Top 10 Internet Security Myths Debunked [Updated]
A breakdown of the most common internet security myths.
What do we know about security?
Conflicting information and stories on online security are part of the internet culture.
Myths are strongly integrated in our general knowledge.
Their existence is so closely linked to our rational data and practical knowledge on staying safe online that it is difficult to say what is true and what is not.
This is partly linked to the huge amount of information available. We are drowning in an ocean of data, making it hard to discern between what’s legitimate and what’s not, who’s a real expert and who’s just pretending to be.
Another factor worth taken into consideration is the rush for views. Websites (especially media) depend on ads to make a profit, which is why they are in a permanent battle for readers.
This makes them experiment with any methods that might lead to a traffic increase, such as questionable content, clickbait headlines and images, exaggerating (or even inventing) potential dangers. Cats photos included.
Although so many excellent security blogs address online security and try to educate users, few people actually follow their advice.
Since it’s such a complex and confusing topic, it may be difficult to see beyond half truths.
The information available online is in a constant change in order to cover new interests. Therefore our security perspective must also keep up and do hard work in order to separate fact from fiction.
However, it’s more comfortable to listen to those exaggerations and misconceptions. Even though down deep we may know they are not true, we still accept them and spread as general knowledge.
And if we don’t cut the cord, these myths might end up affecting important people, such as ones in key management positions.
Knowing these general misconceptions about staying safe online will help us understand the real threats and how to stay safe from them.
Here are the most common security myths we need to know
Myth #1: This can’t happen to me, only important or rich people are targeted.
Boy, if I had a nickel for every time I heard that!
This security myth is named by many security experts security through obscurity.
In other words, it is considered that the internet is such a big place that no one cares about you. And even if someone would try to attack your system, there wouldn’t be too much valuable data to be stolen.
In most cases, the users who embraces this kind of thinking don’t actually want to lose time addressing their system vulnerabilities.
Such wishful thinking often ends with the experience of a cyber attack.
This happens because it’s not about how important you are. It’s nothing personal.
Cyber criminals use automated tools to exploit your system’s vulnerabilities.
And they’ll take anything they can get, from your personal information to your internet-connected system. Yes, even that’s a valuable asset, since they can use it for further malicious actions.
So even if you think that you’re not important or that your personal or financial data is insignificant, a potential identity theft or IT criminal can still exploit the little information discovered about you.
They can relate it to other information taken from multiple sources (hello, social networks) and have a complete picture.
Why risk when there are so many protection mechanisms and tools – some even free – that will keep you safe?
So stop thinking that nobody will attack you and that you’re safe. As long as you have a digital identity, you’re a valuable target.
Myth #2: If I install this security application I’ll be fine.
You can also call this security myth the search for the magic bullet that can solve all your system security.
Users that pay for a security program expect that their system is now bulletproof, just because they installed the purchased program.
This myth represents a false image that was created by the marketing departments.
The PR, marketing or sales people will tell you anything about their product, just to reach their sales target. They’ll create the impression that everything is taken care of just by installing that single program.
The truth is, no security solution is bulletproof. Anyone trying to convince you otherwise is lying.
Putting your trust into one security program that’s supposed to cover your system, your online actions, keep you safe against data and financial stealing malware and other non-traditional attack vectors means that you place too much trust in a single line of defense.
What you need is to think about your system the same way you would imagine a fortress: the treasure in the middle and all the defense walls around it, to keep the enemies at bay.
One by one, you need to build those security walls. Don’t place your trust into a single one.
And more than anything, you need to stay up to date with your security level. Educate yourself and reject false stories that promise total protection by installing a single security program.
Myth #3: I don’t need security software, I don’t access unsafe locations.
How many times didn’t we hear someone saying that they don’t need anti-malware protection, that they’re too smart to fall for the tricks used by cyber crooks?
And if they’re thinking about spam email attachments or clicking on intrusive pop-up ads, they may be right.
But that’s not the only danger. There are plenty of other malware attacks and vulnerabilities that are not visible.
Cyber attackers are able to exploit safe websites and insert malware into their ads and, further more, into your system.
You can access a safe, perfectly legitimate website that doesn’t even require you to click on something and still get infected.
You can get infected just as much as on a risky, illegal website.
Malicious software and their methods of spreading are in a constant evolution. And just because they can’t be noticed, it doesn’t mean that they’re not there.
To be safe online is quite similar to driving your car. You may have common sense and pay attention to potential dangers, but can you always predict what others around you are doing?
And there’s also the increasing danger posed by financial stealing malware. It’s supposed to stay hidden while collecting precious data from your banking operations, so it could be days, even months until you become aware of its existence.
Do you still believe you don’t need security?
Myth #4: I set a strong and complex password to my account, so I’ll be OK.
Tsk tsk. Don’t count on that.
Yes, it’s strongly recommended that you set a strong password, so don’t skip this essential step.
It should be one that has more than 15 characters, both upper and lower cases, and must contain various numbers and symbols. Set a random one, so it will be even more difficult for someone trying to break it.
But keep in mind that having a strong password is not enough to keep cyber criminals away.
It’s just one of the many security layers that will keep you safe.
Next safety measure that you should check: your password should be unique. Don’t reuse it between accounts, otherwise a cyber crook will have access to all your digital assets, just by breaching one of those accounts.
Afterwards make sure you activate second-factor authentication wherever it’s available. It will work as an extra defensive wall that’s even harder to be knocked down.
However, these long, unique and complex passwords have a major inconvenience: they are hard to remember.
We all have tens of digital accounts, so it’s easy to understand how setting these passwords, changing them constantly and still remembering them can become a burden.
Try not to write them down, not on your PC, not in an email draft, not on some piece of paper that you keep on your desk. This will only increase the risk of unauthorized access to your accounts.
Instead, to make things easier, you can keep them safe (and encrypted) with a password management software such as LastPass. It will also notify you if the passwords you set are too easy or not unique.
Myth #5: Internet security is expensive.
Our modern generation spends most of its time online. Our activities do not include only socializing with friends on social media networks, but we also work online, shop online, access our bank accounts and so on.
Internet access isn’t just a simple way of losing time and entertaining, it’s an integrated part of our lives.
How difficult is it for a cyber criminal to use the information we provide on our Facebook account and correlate it with data obtained from malicious software that infected our system?
And from that point, how far is the moment when our identity is being used for malicious purposes?
We all hear about cases when someone’s online identity has been stolen and money removed from the banking account. What we don’t hear is that recovering from such attacks takes time, perhaps even years.
And since an attack can occur from any part of the world, the perpetrators are rarely brought to justice.
When you draw the line, you realize that not having a proactive internet security approach is actually more expensive.
With this information in mind, should we still take a chance online?
Myth #6: I only open emails from my friends, so I’m safe.
This is a perfectly valid argument. Until you find out that you were tricked and that email just appeared to be from someone you know.
How many of us already received a strange email from a friend or from a work colleague?
It’s not difficult to spoof an email in order to display anyone’s name as being the sender.
For someone who is less trained into detecting suspicious emails, all it takes is one click before getting infected with malware.
Clicking on links or downloading the email attachments that you receive may easily install on your system some dangerous financial stealing malware, that will remain hidden until the cyber crook gets all your information.
Such emails may also appear to be coming from your work colleagues or financial institutions. They can look real enough to trick you into giving away your sensitive information.
We have a comprehensive guide that covers everything you need to know about phishing: how to detect it, how to prevent it, and what you can do in case it’s already too late. Read it, learn it, apply it!
Myth #7: I only download and access information from trusted sources. This keeps me protected.
This is a security myth pretty difficult to break.
Most people think that accessing safe and secure locations (and even downloading from those websites) will keep them safe.
Another common misconception, somehow related, is this one: “It’s on the internet so it must be safe, otherwise it would have been taken down by law enforcement agencies”.
The reality is quite different. Even if we access and download from a trusted source, we are still vulnerable to online dangers.
Illegal websites can be launched overnight and disappear just as quickly, but they can also last for years and not get taken down. So don’t count on the law enforcement agencies, they’re usually overworked and can’t keep up with cyber criminals’ shenanigans.
Malicious software developed by crooks is designed to remain hidden from classical antivirus detection.
To stay safe, you can install a specially designed software that acts in a proactive way, before getting infected and leaking your data to malicious hackers. It offers a layer of security that works complementary to the reactive nature of normal antivirus products.
Myth #8: My social networks are safe places. Friends will be friends.
Are you sure about that?
When a social network becomes popular, you can bet that cyber crooks will be there. They can smell the potential new victims.
Since so many people are easily connected, scammers developed tricks that target these networks.
If online criminals can place malicious content like drive-by downloads and pop-up ads on safe websites, they can do the same with social media accounts.
Another danger encountered on social media accounts is posed by fake profiles and personas created by cyber criminals. These are used to collect personal information about others.
That information might seem irrelevant to you, but it will help them operate identity theft. Therefore, be careful who you add to your list of friends.
Myth #9. I don’t have important information or sensitive data on my system / email account. Why should I worry?
Sure you do. You’re just not aware of it. Or you don’t consider it valuable.
Didn’t you let your browser remember all your passwords for your online accounts, banking websites and your e-mail address?
Isn’t your email account filled with personal conversations and photos? What about work contracts, invoices, tax forms?
And didn’t you connect it to all your other digital accounts, such as social networks, work accounts, cloud services, banking operations and so on?
You may think that your data is not important, but cyber criminals collect and assemble such information. Later on, they can use it to steal your identity or further sell the information on the dark market.
And even when there is no important data for a potential criminal on your system, they still can use your device in their own malicious purposes.
Are you worried now?
Myth #10: In case I get infected, I will see that for sure.
Don’t be so sure about this.
Indeed, this used to be true. In the past, when computers started to run slow and get annoying pop-ups all over the screen, it was a sure sign of infection.
Nowadays, cyber criminals improved their methods. They are more efficient and know how to disguise their attacks. In most cases, users can’t tell if their system is involved in spam campaigns or coordinated DDoS attacks.
Malware is built to be undetectable and untraceable even by antivirus software, in order to retrieve the needed sensitive information. It may be months before you even notice.
Install a good antivirus product against classical attacks and a security program against financial and data stealing malware, stay up to date with the latest security news and don’t forget to back it up!
Security myths continue to exist because we try to find easy solutions and simple answers to our security fears.
We fear that we’ll wake up one day and realize that our passwords were stolen, our bank accounts emptied, our personal photos used against us and our private life disturbed by unknown forces.
How do we face our fears? Can we improve the perception on security and address the real risks?
We cannot deny the major benefits, innovations and opportunities that appeared with the digital world and how it changed our lives. We find various ways and methods to connect with the world, we find information whenever we need it and want it.
But shouldn’t we also educate ourselves on the dangers lurking hidden in the online world?
Education starts by rejecting the false information that we keep as real.
That is why this article demands a leap of consciousness on why we need to stay up to date with the latest threats and educate ourselves.
Just to be clear, we don’t mean to say that large companies don’t have to take the necessary security measures to spread this knowledge and eventually protect its employees and businesses. But, at the end of the day, each one of us is responsible for its actions.
When we draw a line, are we capable to see beyond these well established security stories, especially when they are close to our personal view of the world?
We want to hear your opinion: What are those security myths you could have started a fight over, but discovered eventually they were not actually true?
* This article was initially published in October 2014 and updated by Cristina Chipurici in September 2016.