“The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won’t suffice.”
Those are the words of reformed hacker Kevin Mitnick, author of 2017’s The Art of Invisibility: The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data.
Despite what Mitnick knows to be true, many companies are holding on to outdated assumptions and myths about cyber security that are no longer true.
Here are four of the biggest misconceptions about cybersecurity and IT security threats — and why it’s time to let go of them.
“We have antivirus and secure passwords, so we’ve got security covered.”
Antivirus protection software should be viewed as the first line of defense for individual devices, but it does not protect from malicious or nontraditional attacks — like hacking in through IoT devices, or phishing attacks that target high-profile users like CEOs.
Even if your company uses password-security software (like LastPass or Dashlane) religiously, passwords are often a weak link. According to a Telesign survey of more than 2,000 users in the United States and United Kingdom, almost three-quarters of consumers use the exact same password for multiple accounts — and 21 percent of them are using passwords that are more than 10 years old.
The moral of this story is that human error still accounts for the majority of security breaches — human behavior is much easier to hack than a computer.
“We’re too small to be a target.”
Smaller companies often prioritize revenue-generating activities over cybersecurity measures — but in the “wild west” of cyber crime, it’s dangerous to assume you’re too small to be a target. Limited security budgets, outdated security, and untrained (but well-meaning) employees can leave holes in your network that are easily exploited by increasingly sophisticated digital criminals.
According to eSentire’s The ABCs of a Technology Breach whitepaper, about 43 percent of midsized businesses have suffered losses from a cyber attack, but only around 20 percent have measures in place to mitigate those losses.
Larger enterprises that dedicate the financial resources to upgrade their security can become less vulnerable and therefore less attractive to some cybercriminals over time.
“We outsource our IT.”
Security is no longer just an IT issue; it needs to be a priority and a concern of every user throughout the entire company, from the C-suite to the interns.
A recent Verizon report on data breach investigations found that 63 percent of confirmed data breaches involved weak, default or stolen passwords. In another study by CompTIA, human error accounted for 52 percent of the root cause of security breaches.
Educating staff, including high-profile executives who are often explicitly targeted with sophisticated scams, not to open attachments or click on links within suspicious emails is one of the most important ways to combat these types of breaches.
Need another reason why cybersecurity should be a priority for every employee?
A breach can cause irreparable damage your brand and trust with clients, and that cost can be incalculable.
“Cybersecurity is just a money pit.”
An investment in cybersecurity is similar to home insurance: You hate having to pay for it every month, but when something goes awry, you are grateful for every cent that you contributed towards your policy.
When you account for the information that your business stands to lose without it, cybersecurity services can be surprisingly affordable. Consider the potential risk and what your business stands to lose when (not if) a technology breach occurs. Through this lens, cybersecurity is an affordable and completely necessary insurance policy for your business.
Concerned about your cybersecurity?
To continually provide clients with the best in IT managed services, YJT Solutions has strategically chosen eSentire as its partner in cybersecurity. Together, we’ll tackle the complex, constantly evolving security threats that Chicago businesses face every day. To learn more about cybercrime, what the future holds for security and what you can do to protect your company, read more about our cybersecurity offerings, download the free whitepaper, The ABCs of a Technology Breach or contact us today to chat!