Each day it seems that a new case of cybercrime has made its way to the forefront of the news, wreaking havoc on countless large enterprises, government organizations, and small businesses. This stems not only from poor cyber-protection measures, but also from many companies believing cybersecurity myths that give them a false sense of protection.
VIPRE Security has compiled three of the most popular myths that circulate amongst IT professionals that prevent organizations from being truly protected.
Myth 1: Your General Spam Filter is Enough
Countless IT professionals and business owners believe that the basic spam filter built into their email client is enough to protect their organization from phishing attacks, viruses, and other email-based threats. Traditional email security uses passive instead of active filtering to determine if an email is malicious or not. Passive filtering evaluates messages on pre-determined parameters, assessing if it has seen this format of message and/or attachment before. The message is not analyzed by itself and is only cleared on reputation alone. Hackers can utilize graymail (i.e. newsletters, promotional emails, etc.) launched from trusted email marketing platforms to easily pass link-based ransomware attacks through your email filter.
The better choice for businesses is to utilize an email security solution that uses active filtering in addition to the spam filtering of an email security client. Active filtering examines the message by itself looking for inconsistencies in both the message body and sender information from an extensive database and lexicon of file types and irregularities. Additionally, many solutions are starting to deploy attachment sandboxing, which is a virtual environment that will open attachments to see if they are malicious before releasing them to the message recipient.
Myth 2: Cybersecurity Must be Complex to be Effective
As cyberattack sophistication and destructive potential increases, it is no surprise that many MSPs seek out increasingly powerful and complex security products. Complexity within cybersecurity environments can significantly hinder efficiency and increases the difficulty of securing a network. As functionality gets added, administrative consoles become crowded with settings and commands which make it harder to properly configure the solution. A small change can sometimes require slogging through a half-dozen screens just to do something as basic as creating a file scan exception.
A security solution that emphasizes management simplicity not only saves time and effort, but it also greatly reduces risk of misconfiguring a solution’s settings. With researchers estimating that 99% of firewall breaches occur from misconfigured security products, it is imperative that simplicity be a key functionality factor when searching for security solutions.
MYTH 3: I’ve Installed Email and Endpoint Security, I’m Completely Safe
While hackers are the ones in the spotlight for most major attacks and breaches, it is the way they penetrated the networks that is most intriguing. Recent research by UK’s Information Commissioner’s Office has found that 4 out of the top 5 causes of data breaches are attributed to human error. Many major breaches, including the Equifax data breach of 2017, are due to the mistake of employees failing to follow proper security warnings and protocols. What could prevent human error from playing such a factor in breaches? One word really solves this problem….training.
Proper education and training for employees and individuals is essential in preventing malicious actors from penetrating an organization’s network. Teaching how to recognize penetration attempts, spot attacks, and how to respond in the event of one actually happening can possibly mean life or death for businesses of all sizes. LabCorp, the healthcare diagnostics firm, learned how important proper response protocols were when they were attacked by notorious ransomware group SamSam in July. It prevented the breach from having a bigger impact than they possibly could’ve imagined.
Conclusion
Myths about how to protect a network from cybercriminals will always circulate. What matters most is that MSPs and other IT professionals continue to educate themselves on how to best protect themselves and their organizations from the increasingly sophisticated threat landscape present in today’s environments.
Get the facts from VIPRE’s 2018 State of the Security in the Channel report in which over 500 independent technology solution providers were surveyed regarding critical security trends relating to IT budgets, customers, strategies, and service offerings.
Kevin Raske is a marketing specialist at VIPRE Security and parent company J2 Global. Read more VIPRE Security blogs here.