Cybersecurity is a critical part of every organization. Despite its significance, many misconceptions persist among people regarding the field of cybersecurity. These can vary from benign to dangerous beliefs that could negatively impact their own personal security. Today I want to dispel some of these myths and shed some light on the realities of security.
Myth 1: My organization is small; nobody will attack me
Many believe that only large corporations or high-profile people get targeted for cyberattacks. Small organizations and individuals will naturally put their guard down, assuming safety even if it’s not guaranteed. Consider: Why do we lock our front doors? We know the chances of a break-in are slim, perhaps none, but we do it “just in case”. The same logic can be applied to your digital security practices.
The reality is, that anyone can be a target for a hacker. If you’re an organization that provides any sort of service, the data you keep is valuable and must be protected. Likewise, if you’re someone who has an online presence, your personal information has value and can be stolen. This is why security measures are imperative – make cybersecurity a habit, not a chore.
Myth 2: Cybersecurity is expensive, there’s no room in our budget for security expenses
Cybersecurity is expensive and involves a wide range of technical and practical knowledge. The reality is that implementing robust cybersecurity measures may put a dent in a company’s wallet – this makes some apprehensive as to whether it’s all worth it in the first place.
The question arises: Who would hack a small business? (As it turns out, many would.)
While cybersecurity may require an initial investment, the actual cost of a cyberattack can far exceed any amount spent on preventative measures. In the scenario of a breach, the loss isn’t only financial – it’s reputational and may lead to legal repercussions. The cost of recovery can be insurmountable – the business will have to convince those whose data was deleted or stolen that it won’t happen again. In a time where many businesses offer the same service, this can be an impossible task. By allocating resources to cybersecurity from step 1, business owners can significantly reduce the risk of cyber threats and data loss. They’ll be safer and sleep better at night.
Myth 3: As long as it’s strong, it’s fine to use my password across multiple accounts
Passwords function as locks. They’re the first obstacle an attacker has to get through when targeting an account. While one must not underestimate the power of a good password, password reuse severely diminishes the effectiveness of strong passwords. If an attacker manages to get access to one of your account credentials, either through database leaks or phishing, they effectively have access to all of your other accounts. You wouldn’t lock two things with the same key, your digital security should be held up to the same standards.
The issue many people have is that of convenience. It’s CONVENIENT to reuse passwords, but it’s not safe. If you have trouble remembering many difficult passwords (so do I!), consider getting a password manager. A password manager allows you to save all your passwords in a “vault” of sorts. This means you’ll never forget a tricky password, so long as you’ve got your password manager set up. An added benefit is the auto-fill feature, which automatically fills your password when you’re logging in.
Myth 4: I’ll know a phishing email when I see one
Most phishing emails are obvious. The signs are all there: typos galore, a suspicious domain, and an offer you “simply can’t refuse”. Phishing emails are designed to trick the receiver into disclosing private information, such as credentials or credit card details. Unfortunately, they come in all shapes and sizes. Cybercriminals are becoming increasingly sophisticated when creating phishing campaigns, nowadays phishing emails may not be caught at first glance. For example, a hacker may have access to a company email address. This allows them to masquerade as that email’s owner, increasing the likelihood that they’ll be trusted implicitly.
Whenever you receive an email, make sure to check it thoroughly before clicking any links or opening attachments. This includes checking the domain of the email for any sneaky typos, inspecting any links and ensuring they’re what the email claims (a Google email will never redirect you to a non-google domain), reading through the language (it will often be urgent or threatening), and more. Take a few minutes, look at what’s being sent to you and triple-check for any red flags. A moment of carelessness is all it takes for a hacker to get a foothold.
Myth 5: Cybersecurity is solely the responsibility of the IT department
If you’re not in an IT role, it can be easy to think that the security of your organization is not your responsibility. While a designated security team is important for handling incidents and bolstering a healthy security culture within a company, effective cybersecurity is a collaborative effort. The simple act of, say, reporting a suspicious email can help strengthen the security of a company and defend against any malicious actors.
Human error can be a significant factor in cyber incidents, therefore it’s vital to foster a culture of cyber awareness within any company. Building awareness through regular training sessions, simulated phishing exercises, and friendly, transparent communication about security topics contributes to a more resilient cybersecurity posture.
Conclusion
When talking about good security, separating fact from fiction is a must. As technology advances, so do the tactics of cybercriminals. The ever-evolving threat organizations face is one that must be faced head-on.
The key lies in staying informed. Knowledge is power – hackers are always learning, and so should you. By embracing the realities of cybersecurity, we can navigate the digital landscape confidently and safely.
About Author & Author Note
Ana Batranović is one of the youngest stars in the UN1QUELY sky. An energetic penetration tester, ethical hacker, and certified Red Team operator, she is eagerly broadening her cybersecurity and tech knowledge around the clock.