Top Five Cybersecurity Myths You Need to Stop Believing
By Jack Foster, VPN Geeks
With the increased allegations of privacy hacking, unauthorized data usage and access, and election interference, cybersecurity software is booming. Considering risks such as ransomware, illegal access of private data and weaponized IoT devices, users are looking for the best ways to protect their sensitive information.
But, the first step to knowing how to improve your data protection levels is to understand the top five myths about cybersecurity.
Firewall & Antivirus Software Guarantee Network Security
Firewall technology protects an internal network from being accessed by unauthorized users while allowing online data transfers.
A classic home network configuration includes a router - which is the hardware firewall device - and a PC/ Mac which integrate firewall software. Although the setup may seem secure, most users don't run the periodic upgrades recommended by manufacturers. This has led to many examples of router hacks. Users should never disable the WPS feature on their routers.
Commercial routers integrate robust firewall functions and include more frequent upgrades.
Also, running an antivirus program on the computer won't guarantee full protection. There are always new viruses, Trojans, worms, backdoors, ransomware, and key-loggers. Microsoft integrates Windows Defender in its standard operating system. However, the best approach is to run additional antivirus software and anti-malware programs to monitor background activities.
Passwords Will Keep Users 100% Safe
Passwords can help keepsensitive financial and personal data safe, however hackers can still crack them. For example, advertisers can reel in data from online browser-integrated passwords. The growing security concerns around passwords has led to the development of a dedicated website where users can confirm if hackers have breached their credentials. Or better yet, users and companies alike should activate a 2-factor or multifactor authentication which involves a second confirmation for logging into an account.
By using something the user has, such as a smart card or token, in combination with something the user knows, such as a password, hackers have an all-but-impossible task in accessing that user's data.
VPNs Provide Complete Anonymity
A VPN is the go-to software for most internet users. VPNs encrypt data transfers through VPN servers and keeps users anonymous and protected from hacks. Although the traffic tunnel enjoys increased security, various bugs can affect the system. For example, Cisco warned users about a VPN bug which scored a high 10 on the CVSS (Common Vulnerability Scoring System) which allowed hackers to bypass adaptive security appliance programs.
A VPN allows users to override geolocation systems and other restrictions, but it doesn't provide complete security and can get compromised. Cybersecurity software such as these VPNs can expand browsing capabilities and offer a layer of privacy. However, even with VPNs, users may still face a DNS or IP leak.
Traffic Encryption Provides Complete Safety
Traffic encryption is a good step toward online privacy. But any information stored on a website is a potential weak link which could lead to data being made public. Unauthorized public exposures can appear due to incompetence or malicious activities. For example, the 2017 Equifax breach publicly displayed the sensitive data of millions of US citizens to hackers. To this day, experts are still trying to understand how the breach occurred.
Also, search engines collect incredible amounts of information and data about users' traffic for ad-targeting purposes. Users should re-check their social media settings and configure adequate access and privacy settings. Another example of a data breach is the Cambridge Analytica scandal which highlights that users aren't always aware of who is using their data or how it's used.
Cloud Services Aren't Secure
Despite bad press about the security levels offered by cloud services, the cloud services typically are not to blame for hacks. Phishing attacks cause data breaches, and the source of the problem stands with the user. However, users should always double-check the encryption levels and end-user agreements provided by the cloud services they are considering. Free cloud service isn't free - users typically pay by giving up some of their personal data. The services mine users' private and financially sensitive details and sell them to marketers for targeted ads and promotions.
Enterprises are letting go of the private server eco-systems and are naturally transitioning toward adopting cloud services. It's a natural perception to consider that what is in the user's control is safer. However, cloud providers including Microsoft and Oracle are investing enormous amounts of expertise and funds to improve cloud security levels, efforts that are difficult to match by a single organization.
It's clear as 2018 comes to a close that consumers and corporations must become even more savvy about security. Addressing the above myths is a good way to improve security and limit exposure to data breaches.
Tags: iam, cybersecurity, two-factor, pki, authentication, identity, smartcard, identitymanagement.