Grizzled IT industry veterans have heard it all when it comes to crackpot ideas about personal and business network security. Unfortunately, these IT security myths sometimes end up biting an unsuspecting user in the rear and cause headaches for IT techs. We debunk some of the most pervasive and factually incorrect myths about IT security.
Myth: Macs don’t get malware
Many uninformed Apple users have a false sense of IT security, viewing their chosen operating system through a rose-colored lens. In the past, Macs had skirted many viruses and malware that affected Windows PCs because black hat developers saw little incentive for developing for such a niche platform. But with so many more Mac computers being used now, malware is quickly catching up.
2015 has been a record year for Mac malware according to a report by Bit9 + Carbon Black. The numbers showed that five times more OS X malware popped up in 2015 than in the previous five years combined. Do you still feel safe not running an anti-virus on your new MacBook?
Myth: A strict browsing policy keeps you safe
This is a myth that underestimates the will and reach of malware developers. Common wisdom dictates that not browsing questionable adult, piracy, and other sites will help you avoid malware. Unfortunately, that alone does not guarantee your browsing is absolutely safe.
Malicious code can be served on perfectly normal websites without the knowledge of the website owner or operators. How exactly? Well, your average webpage can use multiple scripts and plugins supplied by third party companies. These scripts and plugins can be subject to hacks and modified to run malicious code. In fact, popular plugin Adobe Flash is a popular attack vector favored by cybercriminals. Steve Jobs himself stated that Adobe Flash was too insecure to be supported on the iPhone.
Myth: Passwords alone are enough
If you think an eight to 16 character password is enough to keep your sensitive data secure, you’re wrong. In fact, most people choose only the flimsiest of passwords—hunter2, anyone?—and special characters only help a little. Wired writer Matt Honan thinks that passwords have overstayed their welcome though a suitable replacement has yet to be found.
Looking towards the future, we have upcoming technologies such as brain wave scanning to add biometrics into the mix. For the here and now, start using two-factor authentication where you can. What is two-factor authentication? First, a person must enter his or her password followed by a time-sensitive code generated from an app on their smartphone or other device. For example, Google offers a 2-step verification process that you can add to your Google services.
Myth: You don’t have anything of value to steal
Whether the target is a large enterprise, small business, or individual person, there is always something of value to a black hat. Even if the computer doesn’t have sensitive financial or customer information stored on it locally, it still does have value for attackers. It can be used as an entry point into whatever company network it is a part of and help attackers gain access to more valuable targets.
Another compelling reason is that it can be used as a part of a botnet or zombie army. A botnet army is a network of unknowingly infected computers following the commands of a central server. Imagine the PC being used as part of a massive distributed denial-of-service (DDoS) attack. This not only harms the target of the DDoS attack, but it also occupies your computing and network resources.
Myth: Not implementing BYOD will ensure security
Bring-Your-Own-Device (BYOD) may seem like a four-letter word for IT luddites concerned about security, but it needn’t be one. Sensitive company data will be accessed via personal mobile devices whether or not your systems were designed to support them. It can be as innocuous as an employee logging into their business e-mail inbox from a personal smartphone. It’s better to support BYOD and increase security to match rather than not support BYOD or improve security.