There are simple security measures that we all take that most of us would consider "no brainers". We all know the basics, like locking your computer when you leave your desk, using caution around suspicious emails, changing your password, etc. While we'd all say these small tasks are no brainers, how many of us actually do take these security measures? How many of us actually follow these rules? Studies show that, though people know what they should be doing from security stand points, they don’t.
As an employee at this company, one of my requirements is to take a regularly scheduled security training. If you asked me last week, I would say I’m pretty well versed in cyber security. Yet when I went to take an online test recently, I got a question wrong and realized this was direct reflection of the errors we make as humans. We can be so sure of ourselves and our actions at times, but mistakes do happen- we eventually get something wrong. That's completely normal. Getting an online practice test question wrong, however, reaps less serious consequences than does getting a line of code wrong or downing your network.
I was a proponent, like many of you, to several cyber security misconceptions. Though seemingly harmless, misconceptions can lead to error and error can lead to disaster. In an effort to quell your companies’ chance of a human error disaster, check out the common cyber security myths that I missed on the test, below.
5 Cyber Security Myths Debunked:
- Private Browsing Cannot be Tracked
Private browsing or using the incognito mode can help block web browsers from collecting information about your recent searches and activities. Your cookies and history are deleted when you log off, but did you know that search engines and internet providers can still record your searches, even when you are in private browsing mode?
- If WiFi Requires a Password, It’s Secure
Public networks located in airports, cafés and hotels are not secure. Although they require passwords, others can access the same WiFi using the same password. Therefore, your sensitive information can be viewed by anyone using that shared WiFi. Did you know that you should never use public WiFi locations to do banking or make purchases where sensitive information can be retrieved?
When in doubt, use a Virtual Private Networks (VPN) or Virtual Desktops if utilizing a public WiFi network. A VPN connection allows you to create an encrypted connection between your devices and the internet, making it much harder for anyone other than you to see your history and activity.
- Tuning off Data or GPS on Mobile Devices Stops Location Tracking
When your business deals with sensitive information, you may be required to leave your mobile phone at home. Though you may see this as an inconvenience, did you know that even if you turn off your GPS Tracking on your cell phone, data can still be collected? Your cell phone connects to cell towers and WiFi networks and those technologies can track you.
- A Strong Password is Secure Enough
A strong password is important to security, but this alone is not enough to prevent a cyber-attack. There are several types of two-step authentication protection but the most secure form is found when a website requires you to enter a one-time code each time you log into that account in additional to your regular username and password. Did you know that although their sites may require users to perform two separate operations to gain access to a site, they are not true examples of two-step authentication? To build in even better security, use strong passwords that contain a combination of letters, numbers, symbols and upper and lower case letters, ensuring that the password doesn't contain any words in the dictionary. Never leave your passwords where they can be easily accessed; instead find a trustworthy password manager to encrypt your password information.
- Emails are Secure
Phishing is an attempt to get you to click on a malicious URL sent by what seems to be a trusted source. Emails frequently use threats and a sense of urgency to scare you into push the link that might seem safe and familiar to you. Successful, deceptive phishing depends on how closely the attack e-mail looks like a legitimate company’s official correspondence. When in doubt, always contact the establishment directly through numbers you have in your personal files.
The Bottom Line
When it comes to cyber security the best place to start is educating yourself and your employees. Set up regular trainings to make security a priority for everyone in your company. Have employees correct each other and remind each other of best practices. Though these issues may seem minor, it only takes one mistake to lead to disaster. And though these are issues that are avoidable, being that our businesses operate with humans, your company is bound to eventually find itself under attack due to human error. That’s why it is important to account for the possibility of human error in your disaster recovery plan.
This blog was originally published on March 30th, 2017 and has been updated for accuracy.