Debunking Common Cyber-Security Myths

Cybersecurity is a critical issue that affects everyone who uses the internet, both individuals and corporations. Unfortunately, there are many myths and misconceptions about what does and does not work when it comes to protecting yourself online. In this article, I will debunk some of the most common cybersecurity myths.  I’ll also provide some tips on what you can do to keep your staff and your information safe.

Myth #1: Macs Are Immune to Viruses

Many people believe that Macs are immune to viruses, and therefore don’t need to worry about installing antivirus software. This is simply not true. While it is true that Macs are less vulnerable to viruses than PCs, they are not completely immune. In fact, malware and other types of cyber threats have been found on Macs. In light of this, it is important to take steps to protect yourself. This includes installing antivirus software and keeping it up to date, as well as practicing safe browsing habits.

Myth #2: Antivirus Software Is All You Need

Antivirus software is a valuable tool in the fight against cyber threats, but it is not a catch-all solution. There are many different types of cyber threats, and antivirus software may not protect against all of them. For example, antivirus software may not protect against social engineering attacks, such as phishing scams, or credential harvesting attacks. In addition to installing antivirus software, it is important for employees to practice safe browsing habits, keep your operating system and software up to date, and be trained on the latest cyber threats they may encounter. Providing your staff with awareness training on tactics like elicitation and rapport building, as well as critical thinking, can help them stay on guard against social engineering attacks.

Myth #3: Public Wi-Fi Is Always Dangerous

Public Wi-Fi can be convenient, but it’s important to be aware of the risks. Public Wi-Fi networks are often unsecured, which means that anyone on the same network can potentially see the data you’re sending and receiving or can be controlled by malicious actors to redirect legitimate traffic to malicious websites. However, this does not mean that you can never use public Wi-Fi for personal or professional use. When it comes to your employees, it is best to err on the side of caution. Staff should be aware of the dangers in using work computers and accessing company data on public networks. It is highly recommended that employees use a company Virtual Private Network (VPN) to connect to corporate resources. This will encrypt the traffic and help secure your internet connection on public networks.

Myth #4: Your Passwords should be changed regularly

Many people believe that passwords need to be changed regularly. Some companies even rotate their credentials annually, bi-annually, or even quarterly. Though the logic seems intuitive, updated information tends to say the opposite. Experts advise that unless you become aware of a password breach or compromise, there is no need to change your passwords regularly IF they are strong, unique passwords for each service you use. Yes, having strong and unique passwords is much more important to help increase the security of your credentials. It is beneficial for any company to ensure their staff is using these characteristics. The use of both multi-factor authentication and a credible password manager can help strengthen your security defenses by adding additional layers of protection to login procedures. Password managers especially can assist if a cyber attack takes place, and the need arises to change out compromised passwords for another strong and unique one.

Myth #5: Multi-Factor Authentication Is Inconvenient

Finally, some people believe that multifactor authentication (MFA) is too inconvenient, and therefore choose not to use it. However, MFA is a very simple and effective way to add an extra layer of security to your accounts and make it more difficult for a threat actor to access information systems. There are also three main types of MFA methods:

What you know, such as answers to personal security questions or additional secret passwords.

Things you have, such as one-time passwords (OTP) generated by smartphone apps, access badges, USB devices, or software tokens and certificates.

Things you are, such as fingerprints, facial recognition, voice, retina, or iris scanning.

While it may add a few extra seconds to login procedures or access protocols, the added security is well worth the inconvenience. In the event credentials ever become compromised due to cyber or social engineering attacks, MFA will prove to be another challenge for the attacker, as they would need something their target knows, has or is for the password to even be worthwhile. Without MFA, the attacker would immediately have access to internal systems. As mentioned in Myth 4, MFA provides an extra layer of protection for employees.

So, What Does Work?

This Article has debunked several common myths regarding cybersecurity. Understanding what is untrue, or does not work, helps us to see what does work to improve our security.

• Use strong, unique passwords and do not reuse passwords across different accounts. Investing in a reliable password manager is worth the effort, as it can help you sort, store, and change out multiple passwords with ease.
• Enable multifactor authentication whenever possible. As we discussed in this article, MFA is quite easy to use and only adds a few extra seconds to login procedures. MFA is a worthwhile investment for any business with multiple staff members, and even for individuals.
• Keep your software and operating system up to date. Regardless of whether you’re on a Mac or PC, keeping your OS and other software up to date is very important. Having outdated software can leave vulnerabilities and exposures in your system for a cybercriminal to take advantage of. Use of a firewall and antivirus software also goes a long way in helping your computer defend itself from external threats and attacks.
• Practice safe browsing habits, such as avoiding “suspicious” links and downloads. We can often tell a link is “suspicious” when it contains odd characters or misspellings in the URL. Safe browsing habits will help us to not leave ourselves vulnerable when connected to open Wi-Fi networks.
• Increase your awareness of cyber threats. Becoming familiar with the latest scams that malicious attackers are trying to use to exploit their victims helps us to be more on guard in case we come across them ourselves. Helping your staff become aware through security awareness trainings is also important. Social-Engineer LLC offers simulated testing to assess corporate security through live vishing calls and unique client-tailored phishing emails. This kind of testing helps corporations to adjust their security posture and protect their valuable assets.

Cybersecurity is Everyone’s Responsibility

By following these tips, you can protect yourself and your valuable information online. Corporations do well to correct any such myths discussed in this article that may circulate in the workplace. Remember, cybersecurity is everyone’s responsibility, and it is important to be vigilant to keep yourself safe.

Written by: Josten Peña

At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:

https://www.social-engineer.com/Managed-Services/

Images:
https://cdn.stocksnap.io/img-thumbs/960w/woman-thinking_MLZIHL9GLY.jpg
https://cdn.mos.cms.futurecdn.net/cAdRiWzdJDySUS2z6NsqG6.jpg
https://kbigroup.com.au/wp-content/uploads/2020/07/Essential-Policies-Procedures-Post.jpg