The cybersecurity threat landscape continues to evolve, leaving behind significant operational and reputational harm for financial services firms. Cyber-attacks such as those impacting LinkedIn, Talk-Talk, Yahoo and Sony have forced cybersecurity into the limelight via news making headlines, enough to fill any business with trepidation. We hear and see a lot of information floating around – some of which, unfortunately, can be misleading or, at times, inaccurate. It is imperative that firms understand how to separate the facts from fiction and develop and deploy sophisticated and appropriate approaches to information security.
So, what are these myths exactly? Let’s have a look.
Myth #1: Cyber Security? Just leave it to the IT department.
Cyber awareness needs to be embedded in the culture of the company, not just the IT team. Firms should communicate the importance of managing cyber risk to every employee in order to strengthen and integrate protocols into daily business operations. Never underestimate the effectiveness of social engineering attacks. Educating staff to avoid opening unsolicited attachments or clicking on suspicious links within emails is one of the most important areas for organisations to concentrate on today.
Myth #2 :Cyber criminals don’t target small businesses.
This myth can be particularly dangerous. Many small firms believe that because they are small, there is no risk of a cyber-attack. Therefore, there is no reason to take any precaution to prevent such an attack. In fact, the very opposite is true. In the eyes of the hackers, small businesses are often easy targets since they sometimes fail to take necessary measures to protect themselves.
Myth #3: I don’t have anything worth stealing.
You’re asking “Why would anyone steal information I have on my electronic devices when it’s not valuable or worth stealing?” Nothing could be further from the truth. Everyone who owns an electronic device is at risk from a cyber-attack. Information stored on any device, such as email account, shopping accounts, credit cards, and social media accounts such as LinkedIn and Twitter, is like a winning lottery ticket, and therefore you are a target for cyber-crime. In many cases, hackers are not using ultra advanced technologies to break in and steal your information; rather, they are using very simple phishing methods such as spam emails and malware.
Myth #4: Cybersecurity is a one-time security thing.
Remember, cybersecurity is a process, not a one-time solution. The technology and cyber threat landscape continues to evolve at a rapid speed, and firms need to keep up-to-date and adopt the latest advances and trends to combat growing cyber risk.
Myth #5: Anti-virus software will protect/sort out the issue.
Many firms believe that the anti-virus software they have installed on their PCs and/or smartphones can protect them from every type of attack. But anti-virus alone is not sufficient. Adding additional layers of cybersecurity, such as data backup and encryption, may be warranted to protect your data and guard against or create an alert when other types of attacks or intrusions occur. Don’t forget to emphasise that employee education, training, password management, and access control are also necessary layers of a comprehensive security strategy.
Myth #6: I have a firewall, so I’m safe from attacks.
Never underestimate hackers. They understand strategies adopted by a firewall and can disrupt codes and exploit basic IT oversights to gain access to your system. Employing next-generation firewall technology is a smart upgrade and can add additional layers of protection against both internal and external cyber threats.
It’s important to remain 'in the know' and stay aware of threats in the cyber world and have cybersecurity solutions in place regardless of the size and nature of your business.