Debunking Today's Computer Security Myths
All businesses are susceptible to threats like hackers and computer viruses. Making matters worse is the great deal of misinformation floating around regarding cyber security.
The Internet attracts urban legends and myths the way car-door handles in ghost stories attract bloody hooks. Computer security isn’t immune from this trend, and many security “facts” are, at best, inaccurate. Some of these myths are recent developments, while others have been around for years.
In preparation for National Cyber Security Awareness Month, which is observed each October, we invite you to gather around the virtual campfire as we clear up some common misconceptions about computer security.
1. The Antivirus Industry Creates Viruses
Let’s deal with a completely loopy, but oddly pervasive, computer security myth first: the idea that the antivirus companies develop and release computer viruses to maintain sales. This myth is especially popular among tech conspiracy theorists — the type of people who treat The X-Files as a documentary and refer to the general populace as “sheeple” during forum discussions. The myth assumes that the entire antivirus industry is engaged in a highly secretive and encompassing plan to defraud computer users. (By the same logic, firefighters are arsonists and farmers engineered hunger so they’d have a market for their crops.)
While it’s true that a variety of malware called ransomware infects computers and then sells a “solution” to the problem, these rogue programs are not affiliated with legitimate antivirus programs. In fact, legitimate antivirus programs are the first line of defense against devious hackers. “Now more than ever, small business owners should be taking all precautions to ensure their businesses are secure. Antivirus programs are such an easy and reliable solution to circumvent cyber threats,” says Conor Kearney, vice president of technology merchandise for Staples.
2. The Internet Is My Main Security Threat
A security policy that only considers Internet-based threats is woefully incomplete. Yes, hackers can breach your network security. Yes, malware can infect your network through unsafe Web sites. However, the biggest risks to your security are those who work for you.
It’s true: Many security breaches originate with employees. A small number of employees are simply dishonest. Disgruntled ex-employees may walk out of the office with USBs full of information, or use still-valid passwords to access your database.
More often, however, human error causes security breaches. An employee loses a laptop, for instance, or incorrectly disposes of printed information. Social engineering attacks understand that a friendly or authoritative phone call can breach security much faster than a complicated computer hack. Don’t neglect online protection, but never underestimate the human element when you consider network security.
3. Apple’s Operating System Is Safer than Microsoft’s Windows
For years, Apple users held up the relative lack of malware on its Mac computers as evidence that the Apple operating system had fewer security flaws than Microsoft’s Windows operating systems. Actually, Mac users were safer because they represented a relatively small percentage of all computer users. Malware writers prefer to target the largest possible audience. As so, because many people use Windows, the hackers focused their attention on Windows and ignored Apple.
But now, people use Apple devices in sufficient numbers to attract malware. For example, in 2012, the Flashback Trojan affected 600,000 Macs. And a year later, Apple computer users were hit by a virus that targeted iPhone developers via the Java programming language. The point is: Using a Mac does not render you immune to virus attacks.
4. Windows Is Insecure
Directly related to the above myth, this one takes the view that Windows must lack security because so many malware programs use Windows vulnerabilities to infect machines. Microsoft patches and security updates actually do a very good job of keeping Windows secure — as long as the user installs the updates. Many successful malware programs rely on security vulnerabilities that Windows patched months, if not years, ago because people neglect to update their operating systems.
5. Hackers Only Target the Big Players
Some small businesses take false comfort in their size. The assumption is that hackers and data thieves only target big companies, major financial institutions, and government agencies. However, small businesses are, in fact, prone to equally threatening data breaches and hacks.
For instance, hacking into a major credit card company’s databases may represent a major triumph for hackers, but such targets have significant security and are difficult to breach. On the other hand, while small-business data offers less financial gain, obtaining it presents considerably less difficulty and risk.
Think of it this way: A hacking attack on a large company requires the planning and execution seen in a major armed bank heist. Breaching a small business’s security is more on par with shoplifting. The fact that one crime offers more rewards does not mean criminals ignore the lesser offense.
That being said, small businesses need to have a defense plan in place, too. Often, small business owners recognize the importance of cyber security, but are unable to manage the complexity of this issue themselves. Consequently, the cyber security of small businesses tends to be neglected. A quickly and easily installed antivirus software program could solve this problem. For example, Norton™ Small Business is a single solution to securing computers and mobile devices within a small business’ network.
6. If I Don’t Download Anything, I’m Safe from Malware
Never believe this statement. Too often, people believe that if they don’t download anything from the Internet and only visit “trusted” Web sites, they’ll keep malware off their computer.
That myth leads to an important question: What exactly do we mean by a “trusted” site? Do we mean a site that we use frequently without any apparent problems, a site with a well-established reputation or a Web site that antivirus programs declare safe?
All of those definitions could describe a trusted site, and all could prove to be false in a second. A Web site can contain malicious code and viruses that infect your computer, whether you download anything or not. Hackers can insert malicious code into sites that would normally be perfectly safe.
And, it should be noted that while many people assiduously avoid downloading anything from Web sites, they’re quick to open email attachments, particularly if the attachment comes from an email address they trust. Malware often spreads by piggybacking on email attachments that appear to originate from legitimate sources.
7. You Can Get a Virus Just By Visiting Facebook
The most honest answer to this question is “maybe,” though you’re unlikely to infect a computer simply by logging into Facebook and reading your friends’ posts.
However, following links in those posts could expose you to malware, especially if malware compromised your friend’s account. Be especially suspicious of any link that seems at odds with a friend's character, or something a friend posts that’s overly promotional — such as an offer for free airline flights or technology products.
Facebook also supports a vast array of games, surveys and other third-party applications. The safety of such applications varies widely. Avoid Facebook third-party apps if you’re accessing the Web site from work, and think carefully before accepting an app’s terms of use if you’re using a personal computer.
A False Sense of Security
Today’s computer security myths all have one thing in common — they can lull you into a false sense of security. Keep your PC free from viruses by always employing a critical eye and lots of common sense.
Similar to your annual doctor visit, use Cyber Security Awareness Month to give your small business a health check, reassessing its network security and ensuring you have the proper tools in place to protect it from a cyber-attack.