Top 10 Cybersecurity Misconceptions
We’re kicking off National Cybersecurity Awareness Month with a list of the top ten misconceptions surrounding cybersecurity. How cyber aware are you?
1. My data (or data I have access to) isn’t valuable.
All data is valuable. Do an assessment of the data you create, collect, store, access and transmit. Classify it by sensitivity level and ensure there are measures in place to secure it. Click here to review Microsoft’s Data Classification Guide.
2. Cybersecurity is a technology issue.
Cybersecurity is about people, process, AND technology. Employee training, clearly defined processes and policies, and adequate technology infrastructure are all critical in a layered security model.
3. Cybersecurity requires a huge financial investment.
Many efforts to protect your data require little or no financial investment. Create and institute cybersecurity policies, restrict administrative privileges, enable multi-factor authentication, and train employees to spot phishing emails. Interested in more information on staff training? Contact us today!
4. Outsourcing to a vendor eliminates your liability during a cyber incident.
You have a legal and ethical responsibility to protect sensitive data. Review vendor policies and sharing agreements and have a lawyer review them when necessary. Not sure what to include in your Vendor Security Policy? Here are some starting points.
5. Cyber breaches are covered by general liability insurance.
Many standard insurance policies do not cover cyber incidents or data breaches. Speak with your insurance representatives to review your existing coverage and confirm it meets your organizational needs.
6. Cyber attacks always come from external actors.
False. Identify potential cybersecurity threats that could come from within your organization and develop strategies to mitigate those risks.
7. Younger people are better at cybersecurity than others.
Age is not directly correlated to better cybersecurity practices. Before giving someone responsibility to manage your social media, website, or network, discuss your expectations and their cybersecurity knowledge.
8. Compliance with industry standards is sufficient for a security strategy.
Complying with industry standards alone does not equate to a robust security strategy for an organization. Use a verified framework, such as the NIST Cybersecurity Framework, to manage and mitigate your risk.
9. Physical security is not as important as digital security.
Do not discount the importance of physical security. Develop strategies and policies that relate to your organization’s unique physical security demands. Who can access what, and where?
10. New devices and software programs are secure when I buy them.
Just because something is new, does not mean it is secure. Verify that the operating software is up to date, change the default manufacturer’s password, and configure the privacy settings prior to use.
