There are simple security measures that we all take that most of us would consider "no-brainers". We all know the basics, like locking your computer when you leave your desk, using caution around suspicious emails and never sharing your passwords with anyone. While we'd all say these small tasks are no-brainers, how many of us actually take these security measures seriously? Unfortunately, most people don't, including many businesses. While corporations should increase employee awareness by implementing cybersecurity cultures, back in 2019, 33.3% of employess claimed to never have received proper cybersecurity training in their jobs. With this flaw in business practices, it should come as no surprise that cybersecurity misconceptions still exist. Here are nine of them that should be left behind in 2020.
1. Private Browsing Cannot be Tracked
Private browsing or using the incognito mode can help block web browsers from collecting information about your recent searches and activities. Your cookies and history are deleted when you log off, but did you know that search engines and internet providers can still record your searches, even when you are in private browsing mode?
2. If WiFi Requires a Password, It’s Secure
Unsecured networks without a password are especially dangerous, however, public networks located in airports, cafés and hotels are also not the safest. Although they require passwords, others can access the same WiFi using the same password. Therefore, your sensitive information can be viewed by anyone using that shared WiFi. Did you know that you should never use public WiFi locations to do banking or make purchases where sensitive information can be retrieved?
When in doubt, use a Virtual Private Networks (VPN) or Virtual Desktops if utilizing a public WiFi network. A VPN connection allows you to create an encrypted connection between your devices and the internet, making it much harder for anyone other than you to see your history and activity.
3. Turning off Data or GPS on Mobile Devices Stops Location Tracking
When your business deals with sensitive information, you may be required to leave your mobile phone at home. Though you may see this as an inconvenience, did you know that even if you turn off your GPS Tracking on your cellphone, data can still be collected? Your cellphone connects to cell towers and Wi-Fi networks and those technologies can track you.
4. A Strong Password is Secure Enough
A strong password is important to security, but this alone is not enough to prevent a cyberattack. This is why your business needs Multi-Factor Authentication (MFA). Whether a one-time code, a fingerprint, a passcode or a security question, Multi-Factor Authentication adds and extra security layer to your devices and network.
Make sure to use strong passwords that contain a combination of letters, numbers, symbols and upper and lower case letters, ensuring that the password doesn't contain any words in the dictionary. Never leave your passwords where they can be easily accessed; instead find a trustworthy password manager to encrypt your password information. Learn more about the do's and don'ts of password creation here.
5. Regular Password Updates Increase Security
Even though we've all been told otherwise, frequently changing your passwords can actually hurt your business. This outdated protocol is costly, time consuming and is predictable for hackers. Learn more about the risks and setbacks you face by implementing this into your security practices.
6. Emails are Secure
Without email security powered through Security as a Service (SECaaS), emails are not secure. This is because it blocks spam emails, prevents viruses and protects users from popular cyberattacks like phishing.
Phishing is an attempt to get you to click on a malicious URL sent by what seems to be a trusted source. Emails frequently use threats and a sense of urgency to scare you into push the link that might seem safe and familiar to you. Successful, deceptive phishing depends on how closely the attack e-mail looks like a legitimate company’s official correspondence. When in doubt, always contact the establishment directly through numbers you have in your personal files.
7. Digital and Physical Security are Separate Things Altogether
Although they appear to be separate, digital security is a part of physical security. This is based on the relationship between information security vs cybersecurity vs network security. While information security handles both physical and digital protection of companies, cybersecurity and network security are both branches of information security and all three are essential to the security of your business.
Cloud solutions are the future, however, physical security is just as important, as it protects tangible items like credit cards, paper files and copies of confidential employee information. So, although majority of company data should be protected in the cloud, don't neglect those old fashioned paper shredders and file cabinet locks.
8. Cybersecurity is a Hefty Financial Investment
Cybersecurity is an investment, however, it doesn't even scratch the surface of the catastrophic amounts a data breach costs. The average cost of a single cyberattack is approximately $3.92 million. Back in 2019, the City of Baltimore suffered a whopping $18.2 million ransomware attack, simply because they lacked an investment in cloud backup, disaster recovery and Security as a Service (SECaaS). Save your business from a diaster, and get in touch with NewCloud Networks to learn about custom cloud services.
9. New Devices and Software are Secure
It's easy to purchase a new device and assume it's pure, however, just because you have a new laptop or a new smartphone, doesn't mean it's secure. For starters, security tools like anti-virus and firewall protection still need installation. Newer devices are also a double-edged sword because they are just as dangerous as they are convenient and efficient.
You know when you were just talking with a co-worker about something and then suddenly an advertisement about that exact topic pops up on social media or a web page you were looking at? That's not a coincidence. The intelligence of that technology is constantly capturing what we are saying and searching for. It listens to us, watches us and tracks what we type into search engines. This ultimately increases concerns about cybercriminals. The main takeaway here is that all devices, whether new or old, need protection, data backup and consistent upkeep.
When it comes to cybersecurity the best place to start is educating yourself and your employees. Set up regular trainings to make security a priority for everyone in your company. Have employees correct each other and remind each other of best practices. Though these issues may seem minor, it only takes one mistake to lead to disaster. And though these are issues that are avoidable, being that our businesses operate with humans, your company is bound to eventually find itself under attack due to human error. That’s why it is important to account for the possibility of human error in your disaster recovery plan.
This content has been modified from its original source for timeliness and accuracy. Original author is Matthew Fall. Modifications by May Elliott.
This blog was originally published on March 30th, 2017 and has been updated for accuracy.