Busting 7 common cybersecurity myths

1: I never browse anything inappropriate, so I’m not at any risk.

It's a common misconception that you need to wander into the more illicit corners of the internet to put yourself at risk. However, cybercriminals have a variety of different tactics for malware delivery and data-theft:

• Email attacks: Using a strategy called phishing, hackers often send emails in which they pretend to be a legitimate organization, like a bank or payment service. They use social engineering to convince you that their emails are genuine, and urge you to click a link in the message. The link can then trigger a malware download.

• Wi-Fi spying: If you use public Wi-Fi, you’re putting yourself at risk. Hackers can create fake hotspots, masquerading as legitimate Wi-Fi providers (a nearby cafe, for example). Once you’ve logged on, they’ll be able to view all of your traffic and steal any personal information you disclose. Use a VPN to encrypt your traffic when using public Wi-Fi.

• Malvertising: Criminals sometimes create online adverts to lure victims into their traps; this is called malvertising. It might look like a normal banner add, but clicking on it could take you to a new page where malware can be quietly installed on your device. In recent years, these adverts have been smuggled onto reputable websites, including Spotify and The New York Times.

As long as you're connected to the internet, you could be at risk. That's why it's always best to take precautions.

2: I'm safe because I only use my smartphone.

Any device that has an operating system can be hacked. Be it your phone, laptop, router, or even your smart home system. Surprisingly, there are dozens of malicious apps that reside in the official app stores. You might think that you’re downloading a new game to your smartphone or installing a harmless photo editor, but you could be infecting your device with malware.

Hackers often use the success of famous apps, creating convincing copycats. These fake apps are designed to steal your personal information, credit card details, and passwords.

3: I use antivirus software, so I don’t need to worry.

It’s true that antivirus software protects your computer and smartphone from viruses. However, it’s not enough. Hackers always try to find new security flaws and antivirus can fail to recognize evolving threats. And antivirus won't protect you from subtler manipulations; many hackers, instead of using viruses, will try to trick you into volunteering private information and passwords.

Let’s say you're searching for a new pair of sneakers. You find a nice deal online with a recognisable retailer, and continue to the payment page. A hacker could have actually built a fake website that looks exactly like the original, just to steal your sensitive data.

These scams are more common than you might think. You have to be cautious when shopping online, using banking services, and making payments. If you’re not being careful, antivirus protection will only go so far.

4: It’s only a work laptop; I don’t keep anything important on there.

75% of corporate data breaches happen because of a careless company insider. If one person falls victim to a hacker’s ploy, they could expose the whole company’s network.

There are several ways in which a work laptop hack could endanger the whole organization:

• Spreading malware. If the hacker can access your work email, they can send infected links to other employees. In this way, they can spread malware and hack other devices where more sensitive data could be stored.

• Grand Theft Autofill. Your laptop may have a number of browser passwords saved, ready to autofill. Saved passwords make life easier — for you and the hacker. Taking advantage of that, a criminal could use your device as a backdoor into private databases elsewhere in the network.

• Gone Phishing. Perhaps your email is still secure, even after the hack. Many companies now use internal messaging services, and employees usually stay logged in on these apps. The criminal who’s broken into your laptop could use such a service to ask your coworkers for password information or privileges, operating under your name.

Imagine if a company is storing the data of millions of customers. Credit card details, names, purchase histories, emails, home addresses, phone numbers — this information would be highly valued on the dark web. If this data is leaked, it could put all those people in danger and destroy your company’s reputation.

The average cost of a data breach for a company is $3.86 million, and depending on the size of an organization, that number could be even higher. As many people work from home now, it’s important to use a VPN and protect your digital identity, for your own sake and that of your employer.

5: I know my computer and would notice if it had a virus.

Some viruses can reside on a computer for months before a user unwittingly activates them, while others start doing their work in the background immediately. Modern viruses are hard to notice: your system might be running smoothly and everything could seem fine…until it’s too late.

If you have downloaded a virus by accident, it might take only a couple minutes to scrape your personal details. Imagine what it can do if left to its own devices for days, or even months.

6: I have nothing to hide. Why should I protect myself?

You probably wouldn’t hand your online banking and social media passwords to a stranger. Since much of our lives revolve around digital services, every account you have increases the chances of getting hacked.

For example, almost everyone would be impacted negatively by a ransomware attack. Hackers can infect you with a special piece of malware which allows them to encrypt your hard drive, essentially locking you out of your files and your system. Unless you pay the ransom money, you won’t be able to access your computer anymore. And even if you pay, you can never be sure that perpetrators will release your files from captivity.

In 2017, a ransomware called WannaCry infected more than 200,000 computers across 150 countries and demanded users to make payments in Bitcoin. As of this day, WannaCry is still active and spreading.

7: A strong password is all I need.

A strong password is important, but the odds of you coming up with a suitably secure one on your own are slim. Hackers use credential stuffing software to cycle through all the words in the dictionary, along with common numerical sequences, until one matches your password. It could take milliseconds to crack simple combinations like “iloveyou” or “123456”, and hours or even days to crack something more complex. However, even a strong password alone is not enough.

We recommend using two-factor authentication (also known as 2FA) as an extra layer of security. After typing your password, you would also have to authenticate yourself via a separate app, SMS, or token. Even if wrongdoers have stolen your password, they won’t be able to bypass the 2FA.

Get ahead of the hackers

With a VPN enabled, your device can be protected from Wi-Fi spying and man-in-the-middle attacks. Combined with some common-sense and a security-first approach, this technology goes a long way to lowering the risks that everyone now faces online.

NordVPN enhances privacy and security, allowing you to combat hackers preemptively. It redirects your traffic through an encrypted tunnel, and ensures that your data is for your eyes only.

Read the original blog post on NordVPN.