Fact or fiction? Busting common myths around cybersecurity

Published on March 26th, 2024

Whether it’s a missing princess or a mysterious monolith, we live in a world of wild theories and unreliable discourse. The dangers of “fake news” are well documented, but misinformation isn’t just a problem in the public arena.

Lately, it seems that everyone has an opinion on what it means to be cyber ready. Some of these opinions are well-researched and reliable, but others are shaky to say the least. Following the wrong guidance can be fatal, so it’s important to separate the fact from the fiction.

At Nebula, we pride ourselves on giving straightforward advice that you can trust. Here’s a look at some of the most common beliefs around cyber readiness, and whether or not they pass the Nebula truth test.

Only big businesses are at risk from cyberattacks

Fact or Fiction? FICTION

There’s a common misconception that hackers only target large businesses. While the headlines might focus on data breaches at big-name companies like Boots and British Airways, these attacks are the tip of the iceberg.

The reality is that companies of all sizes are at risk of cyber crime. One in ten small businesses were targeted by hackers in 2023, with the average attack costing £870. This might not sound like a lot, but for a small business operating on tight margins these losses can be devastating.

The sad truth is that small businesses are often seen as an easy target. Many are short-staffed and financially stretched, causing cybersecurity to take a backseat to other concerns. This is understandable, but some things are too important to ignore. At the very least, every small business should have the latest antivirus software installed and make sure that every staff member is trained to spot the most common security threats.

External hackers are the only threat to company data

Fact or fiction? FICTION

As the recent leaking of royal medical records proved, not all data breaches come from the outside. In 2022, 10% of companies experienced a deliberate breach by a former or current employee. Last year, this rose to 20%.

The best way to avoid this situation is to set strict limits on the data that employees can access. You can do this by implementing hierarchical access control when the software permits. This organises data by sensitivity, allowing only employees with a higher security clearance to access the more sensitive areas.

It’s also important to consider data security when an employee leaves your business. Make sure that all access permissions are revoked and that the employee’s user account is deleted immediately. If the employee has taken work devices home, make sure that these are returned as soon as possible.

Antivirus software provides enough protection

Fact or fiction? FICTION

Antivirus software is your first line of defence, but it isn’t enough to guarantee safety. There are many other areas of cybersecurity that businesses need to focus on to achieve cyber readiness. These include:

· Staff training – Making sure that employees are able to recognise phishing emails and know the correct procedures for reporting suspicious activity.

· Software patches – Regularly updating software to ensure that there are no easy access points for hackers.

· Password integrity – Ensuring that employees use non-guessable passwords and employ multi-factor authentication when logging into sensitive areas. · Disaster recovery – Having a clear strategy in place to limit the damage in the event of a breach, and to resume operations as quickly as possible.

I need the Cyber Essentials accreditation to bid for sensitive supply chain work

Fact or Fiction? FACT

With cybercrime on the rise, businesses are growing increasingly cautious about the companies they include in their supply chain. Proving your cyber readiness will allow you to bid for more lucrative contracts, and the best way to do this is by achieving the Cyber Essentials accreditation.

Cyber Essentials is a government-backed scheme designed to give businesses a firm grounding in cybersecurity. There are two levels of accreditation:

· Cyber Essentials – This is a self-assessment, teaching you how to prevent the most common types of cyber attack.

· Cyber Essentials Plus – This teaches you the same lessons, but also involves an external technical audit.

Nebula will ensure you are cyber ready

At Nebula, we don’t believe in doing things by halves. That’s why we can get you cyber ready in a variety of ways – from gaining Cyber Essentials to staff training to a managed SOC solution. Give us a call to find out more about what your business could be missing and how we can help, or head to our Cyber Advice page to see our packages.