Cyber-security is a major threat to every business today. This reality is amplified by our increasingly inter-connected world which makes dependence on digital services an absolute necessity. Despite the increasing global spend on cyber-security, cyber criminals are still having a field day.
In this piece, the Research/Development Unit of Yudala – Nigeria’s fastest growing e-commerce outfit – dissects the myths that prevent businesses and other individuals from taking effective measures to counter imminent cyber-security threats, with attendant huge losses and costs.
1.Strong passwords keep me protected
This is one of the myths that often leads to a hacking breach. While strong passwords are good, they are more effective when combined with other measures such as a two-factor authentication. This provides a second layer of security for your account(s). Furthermore, strong passwords may expose the user to self-imposed dangers. When passwords become difficult to remember or too complicated, the user may have no choice than to change them too frequently. As a result, you may be forced to write these passwords down since you can no longer memorize them, thereby opening the door to unauthorized access to your account.
2.My small business is not a target. Only big businesses are at risk
If you think that small businesses are not at risk of cyber-attacks, then think again. According to a recent report by Radware, 98% of organizations experienced cyberattacks in 2016. Small and mid-sized companies with less than 250 employees were the target of a reported 31% of these attacks. Organizations on the lower end of the scale are much more attractive to hackers as it is widely believed that less is being done by these companies to protect their sensitive data. This has manifested in an increasingly popular mode of attack known as Ransomware, where attackers encrypt data taken from the victim and in return for decrypting the data, they ask for an acceptable amount from the victim as ransom. These victims include individuals, small or medium-sized enterprises (SMEs) and large corporates.
3.The website is HTTPS, so I am secure from attacks
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. While it secures your website at a minimal level, it is important to note that HTTPS does not prevent the hacking of a website, server, or a network. By diminishing Distributed Denial of Services (DDOS) attacks, hackers can force their way into your access controls exposing a website’s availability. Hence, every activity you carry out online must be done with this knowledge at the back of your mind.
4.Hackers will find nothing worth stealing
Many individuals and small business owners have this mind-set when confronted with news of the global effects of cyber-security. This myth or mind-set is, however, debunked by the potentially costly effects of enduring a breach, whether on a personal or corporate level. On a personal level, every individual has sensitive personal data that we would not wish to fall into the wrong hands. Pictures, video files or other personal information could expose us to grave danger or loss when unauthorized persons gain access to them. And on the corporate level, several small business owners who feel they have nothing worth stealing have had their fingers burned.
Research from Kaspersky Lab notes that a single cyber security incident now costs small and medium businesses (SMBs) an average of $86 500 per incident, mainly through loss of data. This data ranges from information about clients, customer details, bank details or access to your customers’ systems through e-commerce links or via email.
5.My computer is at risk only when I connect to a network or the internet
In addition to external attacks launched when a device is connected online, internal threats are also a major source of hacks or data breach. Users working inside your firewall with laptops, tablets, USB drives and other removable media that have been exposed to malware represent one of the most common access points for hackers. It is therefore, not surprising that many cyber-security specialists see the USB drive as the biggest hazard to cyber security. One out of every 8 attacks on computers these days, is believed to enter via USB devices.
6.Firewalls and network security are in place. I can go to sleep
For hackers, the art of circumventing a firewall is not an alien skill. Most hackers find it easy to disrupt codes or capitalize on loop-holes to gain access to your system, so the existence of a firewall is not a sure-fire guarantee of security. While it is clear that most cyber security threats are avoidable, your organization can not rely solely on firewalls for protection. Research also shows that, despite the huge outlay on network security, cyber-attacks are more severe at the application layer of your system infrastructure as network security does not often pose much resistance to cyber- bandits.
7.Security is assured since my website is externally hosted
Web hosting providers abound in their numbers. The likes of HostGator, Blue Host, Web.com, GoDaddy, DreamHost, InMotion and eHost, among others, have thousands of websites on their client list. As a result, effectively monitoring each site may be a herculean task. A significant majority of all external attacks occur as a result of poorly administered, misconfigured or inadequately managed systems. These loop-holes are easy for any eagle-eyed hacker to take advantage of. Hence, while a host is guaranteed to provide server level security; the major responsibility for managing the security of your website resides with you, the site owner.