5 Security "Truths" You Need to Stop Believing in
Cybersecurity is a serious thing, and it must be taken seriously by all, including security system builders, companies dealing with large amounts of personal data, and, of course, singular computer and web users. Of course, the virtual world is still somewhat of a mystery for most people, and they often treat it as a big black hole that exists somewhere far away and that is dark and scary. That is why there are plenty of virtual security myths that still exist today. Unfortunately, if you believe these myths, you might fail to protect yourself, your systems, and your personal data appropriately. In this report, we discuss the 5 most common virtual security myths that users continue to believe in today. Hopefully, by the time you are done reading, you will become wiser and be able to make appropriate security adjustments.
"Truth" #1: All scams are easily recognizable
If that is something you believe in, you might be overly confident. Sure, there are scams that you can spot from a mile away – especially if you have had some experience with scams in the past – but most are so clever and so intricate that even experienced users might be tricked.
Let’s say you are browsing the web, and you come across a flashy banner advertisement telling you something like this: "CLICK HERE TO REDEEM YOUR VOUCHER FOR FREE RAYBAN SUNGLASSES!" Hopefully, you recognize a scam right away. Keep in mind that nothing in this world is given for free; especially, not online. Whenever you are asked to click a suspicious link, enter personal data, or do anything else to redeem special prizes, vouchers, gift coupons, and similar online “gifts,” you need to turn away and run. While these kinds of scams are easy to spot and unveil, there are plenty of scams that do not look like scams per se. For example, schemers could send you an email that looks exactly like an email sent from your bank, Facebook, or another well-known platform, and this email might instruct you to reset your password for security reasons. The link inside the email could route you to a fake website that looks exactly like a legitimate login page of your bank, Facebook, or another platform, and you might be tricked into disclosing your login credentials! Check out this article to learn how to recognize scams.
"Truth" #2: Changing passwords frequently is a good practice
This is one of the trickiest security myths because it all pretty much depends on how frequently you change your passwords, as well as how you change them. For several years now, cybersecurity experts are warning people that changing passwords too often is not the best idea. Obviously, if you have not changed your Facebook password, for example, since the day you signed up, it might be a good idea to make a change. However, changing passwords every few weeks might not be the right move, unless you are constantly targeted by cyber criminals.
Whenever a data breach that affects passwords occurs, users MUST change passwords. There should be no question about that. Users should also change passwords when they discover suspicious activity from their accounts or if the service provider warns them about third parties attempting to access these accounts. It is also important that users assess all current passwords to determine whether or not they are strong and are able to stand strong against potential attackers. Obviously, if you determine that your passwords are weak, you should change them as soon as possible. That being said, you cannot just slap on any password. It has to be strong. We have more information about changing passwords periodically here.
"Truth" #3: Using one strong password is better than using many weak passwords
This might be one of the most common virtual security myths. Unfortunately, if you believe it, you might put your virtual security at risk. First of all, let's determine what a strong password is. It is a password that is long (aim for 12-14 characters, at least), contains symbols and numbers, and also has both lower and upper-case letters. Most important, your strong password has to be UNIQUE!
This should help you realize right away that reusing the same strong password is one of those security myths that you should never believe in. The thing with passwords is that, in many cases, it is not up to you whether or not it is breached. Sure, if your login password is password123, anyone could guess it, and cyber criminals could simply brute-force it. Hopefully, we do not need to explain to you how dangerous it is to use weak passwords. When it comes to strong passwords, they cannot be brute-forced that easily, but they could still be breached. For example, if Facebook leaks all user login information – and, let's be honest, this could happen – even the strongest password could be stolen and used to hijack your account. And what if that one strong password is used on multiple accounts? It is not a security myth that users are lazy, and cyber criminals know it. If you use one password for all of your accounts, all of them will be hijacked. This is why you MUST use unique strong passwords for every account. That is NOT a security myth.
"Truth" #4: Password-protected public WiFi can be trusted
Whether it is password-protected or not, public WiFi cannot be trusted. Period. Please continue reading here if you do not know what we are talking about.
"Truth" #5: Cyber criminals are not interested in you
This might be the most common virtual security myth out there. There is no doubt that many cyber criminals are targeting large organizations, international companies, and governments, but we hear about attacks on these large entities because they are most impactful. Of course, in most cases, they are most dangerous too because they can affect millions of people at once. You are definitely more likely to hear about a massive attack on a large social-networking platform after the data of millions of its users is leaked online. However, that does not mean that cyber criminals are always going after large companies.
In fact, schemers are usually most successful when they target vulnerable, uneducated and inexperienced people online. These include the elderly, the children, and uneducated employees of smaller companies. It is a total security myth that hackers and cyber criminals have no use for the data of normal people like you and I. In fact, your personal data is extremely valuable to them. Therefore, the next time you receive a strange email, face a strange ad/offer, or get a strange call, do not just assume that no one would try to scam you. You are the prime target, and it is your responsibility to bust cybersecurity myths and become more aware and more cautious about your virtual security online.