🔒 Security Myths Showdown: Debunk, Discuss, and Win! 🔓

For me, there are basically 3 cybersecurity myths that I have heard of.

1. Strong passwords are enough. 
2. Backups do not form part of my Cyber Security strategy.
3. Last, but definitely NOT the least, this is all a money-making scheme scaring people to pay more money to the service providers to support them. 

We all know that no matter how “strong” your password is, there is always a way around them. a decent MFA to add to that is the way to go. 

Backups is the goal-keeper in your cyber security football team. We always have to think of the absolute worst case scenario. Here in South Africa, we hardly ever get any natural disasters. As such, DRaaS, a 3-2-1 backup rule was hardly ever a topic of discussion, until the riots took place and companies were burned down and many could not recover, and had to close the doors of their businesses. 

Many people may think this way, but when we, as industry professionals, learn to turn nerd speak into normal speak, and give real-life examples, many customers will never see the true value of how false the statement really is. We all pay insurance for what we deem important in our lives, yet the “piece of tin (and yes, a few circuit boards and capacitors etc. added to it)” containing the most valuable asset that any company possess (being your data) is neglected. The fine line between faith and foolishness if you ask me. 

So let me bust the myth on all the above, and many others out there, of we do not become smart, and think of those areas which is most critical to protect and do everything we possibly can to do so, this will be the future. 

A myth that I hear a lot in the computer repair space is that Macs are inherently more secure than Windows PCs.

While it is true that Macs are less likely to be targeted by malware compared to Windows PCs, this is not because they are more secure, but rather because they have a smaller market share. Because Windows PCs are more prevalent and used by a larger number of people, they are a more attractive target for cybercriminals. I see many Macs that come into our repair center that are infected with malware, and of course they are all susceptible to scam attacks.

I’ve heard it’s becoming the same for Linux now. I haven’t witnessed it or looked much into it, so I can’t verify it.

@Martin.1 already touched on this. But there is a persistent myth that you don’t need backups if your data is in the cloud.

File versioning only provides so much protection and data backups are vulnerable if an account is compromised. A 3rd party backup solution is absolutely necessary to provide insurance and protection of your company data.

Another myth is: “We’re not a big enough company for someone to hack us.”

False: The question isn’t how important is your data, but how important is your data to YOU. What happens to your business if your data is encrypted and ransomed? Which circles us back to backups. Those are important.

Building on MFA and strong Passwords

We have MFA and a strong password policy, we are good to go and protected.  

False:  We need to take the time to properly train end users on Phishing attempts.  We can lock down the hard vectors perfectly and the soft vectors (people) can still cause a leak.  All it takes is one person clicking on a bad link and the intrusion has begun.  

One of the most serious and damaging cybersecurity myths is that "hackers only target big companies or high-value targets, so small businesses or individuals don't need to worry about cybersecurity." This is a dangerous myth that can lead small businesses and individuals to believe that they are not at risk, which can leave them vulnerable to cyber threats.

In reality, cybercriminals often target small businesses and individuals precisely because they are perceived as easier targets with weaker security measures. Small businesses and individuals may have fewer resources to invest in cybersecurity, making them more susceptible to attacks such as phishing, malware, and ransomware.

Moreover, even if a small business or individual is not directly targeted by cybercriminals, they can still fall victim to data breaches that affect larger companies they do business with. For example, a data breach at a third-party vendor could expose the sensitive information of small businesses and individuals who use that vendor's services.

To debunk this myth, it is crucial to emphasize that cybersecurity is important for everyone, regardless of the size of their organization or their level of wealth. Small businesses and individuals should take steps to protect themselves and their sensitive information, such as implementing strong passwords, enabling multi-factor authentication, using anti-virus and anti-malware software, and staying vigilant against phishing attacks.

Moreover, small businesses should consider investing in cybersecurity solutions such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems. These solutions can help to detect and prevent cyber attacks before they cause serious damage.

Finally, it is important to recognize that cybersecurity is an ongoing process that requires continuous monitoring, evaluation, and improvement. Small businesses and individuals should regularly review and update their security measures to ensure that they remain effective and up-to-date.

In conclusion, the myth that "hackers only target big companies or high-value targets" is a dangerous one that can leave small businesses and individuals vulnerable to cyber threats. By taking cybersecurity seriously and implementing strong security measures, small businesses and individuals can protect themselves and their sensitive information from cybercriminals.

-------------------------------------------------------------------------------------------------------------------------------------------

From <https://chat.openai.com/chat> 3/30/2023; totally artificially generated, but totally non plagiarized; not my work, but I made this original composition using an AI tool - go figure that one out ?!?

I don't have a lot of experience with Linux Systems, but I would assume that the more that Linux is used the more likely it would be for it to be a target, especially Linux Servers.

Ironically enough, @kleinmat4103 I am currently dealing with a customer who picked up a trojan via a 3CX app they installed from God knows where. Wiped out their OneDrive completely…. and NO cloud-to-cloud backup in place…….  sad state of affairs.

@Martin.1. Sorry to hear you’re having to deal with that. An unfortunate reminder that this stuff isn’t just a money-making scheme. We’ve made M365 a major initiative for the year, so hopefully will be in a good spot with that soon.

How are you backing up cloud servers? We’ve been a long-time Datto customer (sorry Carbonite) and absolutely love them. But we are finding it difficult to justify the cost difference between that and Azure backups.

Sorry to hear that @Martin.1 

i let our network team know about the 3cx issue and I haven’t heard back that our clients have been effected. 

Same here @kleinmat4103 

Have some legacy Datto setups which the cost is now a struggle. But trying to get customers to move even if cheaper can be a challenge 

@kleinmat4103  Our company have “standardized” basically on 3 products at the moment. For Cloud servers we use Acronis. Needless to say, I have initiated a trial for Carbonite products to test with, and Stefan Schoen have been awesome in getting this process going for us.

No one ever query their insurance on their homes, cars and so on, yet indirectly backups is the “insurance” of your data protection. Pity it is always the last to be looked at right?

I have seen how Azure accounts also gets compromised, and regardless of “we have moved to the cloud using Azure / AWS / GC and so on” you still have to think of a decent data protection strategy, with one copy of all your business critical data hosted outside of the “platform” you use as an “offsite” backup for a lack of better words. 

Thanks! Yeah, there is a lot of value with having backups with a 3rd party. We will probably circle back to other options like Acronis and Carbonite just to see how they compare to Datto.

@Martin.1 for 3 excellent myths // @Rodney18  for my favorite myth of all time // @kcoss because yes you should MFA the shit outta everything // @kleinmat4103 for a very solid myth that I speak about regularly. YOU ALL WIN GIFT CARDS (will be delivered via PM next week)

@kenfry  I appreciate the honesty with ChatGPT (you could have totally just not included that bit and we’ve have had no idea). Thanks for your input I have sent you some SWAG 😀

@TheDoorkeeper - Yes, This is happening to linux now too as many of them are servers and valuable to compromise. Thanks for your input I have sent you some SWAG 😀