Technology is incredible. In many ways, it’s making our work and personal lives easier and more efficient. Still, the flip side of technology is that it’s a treasure trove of vulnerabilities and golden opportunities for talented hackers.
Cybersecurity can be complicated, so it’s not discussed too much in the media, and many companies shy away from it. Because of this, cybersecurity myths and misinformation are common, and we’re seeing a lack of cybersecurity awareness among business decision-makers.
We asked the experts at ESET to round up the most common cybersecurity myths that are holding businesses back from protecting themselves properly.
Cybersecurity myth #1: Cybercriminals only target big corporations
It is a persistent myth, and it makes sense: when hackers successfully breach big companies like banks and telcos, it’s national news. While it’s true that cybercriminals often target larger corporations to gain access to large amounts of data or attempt to extort big sums of money, they can also target smaller businesses.
Unfortunately, small and midsize companies tend to have less or weaker cybersecurity measures, so they’re on hackers’ radars. A cyber attack can have devastating effects on a business, no matter what size. All data is valuable, and cybercriminals don’t discriminate, which is why it’s important to keep small business cybersecurity top of mind — even if you’re a startup.
Cybersecurity myth #2: You’ve installed antivirus software, so your job is done
Well done if you already have a good antivirus and antimalware software installed! But just like any software, you’ll need to keep it updated to be effective. Have you noticed how often software update notifications pop up on your devices? That’s because manufacturers constantly release patches to fix flaws and address new bugs, so the software can continue to protect your device and data.
Most software programs update when it takes to make a cup of coffee or get some fresh air, but if you tend to ignore those notifications, it’s worth switching on auto-updates. That way, your device will update automatically at a time when you’re not actively using it.
Cybersecurity myth #3: Most apps and software are safe and will thoroughly protect your business
We wish this were true! The world of cybersecurity would be much easier to navigate if apps and software were naturally safe. While premium software programs offer endpoint protection and work to defend against a range of cybersecurity risks, including viruses, ransomware, malware, spyware and phishing scams, they’re not a catch-all solution.
As a business, invest in third-party security software and build an incident response plan that details the steps to follow if your company does fall victim to a cyber attack. With these measures in place, you’ll be better prepared to prevent cyber attacks and react quickly to mitigate any losses.
It’s also a good idea to offer cybersecurity training to your employees. For more guidance, check out ESET’s Cybersecurity Awareness Training. The user-friendly training walks you through best practices and explains how to make cybersecurity part of your company’s culture to get your team on board.
Cybersecurity myth #4: You’ll know right away if you’re a victim of a breach
Cybercriminals are getting cleverer, and their attacks are becoming more and more sophisticated. What does this mean? It might take time to be obvious if your systems have been compromised or your data has been leaked. Sometimes, it can take companies days, months or even years to realize their systems or devices have been infected.
Let’s look at phishing emails as an example. You might think it’s always easy to spot a fake email, but hackers put a lot of effort into making their emails look authentic and convincing. Phishing emails also tend to prey on emotions, like fear or anxiety, which can compel people to click on links or attachments without second thoughts. It is another reason why cybersecurity training is so necessary.
Cybersecurity myth #5: You can fully outsource your cybersecurity
Maybe you have an in-house IT department, or maybe you’ve engaged a third-party vendor to handle your cybersecurity needs. Either way, you can’t “hand off” 100% of the responsibility to another person or company.
As a business, your employees are on the front lines and are key to protecting your company and its data. Along with giving your security professionals the tools they need to do their job, you want to emphasize to your team members that they have a role to play in cybersecurity.
As part of your training, cover these topics and offer employees a chance to ask questions:
- Create a unique, complex password for every account they use at work, including the intranet, Zoom and email. Or better yet, offer access to a password manager to help store and generate passwords.
- Activate multi-factor authentication (MFA), so your staff will need to enter a username, password and other information before signing in to key accounts.
- Back up your data regularly, and maintain two backups; one on the cloud and another on a physical hard drive.
- Hop on a Virtual Private Network (VPN) while working.
- Take care when clicking on links or attachments in emails.
- Avoid downloading any software before running it by an expert.
- Mark suspicious emails as spam and report them to the company’s point person.
Invest in multi-layered protection, and take that task off your plate
Now that you know the myths about cybersecurity, one thing you can outsource is software, which is your first line of defence. The crucial in the post-pandemic environment, where many employees work remotely. Invest in cybersecurity today.