fbpx
Mytek Logo
MyTek Logo

Top 5 IT Security Myths

by | Jun 24, 2022 | MyTek Blog, Security

Q

Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

In the wake of the pandemic, cyber crimes have evolved rapidly. It’s not just the hackers who have stepped up by launching sophisticated attacks, IT security myths and obsolete ideas in the industry are equally contributing to their success. 

According to an Accenture report, the number of cyberattacks on companies has increased from 206 times to 270 times within a year. Apart from the number of attacks, cybercrime damages have shot up exponentially as well. A Cisco/Cybersecurity Ventures study reports that cybercrimes will cost $10.5 trillion by 2025. Companies, especially SMBs cannot afford to ignore IT security and they surely cannot allow assumptions to determine their strategies. If you’re worried about cyberattacks, start by understanding the security myths and how to avoid them. 

1. My passwords are strong 

It’s important to mandate the use of strong passwords across the organization but that’s just one part of a bigger step. Businesses often equate special characters, exclamation marks, and upper case letters to be the only markers of a strong password. But it’s not just how complex a password is, it’s also about making sure it’s longer than average. Today’s password cracking systems are so advanced that they can guess a fairly complex 8-character alphanumeric password within seconds. To prevent a brute force attack in your organization, follow these steps:

  • Always go for 12 characters while creating passwords. It’s even better if you can use 15-18 characters. The longer it is, the harder it is to crack
  • Always use a combination of uppercase and lowercase letters, special characters, and numbers
  • Do not recycle old passwords. Always create unique and new passwords
  • Do not use personal phrases or nicknames, popular terms, and quotes
  • Use a random password generator tool to create strong passwords based on custom criteria. This way you’ll save a lot of time

Here’s what a strong password looks like: *;2a{?k7=9BQ=#’

The type of weak password you should avoid: maTT@Hr

Ticking all of the above boxes does not guarantee you complete security. You should always use multi-factor authentication (MFA) to add an extra layer of security. 

2. Cyber threats are only external

While determining threat actors, businesses often look outside. But not all cyberattacks come from third-party agents, some are triggered from within. According to a Ponemon study, the cost per insider threat has risen 33% to $15.38 million in 2022. Internal security attacks can be attributed to two factors:

  • Lack of IT security training: Employees need to be cognizant of security issues and the consequences of exposing critical data. Regular training and education can help you mitigate the security ignorance
  • Paid or disgruntled internal agents: Unhappy ex-employees can leverage their knowledge to expose the company to cybercriminals. It’s also possible that people with knowledge of sensitive data are paid to willingly compromise a company’s security protocols or hand over credentials to third-party agents. Even though this is an extreme step, you cannot rule out the existence of malicious intent.

To prevent internal agents from compromising the company, conduct regular security assessments and training. You should also evaluate employee privileges and account access while enabling 24/7 endpoint monitoring. Look for session activities at odd hours and unusually high traffic to narrow down on issues. Robustly documenting SOPs and enforcing policies are also effective ways to weed out internal threats. 

3. You will know if you have been hacked immediately

According to an IBM report, security teams take 287 days to identify and neutralize a data breach. If you are immediately informed of an attempted cyberattack on your company, consider yourself lucky! Cyberattacks such as DDoS and ransomware attacks are designed to overwhelm systems immediately and force you to take impulsive decisions. Contrary to popular belief, this is not how all cyberattacks function. 

Most criminals would look to enter your system and silently collect all the critical information over weeks and months. During this period they’ll monitor access data, and employee usage and spread their net as much as they can. 

You can detect a possible attack if you find unusually high network traffic, large file downloads, frequent network connection requests, location anomalies, and unidentified notifications over a period of time. Knowing that cybercriminals can stay hidden within your system for a long time before dealing a heavy blow is crucial. You can expedite theft detection by constantly monitoring network access, emails, and support tickets

4. Compliance means meeting security needs

Due to privacy and security threats, global compliance has become a popular metric to judge a company’s security. But making your business compliant is merely the first step—you cannot afford to be content and think that compliance equals security. 

For example, PCI DSS is a popular compliance metric for payment gateways. But PCI only covers MasterCard, Visa, Discover, JCB International, and American Express cards, leaving other transactions and entities that don’t store card data without any regulations. If you’re only following PCI compliance, you’re exposing your customer data to be exploited by malicious agents. 

There’s a huge gap between compliance and security standards, something that can be bridged by making policies and infrastructure secure by design. Instead of sprinkling IT security later, build products to run compliance securely. If you’re working with large amounts of data, consider retaining only essential bits to reduce the chances of cyberattacks. Along with this, properly evaluate cloud partners and third-party vendors, understand their policies, how they handle data, and the impact of a data breach on your business. 

Compliance should be due diligence but it’s important to be proactive and purposefully build solutions to mitigate threats. 

5. My IT partner has security covered 

Most businesses are hiring managed IT security services providers to handle their data backup and security. Judging by the increasing level of threats, it’s only reasonable to take help from industry experts. But you cannot afford to assume that your IT partner will solve all of your security woes—some issues are fundamentally built into a business. 

Security-aware employees are assets to companies so your workforce must be trained with security best practices. Make sure your employees are trained to identify malicious links, phishing scams, malware attacks, and brute force attempts. They should protect their identity online to prevent social engineering and keep their personal devices secure to prevent data leaks. Being vigilant about security is one of the best steps you can take toward protecting business and consumer data.

The above myths are undermining security steps taken by various organizations in 2022, which have been greatly exploited by threat agents. Only robust education can help businesses to tighten their security going forward. 

Tags:

ABOUT THE AUTHOR

Tim - Team

Tim Tiller, LMSW

 
Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.

Q

Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.

AUTHOR’S RECENT POSTS

Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Share This