Myth #1 – Antivirus is all I need
Of course, the right antivirus software or firewalls are indeed an essential part of cyber protection and will be perfect as a first line of defence, but … But what if there is a threat that is not defined in the database, which is not impossible at all, given the ingenuity and determination of cybercriminals.
Furthermore, antivirus software and firewalls will only be effective if you keep them updated and properly configured – which may require professional intervention. The last thing you should remember is that an antivirus can protect your company from malware, but when it comes to social engineering attacks, it is of little use.
Myth #2 – Small businesses are never targeted
This myth is a classic that has been repeated for years. Remember! Just because you haven’t heard of something doesn’t mean it doesn’t exist or hasn’t happened. The subject of a small company that collapsed after a hacker attack is simply not very interesting for the media. On the other hand, if something like this happens to a large company, it’s almost headline news. Meanwhile, cybercriminals are keen to target small businesses because they see their failing security infrastructure as an easy target. If you do not want your company to become this “easy target”, check the offer of cyber ranges such as https://cdex.cloud/cyber-range/and invest in your company’s cybersecurity.
Myth #3 – Strong passwords will protect my business
Oh, yeah… the hacker already hit the “like” button. Of course, strong passwords are essential, that’s a fact, but relying on passwords alone is an unimaginable mistake. An experienced hacker will find a way to crack a password (also a complex one) in no time. Therefore, if you care about the cyber security of your company, you should implement two-factor authentication, which means that when logging in, apart from the password, a second confirmation will be required, such as an SMS password, confirmation in the application or by e-mail.
Myth #4 – A cyberattack always comes from outside
Unfortunately, insider threats are increasingly becoming a concern for businesses. Of course, these are not always malicious (intentional) actions, sometimes they result from simple negligence, mistakenly sent data to an unauthorised person or accidental clicking on a link.
Of course, there are also deliberate attacks carried out by dissatisfied employees or dishonest contractors. The best protection in this case is to limit to a minimum the persons entitled to key resources.