Cybersecurity Myths Your Business Should Be Aware Of

Cybersecurity Myths Your Business Should Be Aware Of

What are the top Cybersecurity Myths you should be aware of in 2022? In this article, we will debunk some of the biggest misconceptions about digital security.

Myth 1: Hackers do not target small businesses

We understand why some small business owners feel like cybersecurity is not important to them. Cybersecurity can be a big investment for smaller firms and start-ups and many decision-makers would prefer to spend that money on other sections of the business.

However, there is no truth in the misconception that hackers do not target small businesses. In fact, a report from Barracuda found that cybercriminals are up to three times more likely to target small businesses than larger firms.

Why? Hacker’s smaller businesses as ‘low-hanging fruit’ and target their inadequate security infrastructure and take advantage of insufficient security training for staff for social engineering attacks.

Furthermore, the lasting damage of cyber-attacks to smaller businesses is greater than for enterprises. 60% of small businesses fail within six months of a cyber-attack or data breach. This is one of the biggest Cybersecurity Myths.

Myth 2: Antivirus and firewalls will protect my business

Firewalls and antivirus software are a brilliant first line of defense for your digital infrastructure – but attacks can and will get through them. A holistic cybersecurity strategy will need to use other methods of protection such as backups, cybersecurity awareness training and two-factor authentication.

First, antivirus software and firewalls are only effective if they are regularly updated and configured correctly. Not sure how to make sure they are running effectively? We recommend working with a Managed Service Provider (MSP) like ours to configure your security infrastructure for you

Secondly, antiviruses and firewalls can only protect your business from malicious software and intrusions. They are less effective at preventing social engineering attacks such as phishing scams, mishandled login credentials or internal threats. We will cover what is needed to prevent these attacks later!

Myth 3: Phishing attacks are easy to spot

A common misconception is that only the tech-illiterate fall for phishing attacks and that cyber awareness training is a waste of time for those who are “good with computers.”

This just is not the case. Phishing attacks – especially those specifically targeting your business for espionage – are becoming increasingly more convincing.

One of the most common forms of phishing is a spear phishing attack – where attackers use gathered intel about your business to make the email (or phone call) look legitimate. Over 65% of targeted attacks are done this way.

They commonly ask for payment or urgent action for a convincing reason. Attacks may also spoof a legitimate email – for example, a manager, the CFO or CEO.

Businesses need to train their staff on spotting phishing attacks and what sorts of emails to be suspicious about. However, even then, some phishing attacks may be too convincing to spot. For that reason, you will also need an email filter actively looking for phishing scams.

Myth 4: A long complex password will keep my account safe

A strong password policy is a cornerstone of a cybersecurity strategy. However, there are some other considerations to make other than having a long, complex password:

  • Enforce a policy to regularly change passwords. Some hackers may gain login credentials through phishing or a data breach. Changing passwords regularly removes this opportunity.
  • Encourage employees to remember passwords and not write them down. What is the point of a complex password if it is available for everyone to see on a post-it notes or a text file?
  • Your employees should never share their passwords – even with trusted colleagues, friends, and family.
  • Implement multifactor authentication to ensure that hackers cannot gain access to your employees’ accounts even if they have their passwords.

Myth 5: The only real concern is external threats

Insider threats pose just as much of a concern as external threats – if not, more as they are difficult to protect against. According to Gurugul, 98% of companies are concerned about insider threats whilst only 11% believe they’re well protected from them. This is often over looked Cybersecurity Myth.

Internal threats fall into three broad categories:

  • Negligent Insider
  • Stolen Credentials
  • Malicious Insider

Negligent insider threats are when an employee or executive negligently exposes your business to a cyber vulnerability – but unintentionally (or at least without malice). This is the most common insider threat.

These types of threats can be prevented through cyber awareness training or a Data Loss Prevention program.

Stolen credentials involve the loss of credentials – mainly through social engineering attacks such as phishing. Protecting from these attacks involves awareness training, two-factor authentication, and suspicious activity detection.

The least common type of insider threat is the malicious insider attack – where an employee or business partner causes damages or steals data intentionally. This is by the hardest to protect from as companies assume all their employees are not out to sabotage them.

The best way to protect from this is by enforcing strict access permissions (and ensuring employees can only access the data they need) and using data loss prevention (DLP) and monitoring tools.

These steps prevented a huge data incident in October 2021 when a Pfizer employee uploaded 12,000 confidential files to a Google Drive account – according to Reuters. This suspicious activity was detected and prevented by DLP software. Turns out, the employee had accepted a job offer from competitor Xencor, and this was attempted espionage.

How we can help secure your business

Cybersecurity infrastructure is a long, complex process. However, the return on investment (ROI) of cybersecurity projects is immense due to security expenses avoided is immense.

For instance, according to IBM’s Cost of a Data Breach Report 2021, the average cost of a data breach is $4.24M! That is why we highly recommend upgrading your security infrastructure and protecting your business from increasingly dangerous cyberattacks.

Want to learn how we can help you secure your business? Looking to deliver effective cyber awareness training? Want to explore what software solutions are best for protecting your business?

Contact us today and see how we can level up your business’s cybersecurity. We hope this list of Cybersecurity Myths has helped you distinguish between them.