by Phil Keeney – Director of Technology Solutions, Stambaugh Ness
When it comes to cybersecurity, we are all at risk. However, understanding cybercrime and taking a proactive approach to data security can significantly decrease the chances of a breach. Let’s look at some of the most common myths associated with cybersecurity.
Basic Anti-Virus Protection is All We Need
Anti-virus software sounds more impressive than it actually is. And, while it is part of the solution, it certainly doesn’t guarantee that you are safe. This type of software is most helpful in containing damage once an attack has occurred, not necessarily preventing the attack. The promises of anti-virus software have lulled many organizations into a false sense of security that ironically makes them even bigger targets.
We Don’t Keep Credit Card Information on File, So We’re Not at Risk
This is a common misconception since credit card fraud is typically the most public of cybercrimes and frequently happens to both individuals and companies. Credit card data is a target, but it’s not the only one. In general, cyber-criminals are after personal, confidential information that can be exploited or sold. This may include many pieces of data including social security numbers, bank accounts, passwords, etc. Never underestimate the worth of the information you are storing for your employees and clients.
We’re a Small Business, Cyber-Criminals Aren’t Interested in Us
We hate to burst your bubble, but small businesses are often preferred by cyber hackers because they can serve as gateways to larger ones. Case in point, the famous attack on Target in 2014. That enormous breach was the result of an HVAC vendor’s lack of security measures. No matter your size, securing your information is critical. Small business who don’t implement security protocols and have a plan in place risk a significant loss of production and in some cases, can’t recover from the financial loss and impact on their reputation.
To large businesses reading this section, your company is only as safe as your weakest third party. Many organizations simply don’t realize the number of outside sources they risk exposure through. Whether it’s an outside payroll provider, a subcontractor, or a vendor, ask questions about their security measures before doing entering into a business relationship.
Our Passwords Are Strong, What Could Go Wrong
Gone are the days of using your dog’s name as your password, yet even with the crazy combinations of numbers, symbols, and special characters, complex passwords don’t provide all-encompassing protection, it’s merely one layer of protection.
Even if your password is strong, don’t be tempted to use it for multiple accounts. Once a criminal discovers one password that works, they will attempt to use it on other accounts associated with you. For an added layer of protection, it is recommended to utilize second-factor authentication. Also known as two-step verification, this process requires a user to provide two authentication factors to verify who they are. It’s yet another wall between you and the hacker.
We Only Open or Download Items from Trusted Sources
Countless companies will tell you how safe they were until one employee opened one wrong email. Criminals are more and more sophisticated in how they assume trusted personas. Also known as “spoofing”, these emails appear legitimate even to a technologically savvy employee. It’s extremely common and extremely dangerous. All it takes is one employee to be tricked into opening and/or downloading the wrong email or file, and in the click of a mouse, your company becomes infected with malware. If you’re lucky, you have IT staff and processes in place that can quickly detect this type of breach, but even then, damage can occur rapidly. Today’s criminals are highly aware of how to cover their tracks and disguise an infiltration to prolong the time it takes your company to react.
We Stay on Top of Software Updates, Well Usually
Patch management is key to keeping your company current and updated with the latest security patches that address system vulnerabilities. Look no further than the WannaCry attack in May 2017 for evidence of what happens when you don’t stay on top of software updates. Two months before the attack was launched, Microsoft released an update to fix the specific vulnerability that WannaCry was designed to exploit. Unfortunately, it is not unusual for an organization to take months to patch vulnerabilities. That’s more than enough time for hackers to play your procrastination to their advantage.
If your IT department is too overwhelmed to manage patches, it may be time to consider a third-party vendor. Effective patch management may be one of the single most important preventative measures you can take against cyber-attacks.
Today, businesses must take a proactive stance against cyber-attacks. If you are uncertain about your level of exposure, consider a vulnerability assessment to identify areas of weakness before they become part of a cybercrime news report.