Cyber Security myths that you must know

Cyber security is a popular topic of discussion these days. There is a misconception among people about various cyber security threats and the corresponding solutions. Cyber security is a hot topic today. As computers and networks become more complex, many people struggle with keeping up to date on the latest vulnerabilities and how to address them. When it comes to cyber security, nothing is 100% foolproof.

This article brings to light several common misunderstandings, which may help you clear your doubts regarding cyber security myths. First, let us understand what the different types of risks associated with information security are?

Physical threat: A potential situation where useful digital content (e.g., documents) is destroyed via fire or flood or any other physical danger.

Technical threat: An unplanned event that could lead to data loss due to the use of defective software or hardware or maybe an attack on the system by malicious codes.

Human threat: A situation where an external or internal user might misuse the data and cause loss of information either intentionally or due to mere negligence. Here we discuss some common misconceptions regarding cyber security myths that you must know (and discard) as a responsible cyber citizen to stay secure online:

#1 – I don’t do anything illegal on the Internet; therefore, I am safe from hackers and other cybercriminals

If you abstain from activities like sending bulk spam emails or sharing copyright protected files, it reduces the chances of being victimized by an online criminal. However, there are still ways through which your device could be compromised by malware even if you are not in any illegal activity. For example, most people think that social networking sites make them safe from phishing attacks. However, hackers can use these sites to launch phishing attacks if they have your email id and password details which you might have revealed while registering on such popular sites. Remember, not doing anything illegal does not imply that you are entirely secure from cyber criminals.

I will be notified by my system administrator if attacked

Hackers use various methods for hacking into your machine, like sending viruses as an email attachment or hiding their malicious codes in some other software available online (free downloads). It is almost impossible for network administrators to keep track of all those rogue activities going around on the web. They will never identify every breach done by external sources. It is up to the user to find the signs of compromise and report them to network administrators for necessary action.

My antivirus software will always protect me from cyber attacks

Anti-virus software indeed helps identify and remove viruses, trojans, and other malicious codes, but they can never ensure absolute protection against all kinds of malware. It is vital to install a good antivirus solution that detects viruses and malware and shields your system from zero-day attacks (unknown viruses). Most importantly, there should be regular updates to update the definition database with new threats frequently.

Frequent Updates of Operating Systems and Applications increase vulnerabilities on my system

Many people believe that frequent updates of software and OS lead to vulnerabilities in the system. If you are running Windows XP on your machine, it is better to upgrade it to windows 7 or 8 as they come with more advanced security features like a firewall (inbuilt) or built-in antivirus solution. It’s essential for users to quickly apply all the available Microsoft patches and updates because hackers may exploit known loopholes in older versions of operating systems/applications that remain unpatched by their developers.

I can browse the Internet anonymously with free proxy servers

Using free proxy sites like kproxy.com, hide-me.org, etc., cannot ensure complete anonymity online because these services keep logs of connections made by user agent (browser type), IP address, etc. Hackers can use this information to find your actual IP address and location. It is better to opt for paid proxy servers that do not store any data related to user connections or the sites they visit. Moreover, using a VPN (Virtual Private Network) is a much-recommended option. It encrypts all your Internet traffic making it difficult for hackers/network administrators to intercept them even if they are available on the same network.

I must update my software regularly to avoid security vulnerabilities

Many people believe that if their workstations are not connected directly to the internet, they don’t need regular updates of software installed on their machines which is entirely wrong says RemoteDBA.com.  Even if you install an antivirus solution on your system, keep it up-to-date, and run it regularly. Still, the applications you are using on your workstations may contain flaws that hackers can use to gain access to your machines. Therefore, avoid installing unverified software packages from different sources as they might have malicious codes or backdoor Trojans.

Windows Security Updates do not affect PC performance

People who believe this myth think closing all background applications before applying any security updates is enough for patch management, but this does not mean that you will not suffer from degraded system performance. Some of these updates require proper restarts after installation, which means more time until the next update gets installed (if done automatically). So it’s better to keep all unnecessary applications closed during patch management processes because it can help avoid laptop hangs and ensure that new updates/patches get installed immediately.

I don’t need a security solution if my computer has no internet connection

If your system is not connected to the Internet, it does not mean you are safe from online threats. Hackers can infect your workstation by dropping infected USB sticks or CDs in public places like libraries or coffee shops. They can then use social engineering techniques to trick users into inserting these media devices in their workstations without verifying where they came from. 

Another way of compromising these systems is to send an email with a file attachment that contains some code that automatically installs malware when opened without any suspicions by users, even if they have disabled all macros.