blog

Don’t fall for cybersecurity myths

Cyber Security Myths

Cybercriminals are becoming increasingly ingenious, meaning businesses are at risk of having important data stolen and being left financially vulnerable. Some of the most current cybersecurity threats include phishing and ransomware which, in severe cases, can leave a business severely compromised. Read more about these threats, and how to tackle and prevent them here.

However, despite the extent of the threat, many businesses underestimate the level of risk or falsely believe that they are protected. Complacency makes an organisation vulnerable, so it’s important to separate fiction from fact.

Here, we dispel some common myths.

Small and mid-sized companies are less likely to be targeted

It’s tempting to believe that hackers only have big business in their sights – but the reality is that hacking is a volume business. Cybercriminals don’t care who they target – they go for the vulnerabilities in any kind of organisation they can get access to. In some cases small to medium-sized businesses are a soft target because they believe this myth and fail to invest in adequate security measures.

According to the Federation of Small Businesses (FBS), small businesses in the UK are collectively subjected to almost 10,000 cyber-attacks a day – with the annual cost of an individual attack put at £1,300. One in three of these businesses had not installed security software or regularly updated software. The best thing you can do as a small business is invest in technology that is up to date and consistently monitored.

Our passwords are strong enough

No matter how long your password or how many special characters you use, no password is 100% secure – there’s always a possibility that they can be cracked or leaked, putting your data in the hands of an attacker. It’s very important to keep changing your password, weekly, monthly – regularly. Make sure your employees change theirs too.

Multi-Factor Authentication (MFA) is an effective way to increase security – it identifies a user with a two-step process, such as verification on a trusted device. This adds additional layers of protection. Microsoft uses the username/password combination and a security code sent to a mobile, email or authenticator app.

We monitor monthly reports – we’ll spot a problem straight away

Cyber-attacks can go undetected for a long time, so you won’t always see symptoms at first glance. Advanced Persistent Threats (APTs) remain in your system network quietly stealing financial and security information without inflicting damage to your systems. It may be too late to wait for the monthly report to come in before your data is already compromised.

An IT support specialist can constantly monitor for threats and remain up to date with the latest methods being used by hackers.  

We have antivirus so we don’t need anything else

A simple antivirus solution used to be more than enough to secure networks, but we can no longer rely on a single piece of software. Attacks have become more sophisticated and complex, often depending on human error. Phishing can be will hidden within an email, until someone falls victim to it – you might receive a completely convincing message from your ‘bank’.

Antivirus alone can’t stop you from opening the email or clicking a link – the key is to always be suspicious of unexpected emails and check spam filters regularly. Employees need to have the proper training to spot potential threats.

We trust our staff so we’ll be OK

Not all hacks are from malevolent outsiders. Many data breaches are a result of an inside threat – as many as 75%, according to research by Ipswitch, a data file transfer company. This could be a former or current employee with a grudge or just an unwitting user who clicks on a link which enables access to data.

It may be difficult to protect your business entirely from internal threats but there are some steps you can take to reduce the risk.

Any business is vulnerable to a cyber-attack, no matter its size, industry or volume of data, so ensure effective defences are in place. Contact Aura Technology for more information about fully managed support and business continuity solutions.