Five common cybersecurity myths your business should be aware of
Businesses are more aware than ever of cyber threats and take cybersecurity very seriously. In fact, a recent study found that nearly two-thirds of UK CEOs are concerned about how cyber threats could harm their business, writes Tim Walker, MD, Aura Technology.
Believing these ill-informed myths could leave you vulnerable to threats or reduce your security infrastructure’s effectiveness.
In this article, we’ll debunk some of 2023’s biggest misconceptions about digital security.
1: Hackers don’t target SMEs
Cybersecurity requires investment and many decision-makers would prefer to spend money on other sections of the business.
However, there’s no truth in the misconception that hackers don’t target SMEs. In fact, a report from Barracuda found that cybercriminals are up to three times more likely to target SMEs than enterprises.
Why? Hackers see smaller businesses as ‘low-hanging fruit’ and target their inadequate security infrastructure and insufficient staff training via social engineering attacks.
Furthermore, the lasting damage of cyberattacks to SMEs is often greater, with the majority of SME businesses failing within three years of an attack or data breach.
2: Antivirus and firewalls alone are enough protection
Firewalls and antivirus software are a brilliant first line of defense but attacks can get through them. While they can protect your business from malicious software and intrusions, they are less effective at preventing social engineering attacks such as phishing scams, mishandled login credentials, or internal threats.
A holistic cybersecurity strategy will use additional methods of protection such as backups, awareness training, intrusion detection, and two-factor authentication.
3: Phishing attacks are easy to spot
A common misconception is that only the tech-illiterate fall for phishing attacks and that cyber awareness training is wasted on those who are “good with computers.”
In reality, this is not the case. Phishing attacks – especially those specifically targeting senior executives – are becoming increasingly more convincing.
Businesses must train staff (and executives!) to spot phishing attacks and to identify those emails to be suspicious of. However, even then, some attacks may be too convincing to spot. For that reason, you’ll also need good email security, actively looking for phishing scams.
4: A long complex password will keep my account safe
Strong passwords are a cornerstone of cybersecurity strategy. However, there are other considerations to consider:
- Never write passwords down
- Never share passwords – with anyone!
- Use multifactor authentication to prevent malicious access to your accounts even with the passwords.
5: The only concern is external threats
Insider threats pose as much concern as external threats – sometimes more because they’re difficult to protect against. According to a recent survey, 98% of companies are concerned about insider threats whilst only 11% believe they’re protected from them.
Internal threats fall into three broad categories:
- Negligent Insider
- Stolen Credentials
- Malicious Insider
Negligent insider threats (the most common) involve an employee or executive unintentionally exposing your business to a cyber threat (without malice).
These threats can be prevented through cyber awareness training or Data Loss Prevention.
Stolen credentials involve the loss of credentials – mainly through social engineering attacks such as phishing. Prevent this with awareness training, two-factor authentication, and suspicious activity detection.
The least common type of insider threat is a malicious insider attack – where an employee or executive causes damage or steals data intentionally. This is the hardest to protect against.
Conclusion
Cybersecurity infrastructure is complex. However, the return on investment is immense as the potential for expense avoidance is large.
Talk to a trusted IT partner, to ensure you proactively mitigate these risks.
Tim Walker
Contact Aura Technology
03333 208 601
