Based on the article published in Forbes Technology Council
I talk to people every day about cybersecurity; what they’re doing, what’s been working, and what hasn’t. And what amazes me is that even though everyone knows that cyber threats are only heading in one direction – of advanced sophistication and capability, I still so often hear about the mental cybersecurity shortcuts we all take.
So out of curiosity, I thought I would quiz my network of professionals to see which cybersecurity myths are most often held. Often, despite our better judgment.
The results were interesting.
Perhaps because compared to large corporations, individuals tend to have relatively little data. But while there may be less data, it’s no less important- especially to you. The log-in details to your bank account could be used to easily steal your money. The credentials to your email and social media accounts could be used towards identity theft or analyzing the details of your network to conduct a spear-phishing campaign, where hackers use the data that they’ve found to make their phishing emails look authentic and legitimate.
Do you store family photos on a cloud network? These could all potentially be encrypted in a ransomware attack with a demand to be paid should you ever want to look at them again. Let’s not even get into those embarrassing incriminating photos…
But what if your private data has already been hacked? You may feel like the situation is hopeless because “the horse has already bolted”. But the truth is it’s never too late. Different breaches mine for different data points and just because your Facebook credentials have been stolen doesn’t mean hackers have automatic access to everything. If anything, inaction raises your risk profile as hackers deem you an easy target. To improve the protection of your personal data make sure you keep your programs updated, keep different passwords for different programs, and have a quality cybersecurity solution in place.
There is a widely held belief that the brands you can trust won’t take advantage of you, they will protect your data, as they surely do everyone else’s data?? But the reality is almost all mainstream sites are collecting data about you, and if not they’re not profiting off that data themselves then there is a very good chance that hackers are.
The more sites you go to, even the trusted ones, the more cookies that are held in your browser. What’s more, by surfing to numerous sites not only are you providing more data about yourself, but you’re also providing more pools of data that are being held by the various sites you visit. And applying basic theories of probability, the more pools there are increases the probability that any one of them will be breached.
The hard truth is that the only way to effectively ensure your privacy is to disconnect from the Internet. Failing that, another good way to protect your data is by encrypting your internet traffic history by using a VPN. A VPN adds an extra layer of encrypted protection to a secured Wi-Fi network, preventing your friendly corporate agents from tracking you while you’re online.
Go to your spam filter and there is a good chance that you’ll see a dozen or so phishing scams that you can easily spot – but they’re not the ones you have to worry about. Phishing emails are becoming more clever and sophisticated in their ability to infiltrate organizations. Large corporations and governments alike have fallen victim, because all that’s needed is for one employee to mistakenly click on a seemingly innocent link or an attachment. In fact, over the coronavirus pandemic, the number of phishing scams has gone up exponentially.
And hackers only seem to be getting better at fooling us. The spear-phishing campaigns mentioned earlier look very realistic and the hackers creating them are successfully manipulating victims to complete the activities that give them the data or the access that they’re seeking.
To bolster your organization against even the most advanced phishing campaigns make sure that you have anti-spam and anti-phishing solutions in place, many of these may also include training course that simulates phishing emails, so employees can work out how to identify a scam. But for the really sophisticated spear-fishing attacks, you’re best off using a tool that conducts content inspections, where all attachments that are clicked on are scanned for malware.
Do you know studies on passwords found that a sizable chunk of the population all consider ‘123456’ to be their own personal secret password? And without any sense of irony, the second most common password is ‘password’. Unfortunately, it seems that while many of us are not that clever, we’re not that original either.
Unfortunately, as hackers are getting more sophisticated, even long and complicated passwords are not enough to keep your data safe. The development of AI has not always worked in our favor, tools are available that use AI to run billions of password combinations and within seconds a password can be identified. So even if Google has deemed your password as ‘strong’ because it ticks all the boxes with its combination of capital letters, numbers, and symbols, it doesn’t mean your email account is beyond the pale of being breached.
So, rather than trying to get more creative on your password, a better method would be to use password managers with two-factor authentication or 2FA. By using 2FA users can confirm their identity by using a combination of two different factors, something they know i.e. their password and something they have i.e. their mobile phone.
While many of these myths might be tempting to hold onto because they let us off the hook of having to incorporate more stringent security methods, your personal data is important and justifies putting in the proper protections.
And that’s no myth.