9 cyber security myths debunked

Gloucestershire businesses will find it almost impossible to escape from the emphasis on cyber security for their organisations, but how can they tell what's good advice and what isn’t?

By Andrew Merrell  |  Published
If you think your business has cyber security covered, doesn’t need to worry because it’s only small or because your IT department is so good, you may need to think again
If you think your business has cyber security covered, doesn’t need to worry because it’s only small or because your IT department is so good, you may need to think again…

A good understanding of cyber security has become one of the ‘must haves’ for all businesses - but when it comes to advice, how can Gloucestershire businesses separate the ‘must-dos’ from the myths?

As part of SoGlos’s #CyberGlos campaign, which celebrates the considerable expertise of the cyber sector in Gloucestershire and supports the county’s business community, we consulted the experts on common cyber myths - and what businesses need to do to overcome them. 

Small or medium-sized businesses are not the targets of cyber criminals

‘We are too small… nobody would be interested in what we do’ is a common refrain from many small and medium sized firms when asked about their cyber security.

Experts will tell you quite the opposite. Smaller businesses often lack the sophisticated software or security team of big firms, making them an easier target for cyber criminals.

We have strong enough passwords already

If you think your business has strong enough passwords and these alone will deter cyber criminals, think again. Experts now advise on ensuring you have two-factor authentication. That means a password and a second ‘identifier’.

Likewise, a single password is not enough to keep a WiFi network secure. Good security is the sum of its parts. At a minimum, staff should use virtual private networks (VPNs) to secure their connections.

We have never been attacked before

If you presume because your business has never been attacked, it is because your security is so good - it's more likely that you've just been lucky, so far.

Cyber attacks are becoming more and more sophisticated, meaning businesses must develop a strategy that allows them to react quickly to a security incident, mitigate any damage before it becomes significant and learn.

We meet all the industry regulations

While keeping up with industry regulations is a must - for your reputation and your security - you shouldn't benchmark yourself against them as a measure of how good your security is.

They often only make up the bare minimum your business should be doing. Carefully consider whether regulations cover the scope of your data and critical systems.

It is our IT department’s responsibility

Don’t put all the responsibility for your business’s cyber security on your IT department.

While the IT department will have the lion’s share of the responsibility, everyone in a business should play their part – not just to detect and deter, but to report any suspected breaches too.

We only need to worry about keeping internet-facing applications secure

Securing internet-facing applications is a must, but they should not be the only focus for your business.

If one of your staff uses a flash drive which contains hidden malware, or plugs in a phone or laptop usually used for personal use, your organisation could face threats. Having a multi-layered approach to security and educating staff is all important. 

Our security provider has it under control

As good as you might think your third-party security provider is, they are not on their own.

It is crucial that every business seeks to understand the security risks, develop policies and practices to keep it safe, implement them and review them regularly.

Our anti-virus and anti-malware software will protect us

If you don't have anti-virus and anti-malware software installed already, then you should get some straight away - but don't rely on that alone to keep your business safe. It won't protect your IT from every cyber risk.

A comprehensive cyber security plan must also include response plans and employee training – and this must be ongoing, with risks changing all the time. 

We've got it covered and are completely safe

Achieving good cyber security is an ongoing process. Just as criminals are developing their methods of attacking your business, so you must continue to adapt, learn and refresh what you do.

Continuously monitor, conduct internal audits, train, review security policies and embed best-practice into your key business processes. Make this part of your company’s culture. It will make your business, your customers and your suppliers safer.

More on CyberGlos

More from Business