Believing in the wrong things could be putting your business in harm’s way.
In the era of fake news and fake fake news, it’s never been more important to tackle myths and misinformation. That includes in the field of cyber security, where bad advice can have real, detrimental consequences for businesses.
Here are just seven cyber security myths that we think need to be debunked. We've also put together a handy infographic summarising this article – just scroll to the bottom of this post to view and download it.
The Cyber Security Breaches Survey 2019 shows that 31% of micro and small businesses in the UK reported cyber attacks in 2018. For large companies, that figure rises to 61% and for medium firms it’s 60%.
Overall, there has been a drop in the number of overall businesses reporting breaches, but these are still significant numbers, even for smaller firms. The fact that similar numbers of large and medium-sized organisations identified attacks last year suggests they’re equally attractive targets to criminals. Bearing that in mind, it makes sense for them to also approach their cyber security in likeminded ways. Particularly as medium-sized businesses begin to scale up, it’s important for their IT solutions to do the same, and that may include upgrading to enterprise-class cyber security.
Of course, it makes sense for your IT people to lead the way when it comes to cyber security, but they can’t be expected to go it alone. Criminals have the power to target any person or device in your business, so while your IT department (whether they’re in-house or outsourced) play an important role in providing security technology and monitoring, effective defences ultimately require vigilance right across your organisation. All the technology in the world won’t help if an employee falls for a phishing scam and gives away their login details to a criminal.
It’s necessary, therefore, to ensure everyone who works in your company, from board level right down to the person who waters the plants, has a good grip on basic cyber security. With the right training, many cyber attacks can be stopped before they have a chance to escalate.
^ You don't need to be a techie to know about cyber security
It might seem like you don’t have any data that would be of interest to hackers, but that simply isn’t the case. If you’re hacked, criminals could get access to anything, including:
This information could then be sold on the dark web or used to commit fraud against you.
Furthermore, if your data has value to you, then it has value to criminals. They may not be able to profit directly from your business reports, projects, emails and other things you’ve worked hard on, but they can use ransomware to lock that data down and to extort money from you.
The fact is criminals will target any systems they deem worthwhile. When Apple Macs were a niche product, it didn’t make sense for criminals to spend their time developing hacks for Mac OS X. But as Macs have grown in popularity and started using the same kind of processors used in Windows PCs, Mac malware has become more of a problem. Around the beginning of this year, it was reported that Mac malware detections leapt up 60% in just three months.
With iPhones and iPads, it’s a bit different. Unless jailbroken, iOS devices can’t install apps from anywhere other than the Apple App Store. This level of control makes this operating system inherently more secure than Android, because users are far less likely to encounter rogue apps. But iOS malware does exist, even for devices that haven’t been jailbroken, and even in the App Store.
By employing the right technology and by educating your people about cyber security, you will significantly reduce your chances of suffering a major cyber breach, but you can never be 100% safe. Hackers are always on the lookout for new vulnerabilities to exploit, and criminal gangs can be highly organised and professional.
This is why it’s so important to make regular backups and to have an effective disaster recovery strategy in place. Even if the worst happens, backup and disaster recovery (BDR) ensure your business continuity.
Although the overall number of businesses reporting cyber breaches has fallen over the past few years, repeat attacks have actually been increasing. According to the Cyber Security Breaches Survey, the typical number of attacks per business that reported breaches went from two in 2017 to six in 2019.
This makes sense if you think about it. Hackers already know your organisation has security weaknesses, so why not attempt another bite of the cherry?
If you do suffer a cyber attack, find out what happened and why, and then fix it as soon as possible.
^ With cyber breaches, lightning often strikes twice (or more)
Antivirus is a vital part of any cyber security plan, but it’s largely reliant on databases of known threats. When new malware is developed, it may be able to slip past antivirus software until it’s added to those databases. In some cases, malware can actually prevent antivirus apps from working or even turn it into malware too.
Software firewalls, meanwhile, aren’t an effective solution for most businesses – not on their own, at least. The most efficient way to stop an intrusion is with a hardware firewall, so it can filter all internet traffic as it enters your network and so you only have to configure one device and not several. Also, for a firewall on a PC to stop an intrusion, the hackers must already be on your network, in which case you still have a problem.
Just click on the image below to view and download the PDF file.