not just for big companies or celebrities. Many cyber attacks have got nothing to do with who you are. I wrote about this in "Has your website been hacked?". Attackers can use your server's processing power, your internet connection and your website reputation. They set up automated processes to scan sites for vulnerabilities.
Myth #2: My data isn't valuable
This relates to Myth #1. You might think your personal data is worthless, because you aren't rich and you have nothing to hide. But all data is valuable to a hacker.
It's time to take a long hard look at all the data you create, collect, store and use. It's not just data about your customers: it's also data about your employees and your suppliers.
Myth #3: Security is an IT responsibility
The best technology doesn't help if someone uses password123 to log onto your system! Remember what I wrote last week: 90% of security breaches involve human error. Cybersecurity starts with employee training.
Myth #4: Cybersecurity is very expensive
Many of the steps you can, and should, take to protect your data only cost time and effort, but very little money. Here are a few things that will improve your safety and cost you nothing:
- Set up basic security procedures.
- Restrict administrative and access privileges.
- Enable multi-factor authentication.
- Teach your employees to spot malicious emails.
- Check that your website is using HTTPS.
Myth #5: Outsourcing means it's not my problem
You have a legal and ethical responsibility to protect sensitive data. You need to verify that your partners and vendors have proper security in place. And if they lose your clients' data, it will still be your responsibility to tell your clients.
Myth #6: Public liability insurance will cover cyber breaches
Most standard insurance policies do not cover cyber incidents or data breaches. Check with your financial advisor. There are special insurance policies for this, but you need to know what the conditions are.
Myth #7: Hackers are scary outsiders
The Anonymous hacktivist movement adopted the Guy Fawkes mask. So when we think of hackers, that's the image we imagine. Grinning white faces with thin black mustaches, and narrow lifted eyebrows. But cyberattacks do not always come from outside. In larger companies, the risk of an internal actor is real.
Myth #8: Younger people already know about cybersecurity
The age of your employees does not determine their cybersecurity practices. Discuss cybersecurity before you give someone access to your social media, website, network or server.
Myth #9: Digital and physical security are different things
Physical access is an important component of digital security. And you may need to rethink this if your staff are working remotely. Do visitors or family members have access to your employee's computer? Does your employee visit the local coffee shop for internet access during power outages? You need procedures to prevent unauthorized physical access to sensitive information.
Myth #10: New devices are secure when I buy them
Sorry to disappoint you. Make sure the software is up to date. Change the manufacturer's default password. And configure privacy settings on your device before you use it.
As always, please share your thoughts and comments.