In the world of cybersecurity and cybercrime, there are a lot of myths, misconceptions and rumours shared between business owners and employees.
Security myth 1: Small and medium-sized businesses aren’t targeted by hackers. Cybercriminals are more interested in larger companies.
Our Cyber Essentials Partner, CYFOR, said, “If you had no windows or doors on your house and went away for two weeks, would your valuables still be there once you got back? This is the reality I am afraid of for many small to medium size businesses when we view their current cybersecurity posture."
Develop Capability said, “Small businesses made up over half of last year’s breach victims.
The proliferation of high-profile hacks in the news often tricks small and medium-sized businesses into thinking they won’t be targeted for a cyber-attack. In reality, the opposite is actually true. In fact, according to the 2018 Verizon Data Breach Investigations Report, 58 per cent of data breach victims were small businesses."
"This happens for several reasons. Many businesses aren’t targeted specifically but instead are victims of what is known as ‘spray-and-pray attacks, when hackers set up automated systems to try to infiltrate businesses randomly. As these attacks are random, any business can be damaged, regardless of size.
Small businesses tend to be ‘soft’ targets, as they are often not prepared against cyber-attacks and don’t have skilled security teams. This makes them more likely to fall victim to spray-and-pray attacks. Targeted attacks are then used to focus on these small businesses once it is discovered that they are vulnerable.”
Don't wait until it's too late to prioritise cybersecurity - become a member of the Cyber Resilience Centre; we can help protect your business and your customers. Start your journey to becoming more cyber-resilient today.
Security myth 2: Businesses must buy expensive hardware or software solutions to implement effective cybersecurity.
This is a common misconception among small/medium-sized organisations; they often think it requires a lot of investment to be effective. Most of the time, it’s more about taking small steps to make your security strategy more robust by proactively thinking about risks. Changing your mindset to be more aware of threats is the most cost-effective method for implementing effective cybersecurity solutions.
We asked our Cyber Essentials Partner, Bergerode Consulting, “Effective cybersecurity, in my view, is first and foremost a set of positive behaviours which put cybersecurity on a solid footing. Just now, knowing what threats your business faces determines what choices you make about meeting these threats.”
Kevin continues, “If a business faces a malware risk from staff using personal USBs in company workstations, some security companies will try to sell software to that business which controls the use of USBs, but such software can be expensive, and it will certainly not address the reason why staff are using USBs, to begin with."
"Rather than buy such software, companies should seek to address why staff are using personal USBs and take ownership of the issue by updating the staff handbook to make use of personal USBs not permissible and also look to using existing software, e.g. Active Directory, to manage the use of USBs. This is more likely to address the root cause of the issue and deal with any risks than just buying a solution and being locked into an expensive support contract.”
We provide affordable, professional cyber security services that help you assess, build and manage your organisation’s cyber security capabilities, build confidence, understand your vulnerabilities and secure your business. Talk to us today.
Security myth 3: My business has nothing worth protecting from cyber-attacks.
The truth is that every business, regardless of its size, has a value from an attacker’s perspective. Even though you may not face the same threat level as large organisations, the risks are still very real. Here are some reasons why every business needs to prioritise cybersecurity:
Financial data: All businesses store financial information like credit card transactions, which can be stolen by hackers to commit fraud. A data breach could lead to significant financial losses for your business and your customers.
Customer information: They all collect and store personal information about customers, such as names, addresses, and email addresses. This information is valuable to cybercriminals who can use it for identity theft or sell it on the black market.
Intellectual property: Every business has trade secrets or proprietary information that hackers can steal to gain a competitive advantage. Even your business's brand and reputation could be at risk if attackers use your name or logo for fraudulent activities.
Operations: All organisations rely on computer systems and networks to operate. If these systems are compromised, they can disrupt your business operations and cause downtime, lost productivity, and revenue loss.
We asked our Cyber Essentials Partner, Cyber Security Specialists, “Your data is worth thousands to marketing companies and can be used by hackers to launch more sophisticated attacks to try and obtain your bank details and login details to Netflix, Amazon and more!”
We have created a Cyber Incident Response Pack containing documents to help support your business plan its response to a cyber incident. These documents are designed to complement any existing plans or assist you in creating one.
Security myth 4: Password managers are unsafe and a risk to my business.
The idea that password managers are unsafe for use is very common, which is understandable. To most, password managers appear to be a single point of failure; if they get breached or hacked, all my saved passwords get exposed too. This, however, is not the case; password managers use very sophisticated levels of encryption to ensure that threat actors are not successful in viewing any of your passwords, even if they gain access to data.
The National Cyber Security Center (NCSC) says, ‘Password managers are a good thing', which comes as no surprise when you look at their advantages.
They help to elevate password fatigue by reducing the number of passwords you have to remember to just one, the master password for the manager itself
They make implementing better security standards easier by generating secure passwords for you.
They are cross-platform applications, so you can have your passwords securely across all your devices.
There are many standalone password managers available on the market to choose from, and even some built into your browsers, which may be more convenient.
Security myth 5: Public Wi-Fi is safe to use. It’s just like any other.
Public Wi-Fi is common in public places like coffee shops, restaurants, airports and hotels. After signing up, it normally gives the user a free internet connection that anyone can use. Although it may seem harmless to most, there are still risks involved with using it. The problem is that the security that the networks enforce tends to be limited.
One of the biggest problems with public Wi-Fi is a Man-In-The-Middle (MitM) attack. This is when an attacker sits on a network and reads transmitted data from users to websites. If this data is vulnerable or in plain text, sometimes an attacker can read the information, which could be sensitive, like login credentials. This goes hand in hand with unencrypted networks; When in use, any data sent from the user to the router can be read by anyone.
Another issue is malicious hotspots; these are set up to get victims to connect to what they think is a legitimate network because it sounds reputable. Once connected, the attacker can now view your sensitive information.
How can you stay safe?
Using a VPN (Virtual Private Network) is a good way to stop these types of attacks from happening because they protect any data you transmit across a network. Another solution would be to connect to your phone hotspot or a dedicated dongle.