Cybersecurity threats are a “second to second” challenge for businesses large and small. According to the University of Maryland, hackers attack every 39 seconds, on average, 2,244 times a day. While cybercriminals use advanced technology, the reality is that they rely on common (and preventable) human behavior to gain access to corporate systems.  These hackers’ prey on the fact that users will click on malicious links, use easy/generic passwords, or leave their computers unlocked and unattended.  To successfully fight against cyberattacks, organizations need to make cybersecurity a tenet of their culture, promoting awareness, prevention, and best practices.

October is National Cybersecurity Month. This year’s theme, “Do Your Part. #BeCyberSmart” reminds us all that we need to take an active role in keeping our organization’s reputation, trade secrets, data, employees, customers, and capital resources safe and secure.
Below we have identified common cybersecurity myths, or are they facts?
  • It Only Happens to the Big Guys 
    • Myth. In Verizon’s recent Data Breach Investigations Report (DBIR), Verizon cited that 43% of data breach victims were small businesses.
  • All Networks are Created Equally 
    • Myth. Most corporate networks should use a multi-layer security approach, public networks do not. They are open networks without security. They are designed for ease of use, not for user protection. Teleworking locations may also not have proper protection.
  • Keep Software Up to Date
    • Fact. While updates are annoying, they often contain critical security patches. Skipping or delaying system and software updates can make you vulnerable to viruses.  Corporate networks may have required updates; does your remote office have the same?
  • Multi-factor Authentication (MFA) helps you by adding an extra layer of security 
    • Fact. Also known as two-factor authentication, MFA is a security enhancement that allows you to present two pieces of evidence – your credentials – and some secondary requirement when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or Personal Identification Number ((PIN)), something you have (like a smartphone), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.
  • It is Best to Use the Same Password for All My Accounts 
    • Myth. While using the same password for all your accounts is easy to remember, it also makes you vulnerable. If a hacker attacks one account, they now can hack all your accounts. Can you imagine, all your accounts being taken over all at once? So, do not use the same password across all your accounts. An additional tip – use a passphrase for your passwords and store them in a password manager to protect them.
  • Phishing is a Sport 
    • Myth. Fishing is a sport. Phishing is a method of social engineering used to steal your identity. It is a technique that hackers use to fool you into sharing confidential information such as your social security number, bank account, or credit card details.
  • Malware is Harmless
    • Myth. Malware invades and disables computers, networks, tablets, and mobile devices by taking over a device’s operations. Malware can steal, encrypt, or delete your data and hijack computer functions. (Have any Bitcoins to pay to get your data back?)
  • Security is IT’s Responsibility 
    • Myth. Security is everyone’s responsibility.
  • Be Careful What You Click 
    • Fact. Opening and downloading email attachments from an unknown email address is a serious security concern. Attachments are often PDF or DOC files and may contain malware. Also, the severity of the situation is compounded when you share these malicious embedded attachments with colleagues.
  • A Locked Padlock in the URL is an Indication That a Site is Encrypted 
    • Fact. The locked padlock indicates that traffic to and from the website is encrypted. Make sure the locked padlock is green or grey! If the padlock is unlocked or covered with a red X, the security certificate is either unverified or out of date, and the site is not encrypted nor secure.
  • Messaging is the Most Common Delivery Method for Viruses 
    • Myth. While there are other ways you can expose your computer to a virus, the most common way is through email attachments.
  • The URL http:// Means a Site is Secure 
    • Myth – The “S” within the URL https:// stands for secure. Without HTTPS, any data passed is insecure. This is especially important for sites where sensitive data is passed across the connection (i.e., those used for online shopping, banking, etc.)
  • It is OK to Wait to Notify IT if I Think a Security Breach has Occurred
    • Myth. If you think you have been hacked/compromised, notify IT immediately! The sooner IT knows, the quicker they can mitigate the damage. Remember, time is on the hacker’s side. The longer the breach goes undetected, the more havoc they can wreak.
  • Testing Disaster Recovery is a Waste of Time 
    • Myth. You can never test your disaster recovery enough.  Backups are your best defense against an accident in the cyber world!

Be Well, Be Safe, Be Smart, Be Aware, Be Secure