According to research by the Ponemon Institute, approximately 80% of business data breaches result from human error.

Breaches are becoming increasingly common as cybercriminals continue to advance their skills and tactics to trick their victims into falling for their scams.

With human-error being the most common reason for a cyber intrusion, employee security training is crucial to ensuring employees know how to spot a hacking attempt.

Cybersecurity-Data-Breach-Phishing

Designed by stories / Freepik

“ It only takes one careless employee to cause a big issue.”

Entrepreneur provides a great example of how one employees’ simple mistake could cost an entire business.

Sally is checking her personal email at work and opens one that promises she will lose 10 pounds within the next week. She clicks the link inside of the email and without her realizing it, this action installs a virus on to her computer. Not only is the virus now on her computer, it is also infiltrating the network.

This example shows just how quickly and simply an employee can fall victim to a data breach. Since human error is the leading cause of a data breach, business owners must educate their employees on security awareness.

Since it is possible to reduce your odds of getting hacked through employee security training, October has become the National Cybersecurity Awareness Month.

In this month, Cybersecurity programs, training, and breach prevention are highlighted. Hence, companies of all sizes grasp how important it is to invest in Cybersecurity protection and training programs for their employees.

We share 15 myths about Cybersecurity that companies have believed for years and that can increase the probability of them falling victims to cybercriminals:

15 Myths About Cybersecurity

Myth #1: We don’t need cybersecurity training

Fact: Every organization and employee that has access to, or could come into contact with sensitive data, should receive cybersecurity training. Threats are continuously evolving, making ongoing training critical for all.

Myth #2: We’ll just deal with a breach when it happens

Fact: Paying for proper security and training is much cheaper than trying to recover from a single breach. In fact, many organizations that suffer a data breach don’t recover at all. Preventative breach measures will go a long way to help protect you.

Myth #3: Cybersecurity threats only enter through the internet

Fact: You don’t need to be connected to the internet to experience a data breach. For example, your organization’s entire IT system could become infected just by one employee using an infected USB drive. Threats come in many forms.  

Myth #4: A strong password alone will protect your business

Fact: A strong password is certainly important, but it is not enough to protect your organization entirely. Multi-factor authentication will help protect your account a step further, along with many other necessary security measures.

Myth #5: Small & medium-sized businesses aren’t targeted by cybercriminals

Fact: A majority of data breaches happen at small businesses. Often times, small and medium-sized businesses lack the proper security measures and training to defend against cybercriminals, making them a major target.

Myth #6: Only certain industries are vulnerable to cyber attacks

Fact: While some industries are targeted more fiercely than others, no business is off-limits when it comes to a cyber-attack. If your organization has access to or stores sensitive data, you are vulnerable to a cyber-attack.  

Myth #7: Anti-virus & anti-malware software keep you completely safe

Fact: Anti-virus and anti-malware software are incredibly important when it comes to protecting your system, but that doesn’t mean you’re in the clear. This software can’t protect against all cybersecurity risks, many of which involve human error.

Myth #8: Cybersecurity threats only come from the outside

Fact: Many cybersecurity threats do come from the outside, but insider threats are just as likely. Insider threats can have malicious intent or could be the result of an honest mistake. Either way, these insider threats are often difficult to detect.

Myth #9: You can’t be attacked on social networking sites

Fact: Many attacks can stem from social networking sites. For example, if your friend gets breached, you could get a private message from them with a link telling you to “click here to watch a funny video!” when in reality, it’s a malicious link. 

Myth #10: If wi-fi has a password, it’s secure

Fact: All public Wi-Fi can be compromised, even with a password. Anyone who has access to the Wi-Fi password could abuse the connection. That means that if your information isn’t encrypted, it could fall into the wrong hands.

Myth #11: You’ll know immediately if your device is infected

Fact: Many times, nothing visually happens when a device or network is infected. Often, the attacker’s goal is to go undetected, however, there are directed attacks such as ransomware that will be immediately visible.

Myth #12: Personal devices can’t impact your organization

Fact: Personal devices can compromise a company’s network. This makes it so important for organizations to have strong Bring Your Own Device (BYOD) policies that outline security protocols for personal devices.

Myth #13: Complete cybersecurity is achievable

Fact: Although it would be nice if complete cybersecurity were a “one and done” kind of thing, there’s no such thing as being completely cyber-secure. New threats emerge every day, making cybersecurity an ongoing process.

Myth #14: My data or the data I have access to isn’t valuable

Fact: All data is valuable. Whether your organization is a start-up business or large corporation, your data is worth something to a cybercriminal. The same rules apply to your personal data, as even a password can lead to a goldmine.

Myth #15: Phishing scams are easy to detect

Fact: Cybercriminals are continuously advancing their tactics to make phishing scams more difficult to detect. Many phishing emails use social engineering techniques to make them more personalized, resulting in a higher success rate for the attacker.