Whether it’s for work or pleasure, we are all spending more time online than ever before. Given how advanced and user-friendly modern technology is, it is not surprising that the online world has come to dominate the offline. However, as our lives are increasingly digitized, the need to keep us and our information secure from criminals has become increasingly obvious.
Recently, a virtually unknown marketing and data-aggregation company Exactis has fallen victim to a major data breach. According to statements, the company might’ve been responsible for exposing up to 340 million individual records on a publicly accessible server. In this time and age, data breaches are not a rare occurrence. Major corporations face cybersecurity problems on a daily basis.
Clearly, there is a thriving criminal market for hackers. But how can the average internet user keep safe? Knowing these 5 myths will definitely help you get started!
Myth 1: A Firewall keeps me safe
As you would expect, hackers know a great deal about computers. The purpose of what they do is to gain access to systems that they should not have access to. According to a research conducted by Breach Investigation Reports, cybersecurity professionals only regard 17% of threats as being highly challenging. This implies that they view the vast majority of what they do as very easy.
All businesses and organizations should maintain a firewall, but it should not lull you into a false sense of security. A determined hacker will use a variety of online and offline techniques to get into your systems.
Just last month, Cisco, a well known tech company, has discovered 24 security vulnerabilities in their firewalls, switches, and security devices. On June 20, the company released the necessary updates, which counteract those vulnerabilities. While firewalls are a security measure, it is essential to understand that they are susceptible to something known as a zero-day attack. Zero-day attacks are unknown, or newly designed intrusions that target vulnerabilities before a security patch is released.
Myth 2: HTTPS means I’m secure
Sending information over an HTTPS connection means that the information will be encrypted and secured, preventing snooping from outside parties. HTTPS ensures that data is safe as it is transferred between a web server and a web browser. While HTTPS will keep your information from being decrypted and read by a third party, it remains vulnerable.
Though the HTTPS protocol has been developed to ensure secure communication, the infamous DROWN attack proved everyone wrong. As a result of DROWN more than 11 million HTTPS websites’ had their virtual security compromised.
Remember, from the perspective of a hacker, who’s looking for a way to exploit your website, the notion of unbreakable or unhackable does not exist.
Myth 3: My host ensures security
This is a statement that’s never true. Hosting service providers are responsible for thousands of websites, so it is absurd to think that they can manage security on each one individually. They might have some excellent general security policies in place, yet they can’t ensure total security for quite a few reasons. Just like any other company that collects and maintains data, hosting providers are just as susceptible to cyber attacks.
It’s best not to assume that your host has it covered when it comes to your security. If you haven’t set the protections up yourself, consider them non-existent until you’ve seen and configured them.
Myth 4: No Internet connection means no virtual security threats
This is a pervasive myth, but a myth nonetheless. Unless you are dealing with a machine that is literally never allowed to connect to a network, at some point, it will communicate with other computers. Whenever this happens, there is the potential for malware and viruses to spread. In some instances, malware can infect your operating system via physical data sharing devices like USB drives or CDs. Infecting your computer with malware could have detrimental outcomes. For instance, a ransomware application can easily encrypt vast quantities of data in just a few moments. Your best bet to maintain a secure system at all times is by running a reliable antimalware tool on your computer.
Don’t assume that just because a computer has remained offline, it can’t be infected. In 2013 first reports came in that scientist have developed a prototype malware that might be able to use inaudible audio signals to communicate. As a result of that, a malicious piece of software could communicate and potentially spread to computers that are not connected to a network.
Myth 5: A VPN ensures security
VPNs can be an excellent way of improving your overall online security by hiding your identity and making you much more difficult to trace. However, you should always be very careful about the VPN services that you use, especially if they are free. There are many free VPNs which exist for nefarious purposes. They might be hiding your IP address (many are not), but their primary function is to siphon away your personal data, which they will then sell.
The simplest way to avoid these types of thefts is to, first of all, ensure that you thoroughly research and vet any service before using it. Check this list to be sure that a VPN service of your choice does not log data.
Often a VPNs selling point is security and privacy. However, that’s not the case at all times. Not too long ago, PureVPN, a service that stated in its policies that it maintains a strict no-log approach at all times, have been exposed to lying. As it turns out, the company handed over information to the FBI regarding the activity of a cyberbully, Ryan Lin, who used a number of security tools, including PureVPN, to conceal his identity.Many users have fallen prey to virtual security myths and suffered detrimental consequences. Cybersecurity is something that we should all take more seriously, especially as we are putting more of our lives online than ever before. Knowing the above 5 cybersecurity myths is a useful first step in implementing better practices yourself.
About the author
Harold Kilpatrick is a cybersecurity consultant and a freelance blogger. He’s currently working on a cybersecurity campaign to raise awareness around the threats that businesses can face online.