3 Cyber security Myths that will get you HACKED

The world has become digital. Like it or not, we need to save the trees. Connectedness is driving the world to move everything online, whether it’s personal or professional, it is inevitable that almost everything will become digital. One day soon you may be reading this article in the latest Virtual Reality headset, logged into some metaverse with the avatars of your colleagues hovering by your large virtual corner office.

While it’s true that you can’t hack paper, most business and commerce has transcended the days of paper. Generally speaking, trends move towards convenience, and digital ways of doing business are simply more convenient. This is a particularly important concept when it comes to cyber security. How willing are we to give up security in favour of convenience? The unfortunate answer is: surprisingly willing. This convenience produces a willful ignorance towards what cyber threats truly exist in the business environment, and lead the way to three major myths (or excuses) that will end up with you being hacked.

1. We don’t have any valuable data that hackers would want

Maybe you are thinking to yourself, “we don’t collect credit cards” or “we don’t work for the government harbouring national security secrets” … well yes, maybe this is true, however there is plenty of valuable data in the most mundane of businesses. 

Chances are that you communicate most of your business through emails. The email addresses alone are valuable pieces of data to the right group. All of your employees have given key pieces of information to the business when they were hired; social insurance number, personal phone number, home address, etc. All of this data can be used to build a virtual representation of you. In the wrong hands, someone could call your bank pretending to be you, and easily pass all the “security questions” the bank may ask to verify your identity.

The truth of the matter is that all the data your company collects has value in the wrong hands. Once inside your network, a malicious individual can get access to personal information and even passwords. Once they have your password, well they can lock you out of your data. And this can cause some serious downtime

2. We are a small company; Not big enough to have to worry about cyber security

This is actually one of the reasons why hackers will target small to medium sized businesses. Who do you think has the stronger cyber defenses, a major Fortune 500 company, or the lean mom-and-pop type shop? Yes, the Fortune 500 company may have more ability to pay higher ransoms, hacking groups don’t want to go too big or it could cause some issues. They know that their target market is the smaller companies, who won’t get the attention of the FBI or Cybercrime division. Unfortunately, if you call the police saying that someone has locked all of your data and they are demanding $500,000.00 as ransom … the authorities will likely just tell you to pay the ransom. 

attacks by company size

Source: https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority

3. Most of our operations are cloud-based which we’re told is secure 

Every business operates differently, however many are opting to use online cloud platforms such as Google Workspace, or Microsoft Office 365 for the emails, documents, and storage. These are great and convenient methods to run a business. Many companies still operate with some form of local server, in addition to these cloud services. However, even if you are 100% cloud based, these platforms are complex environments and there are still many variables for you to manage to reduce the risks. 

These cloud platforms may have all the necessary protocols in place to protect them from malicious attacks, however each user account is still managed by a user with a password. When it comes to cybercrime, it is much easier to use social engineering to retrieve a user’s password, than it is to try and break through the security protocols of a cloud service. Unfortunately, the users of an application are typically the weak link in the chain. According to the Verizon 2021 Data Breach Investigation Report, 89% of Web Application breaches are caused by weak passwords.

 

Those are the Myths, now what about the Truth? Check out our article on 4 Simple Tips to Strengthen your Cyber Security.

 

Are you considering a cyber security assessment for your company? Does your industry require cyber security Auditing for compliance?
Connect with us today by clicking here to learn more about how we can protect you in the digital world!