With many of us splitting our working week between the home and the office these days, ensuring a cyber-secure workplace has become more important than ever before.
There are still too many people and businesses nowadays with a “she’ll-be-right” attitude when it comes to implementing effective cyber security measures. There are new data breaches and exploits on a daily basis, and with Australia as the 6th most popular target destinations in the world for hackers, still avoiding taking any precautions is very likely to catch up with you.
So, for the non-believers, the “she’ll be right-ers”, and the cyber security risk-takers, this one’s for you – we’ve decided to debunk the 5 most common cybersecurity myths that are out there today.
KEY TAKEAWAYS - CYBERATTACK PREVENTION MEASURES:
- Your IT department can only do so much. Each employee is responsible for their own cyber security.
- Antivirus software protects your computer from viruses, but it’s not enough to stop hackers from manipulating you into providing private information.
- Keep your online passwords to 16 characters or more and make sure they’re unique to each site. Use a password manager to keep them secure.
- In addition to a strong password, businesses in particular should implement two-factor authentication (2FA) when staff need to access data-rich / data sensitive websites, servers, devices, or programs.
- Small to medium-sized businesses are a hackers’ target of choice, however many SMEs still aren’t doing enough to protect themselves against a cyberattack.
- For businesses, make sure you have a robust cyber insurance policy to protect you financially against a cyberattack.
MYTH 1
“Only our IT department is responsible for cybersecurity”.
Yes, your company’s IT department is responsible for implementing new processes and policies in order to keep cybersecurity in a top-notch state. However, even the most sophisticated cybersecurity solutions can’t shield you from everything.
The responsibility lies on each employee’s shoulder when it comes to cybersecurity, as successful hacker attempts are often a result of an employee downloading malware through links or attachments in emails. Once downloaded, the virus can quickly spread throughout the company network.
MYTH 2
“I use antivirus software, so I don’t need to worry”.
It’s true that antivirus software protects your computer and smartphone from viruses. However, it’s not enough. Hackers always try to find new security flaws and antivirus can fail to recognise evolving threats.
87% of SMB’s believe they are safe from attacks with anti-virus software alone.
Antivirus won't protect you from subtler manipulations. Instead of using viruses, many hackers will try and trick you into volunteering private information and passwords. For example, you find a great deal on eBay and continue to the payment page. A hacker could have built a fake ‘checkout’ page that looks exactly like the original, just to steal your sensitive data.
These scams are more common than you might think, and antivirus programs don’t (and can’t) often catch them. So, it pays to be cautious when shopping, banking or making payments online.
MYTH 3
“A strong password is all you need”.
Compromised passwords caused 80% of all data breaches in 2019, resulting in financial losses for both businesses and consumers.
Strong and unique passwords are crucial for both personal and company devices, and the more complex the password, the harder it is for hackers to crack it.
A secure password should be at least 16 characters and include a combination of letters, numbers, and special characters. For a hacker to brute force a 16-character password combination, it would take them millions of years. But at 8 characters, it would only take them 8 hours at most.
Note: Use a password manager like LastPass, which can store your usernames and passwords in encrypted vaults, requiring only a master password to login to your account.
However, strong password practices are only the start as no password can ever be 100% secure. These days, a robust security system needs a multi-layered defence, which is why most organisations – particularly those with sensitive financial or customer data – need to employ two-factor authentication (or 2FA). After typing your password, 2FA requires you to also have to authenticate yourself via a separate app, SMS, or token. Even if wrongdoers have stolen your password, they won’t be able to bypass the 2FA.
MYTH 4
“Cybercriminals don’t target small and medium-sized businesses”.
Most small & medium-sized enterprises (SMEs) often think that they are immune to cyberattacks and data breaches. This is one of the top myths about cybersecurity that need to be debunked right now.
Although media reports focus primarily on larger cyberattacks such as the breaches at Spotify, Toll, Netflix, and drinks giant Lion, the most frequent threats have been to SMEs.
Taken from a 2019 global cybersecurity research study, Australia and New Zealand had the highest rate of reported ransomware, with 56% of attacks targeted at SME clients in the first half 2019 alone. And according to industry experts, 60% of SMEs are predicted to fail within 6 months as a result of a cyberattack.
SMEs aren’t explicitly targeted, instead they are victims of spray-and-pray attacks. Small businesses often lack advanced security software and skilled security teams, making them a softer target for cybercriminals.
MYTH 5
“I have purchased cyber security insurance for my business, so now it’s totally protected”.
A cyber insurance policy provides financial protection against direct loss, consequential loss and legal liability caused by cyber security breaches. But it does not prevent an attack from actually happening.
If you have car insurance, you wouldn’t leave the doors unlocked when you are parked on the street, and the same goes with cyber security measures for your business.
With some insurance policies, the terms may specify that a business will not be compensated when a breach occurs if adequate steps have not been taken to protect the business. It’s important to know exactly what you are covered for, and to have appropriate prevention measures in place, in addition to your insurance. Without it, your business may be left exposed.
Prevention measures are essential to the overall safety of your business, like employee training to identify the different forms of cybersecurity threats, the importance of password security, and understanding email, internet and social media policies.
These fundamentals will help protect the foundations of your business, and having insurance on top of this will ensure you’re protected financially if you do ever experience a breach.
For more information about cyber insurance, visit our commercial cyber insurance page, or our personal cyber insurance page. You may also interested to read:
What's The Average Cost Of A Data Breach?