Misinformation: We all hear about it so much on the news these days that many of us don’t know what to believe. COVID is one thing – IT services and Cybersecurity is another. Some misconceptions are so ingrained among both business owners and consumers that they operate under a false sense of security. It’s time to dispel the misinformation and set the record straight.

There is no ‘Status Quo’ for the Cybersecurity threat landscape – it is an ever-changing ocean, where waves crash onto different shores with varying degrees of severity, and while your view of the swells out on the water look the same every day, they are never identical to any previous seascape.

It is your IT support or Managed IT Services provider that skippers your network through these often unpredictable waters, and an experienced, steady hand is needed at all times. They know which information is reliable and true, and what are misconceptions.

As a business owner or administrator, you cannot afford to become complacent in false beliefs. Doing so guarantees an inadequate approach to network risk reduction strategies.

The following are the Top 5 misconceptions or ‘fake news’ about Cybersecurity, which can be very dangerous if taken as fact:

1) “We’re too small for cyber criminals to go after.”
This is the most damaging and insidious false belief any business owner can entertain, and is absolutely untrue. Cyber is like ‘Goldilocks & the Three Bears’. One business (or chair or bed in the story) is too big or too small for one crook, but just right for another.

The big, splashy ransomware attacks – like the Colonial Pipeline are committed by a relatively small handful of elite criminals. The lowest echelon are quick smart phone scams for at most a couple of  hundred bucks here and there, committed by rank and file, unsophisticated hackers.

The VAST MAJORITY (over 80%) of all cyber-attacks – mostly Ransomware are leveled at Small and Mid-size Businesses (SMBs). The Colonial Pipeline can weather paying a 7 million dollar ransom much better than most businesses with 10 employees can handle a 1 or 2 hundred thousand dollar ransom.

2) “Our Cybersecurity is bulletproof because we’ve never been attacked.”
Another dangerous belief. At IT Support LA, we stay a step ahead of evolving malware and phishing schemes, but we still say “It’s not a matter of IF, but of WHEN’.

As you are reading this, criminals are developing new methods of network intrusion – it never stops. That, and the more time that goes by, the closer they get to finding you.

Right now – TODAY – you may have the most up-to-date cyber defenses available, but one wrong click by an employee on a link or attachment in a phishing email opens the door for malware to infect your system. With Ransomware, it is generally within a minute or two that the screen locks up, your data is encrypted and unavailable to you and a random in cryptocurrency is demanded in exchange for a decryption key code. Bear in mind, that 40% of companies that pay the ransom NEVER get the decryption key.

3) “We don’t worry – we use strong passwords.”
That depends on what you think ‘strong’ means. I can’t count the times that we have ‘onboarded’ a new client to discover passwords like ‘password’ (seriously) or ‘12345’ – the really clever ones turn it around to ‘54321’ (lol – they’ll never figure THAT out!). No… they will, and quickly. Check out our tips for ‘Creating Strong Passwords’.

After creating stronger passwords, multi-factor authentication should be used for access to your network. This comes in the forms of questions – the first was probably, “What’s your mother’s maiden name?” The Q & A here needs to be better than that – and not based on information that can easily be found on your social media – “What’s your pet’s name?” is useless if the ‘information gatherers’ – those who do the research, crack the passwords and sell them to the real crooks – can look on your facebook and see photos captioned ‘Me and Professor McCuddles at the park’. Trust me – they are looking.

After that, retinal scans or thumbprints, even an employee ID card scan greatly improve your Cybersecurity.

4) “We’re compliant with industry regulations, so that should be enough.”
Regulations typically cover the bare minimum in security and are often narrow in scope – usually in place to ensure the safety of your client information and little more. Your business consists of a lot more than just that.

5) “IT support will take care of security.”
This is tricky, because good IT Support or even a Managed IT Services provider should always keep your cyber defenses up-to-date, but do you know that for a fact? IT services is an unregulated industry – any bum can open an ‘IT company’. We have come to the rescue of more than a few businesses whose ‘IT Guys’ were unknowledgeable morons.

Also, the fact that, according to PhishingBox, about 90% of all network breaches happen as a result of an employee falling for a phishing scam – Many surprising facts can be found HERE. Ongoing Security Awareness Training is a MUST for any business, and should be repeated every 4 – 6 months.

Frequently Asked Questions

Q: What exactly is phishing?

A: Phishing is a form of click-bait, but with bad intent. Malware is hidden behind links and attachments in emails from seemingly legitimate sources. They fool the end user into opening an attachment or clicking a link, and malware then flows freely into the system. Spear Phishing is more targeted – usually towards high level executives. Clients should be advised how to spot these as part of a greater ‘Cyber Security Dos & Don’ts’ training.

Q: What do Cybersecurity Services do?

A: In the most basic of terms, simple Cybersecurity guards against attacks in Cyberspace. This is only one part of standard IT support and services – generally not split into a separate category with a different vendor than an IT support company or Managed IT Services provider. Simply put, it consists of planning and implementation of security measures designed to give a network infrastructure the greatest degree of security against threats both external and internal, through the application of firewalls, anti-virus (AV), and encryption tools, among others. The security analyst is the member of an IT services team who will monitor the network for weakness, keep abreast of current trends and methodologies used by cyber criminals, educate both the rest of the IT support team and the clients on ‘Cyber Security Dos & Don’ts’, and carry out simulated attacks to test the defenses.

Q: What are Cyber Security threats?

A: A threat is any attempt by a cyber crook to breach a network. What the criminals seek is either money or data. Malware is the component of many of these attack styles – injecting itself into your system for a number of nefarious reasons. Data theft is where the crooks just copy the client’s data and steal it. It doesn’t disappear, so the client won’t know it was stolen – but the IT support and services company should. The FBI regularly publishes updates to the official government overview of the Threat-Matrix and recommended Best Practices. There are many forms of threats: The Federal Cybersecurity & Infrastructure Security Agency publishes ongoing updates on threats including Ransomware.

How secure is your network? It’s FREE to find out!

IT Support LA offers a FREE, no-risk network and security assessment to all companies in the Greater Los Angeles area with a minimum of 10- computers and 1 server. No strings, no obligation.
Just fill out the form on this page or call us at:
818-805-0909