We often think of security parameters as “no brainers.” We know the basics: lock your computer when you leave your desk, don’t open suspicious emails, change your password, etc. But how many of us actually follow these rules? Studies show that, though people know what they should be doing from security standpoints, they don’t.
Even experts, well versed in cybersecurity, need to stay on top of developing trends in the field. Not doing so could mean the threats being addressed are obsolete, and the real threats are being ignored. This plays into one of the major causes of lost of breaches -- human error.
This applies to people with an average knowledge of cybersecurity too -- many things we hear or believe regarding cybersecurity simply aren't true, or at least, completely true. Here are five of them:
1) Private browsing cannot be tracked
Private browsing helps prevent sites from collecting information about your recent searches and activities. Cookies and history are deleted when you log off, but search engines and internet service providers can still record searches, and even some web traffic while you're in private browsing mode.
2) If WiFi requires a password, it's secure
Public networks located in airports, cafés, and hotels are not secure. Although they require passwords, others using the same password on the same network can potentially gain access to information being submitted over web traffic. It's a best practice to never use public WiFi networks to do banking or submitting forms with important personal information, such as a social security number.
When in doubt, use a Virtual Private Networks (VPN) or Virtual Desktop to help with the use of insecure WiFi networks. VPN allows you to create an encrypted connection between your devises and the internet, making it much harder for anyone other than you, the user, to see your history and activity.
3) Turning off data or GPS on stops location tracking
When your business deals with sensitive information, you may be required to leave your mobile phone at home. Though you may see this as an inconvenience, did you know that even if you turn off your GPS Tracking on your cell phone, data can still be collected? Your cell phone connects to cell towers and WiFi networks, and those technologies can track you.
4) A strong password is enough
Having a strong password is an important element of security, but this alone is not enough to prevent a cyberattack. There are several types of two-step authentication, but the most secure is when a website requires a unique code generated each time you log in, separate from your username and password. It's important to also never leave passwords written anywhere they can be accessed by others or in a form that they can be easily deciphered; instead, find a trustworthy password manager to encrypt your password information.
5) Emails are secure
Phishing is an attempt to get you to click on a malicious URL sent by what seems to be a trusted source. Emails frequently use threats and a sense of urgency to scare you into push the link, which you are familiar with. Successful deceptive phishing depends on how closely the attack e-mail looks like a legitimate company’s official correspondence. When in doubt always contact the establishment directly through numbers you have in your personal files.
When it comes to cybersecurity the best place to start is educating yourself and your employees. Set up regular trainings to make security a priority for everyone in your company. Have employees correct each other and remind each other of best practices. Though these issues may seem minor, it only takes one mistake to lead to disaster. And though these are issues that are avoidable, being that our businesses operate with humans, your company is bound to eventually find itself under attack due to human error. That’s why it is important to account for the possibility of human error in your disaster recovery plan.