These ten myths are ones that really need to go away.

Myth #1: A Good Virus Scanner Is All You Need

Virus scanners are often seen as the first and last line of defense, particularly for personal computers. While virus scanners are important, they suffer from a few weaknesses. Most of all, they are only as good as the threat database they are connected to.

The United States intelligence community estimates that commercial viral scanners can only find about 35% of the malware out there. Virus scanners also don’t protect you from social engineering (such as phishing).

Myth #2: If I have a Firewall up I’m Protected

Again, firewalls are important. Firewalls, especially “cloaking” firewalls that hide your device from casual eyes can help prevent a lot of attacks. However, they don’t protect you from the attacks you let in yourself, such as the aforementioned social engineering attacks or the classic trojans.

Also, many people don’t update their firewall software or their router’s firmware, meaning they only think they have a good firewall up…

Myth #3: Cyber-Crime is Basically Synonymous with Credit Card Fraud

Whilst a lot of cyber-crime is related to credit card or bank fraud, there are numerous other ways in which cyber criminals can compromise you. Ransomware and cryptojacking (essentially stealing computer power from you) are on the rise. Most hackers, though, are stealing your information to sell it.

While this can lead to credit card fraud, it’s just as likely to lead to you being targeted by advertisers. Other cyber criminals are engaged in corporate espionage.

Myth #4: Only Large Entities are Targeted

While cyber criminals would love to get hold of the vast amounts of information that are held by companies such as Experian, they absolutely will target small businesses and even individuals.

The amount and value of the data may be lower, but they are expecting to put out less effort due to the fact that many small businesses are not as well protected. Small businesses can also provide a backdoor into larger ones.

Myth #5: You Can Just Let IT Handle It

The largest risk to any business or individual is actually social engineering. While IT obviously plays a vital role in ensuring that your systems stay safe, you need to train everyone in the company, including yourself, on proper cyber hygiene techniques, how to avoid being phished and what to do if you find yourself a victim.

Myth #6: You Can Separate Digital from Physical Security

This is not true at so many levels, especially nowadays. The most obvious way in which they are linked is that a thief who gains physical access to your home and office may well simply be able to boot up your computer and get into all of your accounts.

On top of that, the Internet of Things (IoT) means that a hacker can, for example, take control of your security system through the same methods it uses to communicate to the police and turn it off. Hackers have even threatened utility infrastructure in some places.

Myth #7: The Best Way to Protect Extremely Sensitive Data is an Air Gap

Air gaps – where networks are not physically connected to the internet and data is transferred entirely by human agency might seem to be a good way to reduce risk. In fact, it can increase vulnerability. Often getting across an air gap requires using physical copies of data. These can easily be copied or removed.

Air-gapped networks are harder to monitor. Any kind of “inside job” can get past an air gap very quickly. It’s worth remembering that inside jobs are common in cybersecurity breaches.

Myth #8: Passwords are Good Enough

For typical users, a strong password may be enough protection. However, two-factor authentication, especially if it includes biometrics, is much stronger. You may have to balance security and convenience (for example, two-factor authentication that sends an SMS message can mean you are locked out of everything if you can’t get any “bars”), but in most cases, two-factor authentication provides much higher protection than a password.

Additionally, passphrases are stronger than traditional passwords and can be easier to remember.

weak passwords

People know the dangers of weak passwords, but create and use them anyway

Myth #9: It’s Easy to Tell if Your Computer is Infected

Many modern malware attacks rely on the victim not even noticing they have been compromised. This blog post helps give some of the signs that you may have an infected device.

It can be very hard to tell, which makes regular scans important. While in the past, weird pop-ups and odd behavior were common with malware infections, now you need to watch for more subtle signs, such as a faster draining battery or ads showing up on a site that never had them before.

Myth #10: It’s Safe to Use Public WiFi If It Has a Password

While a password makes public WiFi a little safer, it’s primary use is in making sure you’re connected to the right network. Many hotels and other providers use weak passwords (such as, literally, “hotel” or “wi-fi”) and change them only infrequently. Public wi-fi should always be considered unsafe. Use a VPN if possible and do only low-security activities. Avoid financial transactions on public Wi-Fi as much as possible.

The biggest myth of all is the fact that you can achieve complete cybersecurity. In fact, it’s always an ongoing process and you need to keep up on your software updates and your training. Practicing proper cyber hygiene and using a VPN (especially on public WiFi) can go a long way towards keeping you safe.

Get Surfshark for $1.99/mo

30-day money-back guarantee with every plan