Skip to main content
General

Debunking Common Cyber-Security Myths

By February 15, 2023No Comments

Cybersecurity is a critical issue that affects everyone who uses the internet, both individuals and corporations. Unfortunately, there are many myths and misconceptions about what does and does not work when it comes to protecting yourself online. In this article, I will debunk some of the most common cybersecurity myths.  I’ll also provide some tips on what you can do to keep your staff and your information safe.
Debunking Common Cyber-Security Myths

Myth #1: Macs Are Immune to Viruses

Many people believe that Macs are immune to viruses, and therefore don’t need to worry about installing antivirus software. This is simply not true. While it is true that Macs are less vulnerable to viruses than PCs, they are not completely immune. In fact, malware and other types of cyber threats have been found on Macs. In light of this, it is important to take steps to protect yourself. This includes installing antivirus software and keeping it up to date, as well as practicing safe browsing habits.

Myth #2: Antivirus Software Is All You Need

Antivirus software is a valuable tool in the fight against cyber threats, but it is not a catch-all solution. There are many different types of cyber threats, and antivirus software may not protect against all of them. For example, antivirus software may not protect against social engineering attacks, such as phishing scams, or credential harvesting attacks. In addition to installing antivirus software, it is important for employees to practice safe browsing habits, keep your operating system and software up to date, and be trained on the latest cyber threats they may encounter. Providing your staff with awareness training on tactics like elicitation and rapport building, as well as critical thinking, can help them stay on guard against social engineering attacks.
Debunking Common Cyber-Security Myths

Myth #3: Public Wi-Fi Is Always Dangerous

Public Wi-Fi can be convenient, but it’s important to be aware of the risks. Public Wi-Fi networks are often unsecured, which means that anyone on the same network can potentially see the data you’re sending and receiving or can be controlled by malicious actors to redirect legitimate traffic to malicious websites. However, this does not mean that you can never use public Wi-Fi for personal or professional use. When it comes to your employees, it is best to err on the side of caution. Staff should be aware of the dangers in using work computers and accessing company data on public networks. It is highly recommended that employees use a company Virtual Private Network (VPN) to connect to corporate resources. This will encrypt the traffic and help secure your internet connection on public networks.

Myth #4: Your Passwords should be changed regularly

Many people believe that passwords need to be changed regularly. Some companies even rotate their credentials annually, bi-annually, or even quarterly. Though the logic seems intuitive, updated information tends to say the opposite. Experts advise that unless you become aware of a password breach or compromise, there is no need to change your passwords regularly IF they are strong, unique passwords for each service you use. Yes, having strong and unique passwords is much more important to help increase the security of your credentials. It is beneficial for any company to ensure their staff is using these characteristics. The use of both multi-factor authentication and a credible password manager can help strengthen your security defenses by adding additional layers of protection to login procedures. Password managers especially can assist if a cyber attack takes place, and the need arises to change out compromised passwords for another strong and unique one.

Myth #5: Multi-Factor Authentication Is Inconvenient

Finally, some people believe that multifactor authentication (MFA) is too inconvenient, and therefore choose not to use it. However, MFA is a very simple and effective way to add an extra layer of security to your accounts and make it more difficult for a threat actor to access information systems. There are also three main types of MFA methods:

What you know, such as answers to personal security questions or additional secret passwords.

Things you have, such as one-time passwords (OTP) generated by smartphone apps, access badges, USB devices, or software tokens and certificates.

Things you are, such as fingerprints, facial recognition, voice, retina, or iris scanning.

While it may add a few extra seconds to login procedures or access protocols, the added security is well worth the inconvenience. In the event credentials ever become compromised due to cyber or social engineering attacks, MFA will prove to be another challenge for the attacker, as they would need something their target knows, has or is for the password to even be worthwhile. Without MFA, the attacker would immediately have access to internal systems. As mentioned in Myth 4, MFA provides an extra layer of protection for employees.
Debunking Common Cyber-Security Myths

So, What Does Work?

This Article has debunked several common myths regarding cybersecurity. Understanding what is untrue, or does not work, helps us to see what does work to improve our security.

  • Use strong, unique passwords and do not reuse passwords across different accounts. Investing in a reliable password manager is worth the effort, as it can help you sort, store, and change out multiple passwords with ease.
  • Enable multifactor authentication whenever possible. As we discussed in this article, MFA is quite easy to use and only adds a few extra seconds to login procedures. MFA is a worthwhile investment for any business with multiple staff members, and even for individuals.
  • Keep your software and operating system up to date. Regardless of whether you’re on a Mac or PC, keeping your OS and other software up to date is very important. Having outdated software can leave vulnerabilities and exposures in your system for a cybercriminal to take advantage of. Use of a firewall and antivirus software also goes a long way in helping your computer defend itself from external threats and attacks.
  • Practice safe browsing habits, such as avoiding “suspicious” links and downloads. We can often tell a link is “suspicious” when it contains odd characters or misspellings in the URL. Safe browsing habits will help us to not leave ourselves vulnerable when connected to open Wi-Fi networks.
  • Increase your awareness of cyber threats. Becoming familiar with the latest scams that malicious attackers are trying to use to exploit their victims helps us to be more on guard in case we come across them ourselves. Helping your staff become aware through security awareness trainings is also important. Social-Engineer LLC offers simulated testing to assess corporate security through live vishing calls and unique client-tailored phishing emails. This kind of testing helps corporations to adjust their security posture and protect their valuable assets.

Cybersecurity is Everyone’s Responsibility

By following these tips, you can protect yourself and your valuable information online. Corporations do well to correct any such myths discussed in this article that may circulate in the workplace. Remember, cybersecurity is everyone’s responsibility, and it is important to be vigilant to keep yourself safe.

Written by: Josten Peña

At Social Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:

https://www.www.social-engineer.com/Managed-Services/

Images:
https://cdn.stocksnap.io/img-thumbs/960w/woman-thinking_MLZIHL9GLY.jpg
https://cdn.mos.cms.futurecdn.net/cAdRiWzdJDySUS2z6NsqG6.jpg
https://kbigroup.com.au/wp-content/uploads/2020/07/Essential-Policies-Procedures-Post.jpg

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now