Cybersecurity is a hot topic and it seems everyone has an opinion on best practices – whether they apply to personal or professional use. From password tips (random characters vs. passphrases, the frequency of updates) to VPN use, when to use two-factor authentication and more, it can seem impossible to practically work or live with the sheer number of cumulative security recommendations.
But when it comes down to it, good security should enable business, not prevent it. But with the constant deluge of well-meaning advice, we’ve noticed that sometimes people push back with some counterintuitive advice. And we get it, sometimes overzealous, poorly implemented security measures can be frustrating. But still, we wonder how bad things were for people to think it was a good idea to spout the following:
You Don’t Need to Update your Software
It’s generally a good idea to update software frequently for performance and security updates – in fact, many of the updates constantly rolling out are security patches. This is especially important for mobile devices, where users often disable automatic updates (we get it, Canadian data plans are expensive!). This is one time when the maxim “if it ain’t broke, don’t fix it” should be thrown out the window.
Why? Out of date apps are a prime point of entry for malware, viruses and direct hacks – consider the recent WhatsApp hack where spyware was able to be installed even if the user didn’t answer the call, click any links, or otherwise provide any of the human interaction commonly required to trigger malicious activity.
While there have been concerns about rushed updates breaking functionality (Windows 10, we’re looking at you), it’s in your best interest not to put off software updates longer than necessary. The fact is, many data breaches and cyberthreats count on the fact that users continue to use, and run, outdated software that has known vulnerabilities.
Encryption is only for Governments and Spy Agencies
For many people, the idea of encrypted data brings up thoughts of Turing machines and The Matrix, something incredibly advanced, complicated, and out of their league. But in reality, encryption is an attainable measure that helps safeguard your data by making it much, much harder for anyone other than you to actually access and read.
This is especially important if you’re an organization that is entrusted with sensitive client data. Or employee data. Or trade secrets. Or financial information. Or, anything that you don’t want outside eyes seeing.
With the rise of cloud computing, this kind of sensitive information is available through more connections than ever, which means it makes more sense than ever to have some encryption measures – and encrypted backups – in place should the worst happen.
You’re Not At Risk
Often the big data breaches are what make the news, so SMBs often think they’re small fish – but as recent studies have discovered, almost half of all cyberattacks target businesses with fewer than 250 employees. And these are not necessarily targeted attacks – automated malware and phishing attempts are released into the wild indiscriminately, and will take what they can: after all, it’s a game of numbers.
In some cases, organizations are exposed though the vulnerabilities of others – clients, vendors or partners that have network access.
It can be challenging for organizations to stay on top of security, especially when they lack dedicated experts or don’t have the experience and knowledge of today’s threats and security tools – and the sheer volume of activity can be overwhelming.
It’s why many businesses are turning to dedicated Managed IT Service Providers to provide constant security monitoring and countermeasures to keep their data and networks safe. If you’d like to learn more about how you can implement transparent security measures that won’t bog down your systems or frustrate your users, we can help!
With over 19 years in business serving the Greater Toronto Area, Discovernet has helped companies secure 2771 devices, for over 220 clients world-wide, while providing direction and strategic advice regarding data backup and business continuity planning. Cybersecurity is one (albeit an important) part of the expert IT services we offer.