Separating security fact from security fiction
With malware a constant threat across the internet – it’s projected to cost the world six trillion dollars annually by 2021, according to Steve Morgan of the Cybersecurity Business Report – businesses need strong cybersecurity practices to keep networks and user’s devices secure from threats.
However, while there’s increasing awareness among businesses and end users of the threats they face, and what can be done to defend against them, there are still plenty of misconceptions around cybersecurity – and here are six in particular that need to be debunked.
1. A firewall keeps the network secure
A firewall is the technology used to keep an internal network secure, and keep unauthorized users off a network, while allowing data transfer to and from the internet. There are two types of firewalls: hardware and software. In a typical home network setup the router is the hardware device, while a PC running Windows contains an integrated software firewall.
While this typical setup sounds like it should be pretty secure, this isn’t necessarily the case. It doesn’t help that most users don’t even install firmware upgrades for their router that contain the security patches that manufacturers put out.
2. Antivirus software is enough
Just as getting your flu shot annually doesn’t protect you from many other viruses, including the common cold, so just running a single antivirus software program is not enough to protect you from the myriad malware threats out there.
Most antivirus programs do a decent job of protecting against computer viruses, but can be hit and miss when it comes to the multiple other types of malware, including adware, Trojans, spyware, browser hijackers, worms, rootkits, backdoors, keyloggers and ransomware. Microsoft includes Windows Defender integrated into its OS, and while historically it wasn’t the best solution, these days it has improved quite a bit when it comes to dealing with viruses.
However, Defender still needs to be supplemented with an additional antivirus program, as well as an antimalware program. Choose one to constantly monitor things in the background, and run the others at a regular interval, say once a week.
3. Hacking is only for experts
The proverbial ‘computer hacker’ is the evil computer-coding genius – an individual so smart that they can pit their wits against security services and governments. In the popular imagination they can be found either in their underground lair, or skulking in a coffee shop wearing a hoodie.
4. Passwords are adequate security
Passwords remain a cornerstone of internet security, keeping accounts safe from all types of attacks. However, they get compromised quite often, including by advertisers that grab data even from an online browser’s integrated password manager. The insecurity of passwords has even spawned a website where users can check if their credentials have been hacked, and are appearing in online databases.
5. A VPN makes you completely anonymous
A method frequently turned to for privacy and security online is to run internet traffic through a VPN. The idea is that, by encrypting all the traffic leaving their LAN and going to the internet until it’s decrypted at the VPN’s server, the user will be anonymous, and therefore immune from hacking. However, Cisco has recently issued an alert about a VPN bug that affects their popular Adaptive Security Appliance software, and which can allow a hacker to reset the system, and even take full control of it.
While a VPN encryption tunnel can help in certain situations, such as getting around a geolocation restriction to watch a video, and browsing over a public wireless network to avoid a Wi-Fi packet sniffing attack, this hardly makes the user anonymous, or immune to other types of security compromises.
Remember that a VPN can also be compromised, either via an IP leak or via a DNS leak. In addition, a VPN’s data can be subject to mass decryption from government servers.
6. HTTPS is always secure
HTTP is the Hyper Text Transfer Protocol, the method by which data is transmitted between the internet and your browser. A variant of this is HTTPS, which stands for Hyper Text Transfer Protocol Secure, which means data is encryption while it’s being transmitted. Websites that support HTTPS are typically banking or other finance-related sites, online stores and others that would benefit from enhanced security.
While HTTPS is generally preferred to its unencrypted counterpart, it’s by no means fully secure. In fact, several years back the ‘Logjam’ vulnerability was described, which according to TechRadar’s Jamie Hinks “lets eavesdroppers view data passing over encrypted connections and then modify it to successfully perform man-in-the-middle attacks”.
7th March 2018