The online world has evolved and become a much more dangerous place in recent years. Data breaches at public and private organizations are constantly in the news.
Practicing good cyber hygiene is more important than ever.
With the holidays upon us, the state Office of CyberSecurity wanted to run through some common myths related to cybersecurity:
Myth: Small and medium sized organizations aren't targeted by hackers.
Reality: Small businesses made up over half of last year's breaches.
Myth: Only certain industries are vulnerable to cyber attacks.
Reality: Any organization with sensitive information is vulnerable to attack.
Myth: Anti-Virus and anti-malware software keeps you completely safe.
Reality: Software can't protect against all cyber-attacks.
Myth: Cybersecurity threats come from the outside
Reality: Insider threats are just as likely, and harder to detect.
Myth: You'll know right away if your computer is infected or compromised.
Reality: Modern malware is stealthy and hard to detect. Some of the largest data breaches were not discovered for years.
Myth: Personal devices don't need to be secured at work.
Reality: All smart devices, including wearables, can compromise a network's system when connected to a network outside the control of the organization.
Myth: I don't go to dangerous sites, and I check my links, so I'm safe.
Reality: Your browser is the biggest vulnerability. Just visiting a compromised website can allow control of your system.
Myth: All my virus detection software is up to date, so I'm safe.
Reality: Virus detection software detects known virus signatures. New and mutating virus' can evade signatures.
Myth: An infected computer displays a message intended to scare the user, or operates very slowly.
Reality: Dangerous hackers don't want to put a joke or skull on your screen. They want to control it or steal information.
Myth: Our systems are proprietary, hackers don't know the communications protocols.
Reality: Protocols used in SCADA and process control are well understood and information is widely distributed.
Myth: We have a firewall. We are in good shape.
Reality: A well designed firewall can provide significant protection from external threats. Authorized users doing legitimate work are often the biggest vulnerability.
Myth: Our systems are totally disconnected from the Internet, so we don't have any risks.
Reality: Internal threats pose a large threat. USB drives, laptops, etc. that are brought in to the isolated network can introduce huge risks.
Myth: Cyber security is handled by our IT department. It's too complicated for management involvement.
Reality: It is everyone's responsibility to address security issues.
Myth: We don't have enough funding to implement a cyber-security program.
Reality: Many steps to protect your organization can be achieved at low cost. An ounce of prevention is worth a pound of cure. Absence of cyber security exposes the organization to significant risk.
Myth: Going back to paper (or No Internet) minimizes risk.
Reality: Disconnecting or implementing "air gaps" damages efficiency and productivity. You can't tell if the paper copy has been copied or removed.
Myth: A VPN make you completely anonymous.
Reality: Just because the VPN data tunnel is encrypted hardly makes you anonymous or immune to other types of security compromises.