We often think of security parameters as “no brainers.” We know the basics – Lock your computer when you leave your desk, don’t open suspicious emails, change your password, etc, etc. But how many of us actually follow these rules? Studies show that, though people know what they should be doing from security stand points, they don’t.
In our company, one of the requirements as an employee is to take regularly scheduled security training, so if you asked me last week, I would say I’m pretty well versed in Cyber Security. I recently read an article that included an online test, however, and I was surprised that I answered questions incorrectly that I thought I absolutely knew the answer. I realized that the reason behind my incorrect answers, once again, are indicators of the biggest cause of cyber security breaches -human error.
I was a proponent, like many of you, to several cyber security misconceptions. Though seemingly harmless, misconceptions can lead to error and error can lead to disaster. In an effort to quell your companies’ chance of a human error disaster, check out the common cyber security myths that I missed on the test, below.
5 Cyber Security Myths Debunked:
- Private Browsing Cannot be Tracked
Private Browsing or using the incognito mode helps from collecting information about your recent searches and activities. Your cookies and history are deleted when you log off, but did you know that search engines and internet providers can still record your searches, even when you are in private browsing mode?
- If WiFi Requires a Password, It’s Secure
Public networks located in airports, cafés and hotels are not secure. Although they require passwords, others can use that same WiFi using the same password and, therefore, can potentially view sensitive information. Did you know that you should never use public WiFi locations to do banking or make purchases where sensitive information can be retrieved?
When in doubt, use a Virtual Private Networks (VPN) or Virtual Desktop to help with the use of insecure WiFi networks. VPN allows you to create an encrypted connection between your devises and the internet, making it much harder for anyone other than you, the user, to see your history and activity.
- Tuning off Data or GPS on Mobile Devices Stops Location Tracking
When your business deals with sensitive information, you may be required to leave your mobile phone at home. Though you may see this as an inconvenience, did you know that even if you turn off your GPS Tracking on your cell phone, data can still be collected? Your cell phone connects to cell towers and WiFi networks and those technologies can track you.
- A Strong Password is Secure Enough
A strong password is important to security, but this alone is not enough to prevent a cyber-attack. There are several types of two-step authentication but the most secure is when a website requires you to enter a one-time code each time you log into that account, in additional to your regular username and password. Did you know that although their sites may require users to perform two separate operations to gain access to a site, they are not true examples of two-step authentication? Use strong passwords that contain a combination of letters, numbers, symbols and upper and lower case letters and that do not contain any words in the dictionary. Never leave your passwords where they can be easily accessed; instead find a trustworthy password manager to encrypt your password information.
- Emails are Secure
Phishing is an attempt to get you to click on a malicious URL sent by what seems to be a trusted source. Emails frequently use threats and a sense of urgency to scare you into push the link, which you are familiar with. Successful deceptive phishing depends on how closely the attack e-mail looks like a legitimate company’s official correspondence. When in doubt always contact the establishment directly through numbers you have in your personal files.
When it comes to cyber security the best place to start is educating yourself and your employees. Set up regular trainings to make security a priority for everyone in your company. Have employees correct each other and remind each other of best practices. Though these issues may seem minor, it only takes one mistake to lead to disaster. And though these are issues that are avoidable, being that our businesses operate with humans, your company is bound to eventually find itself under attack due to human error. That’s why it is important to account for the possibility of human error in your disaster recovery plan.