blog

6 Misconceptions About Cyberattacks

Fact or Myth
Windstream's Tony Spurlin

Tony Spurlin

By Tony Spurlin, Chief Information Security Officer, Windstream

Channel Partners Insights logoIt seems like every few months we hear about a major hack or data breach affecting millions of people. This summer, it was Capital One and some 100 million Americans whose personal data was harvested. Increasingly, it’s small and midsize businesses who are the target of cyberattacks, and because these attacks are growing in number and sophistication, many businesses face an existential threat in light of the consequences.

Each October, the U.S. Department of Homeland Security marks National Cybersecurity Awareness Month. It’s a time for government and public-private partnerships to encourage business data security, and at home, cyberattack defenses that begin by recognizing you have digital assets.

Data breaches, denial-of-service attacks, ransomware, phishing and other digital dangers may not feel urgent to anyone who is as yet unhurt, but cyberattacks are almost exponentially more numerous in the United States than in any other country. And, almost two-thirds of the victims aren’t the Wall Street credit card companies we hear about, but the Main Street businesses we drive past.

In counselling business data security, the discussion often begins with misconceptions around vulnerability, the nature of cybercrime agents, and the liability businesses may face in the event of a cyberattack.

Misconception #1: My data (or the data I can access) isn’t that valuable. Begin with the premise that all data is valuable. Do an assessment of the data on hand – routinely collected, filed, accessed and transmitted – and inventory it, giving weight to its sensitivity. Most companies have client and customer business data assets that, if compromised, would impact trust and future business.

Misconception #2: Cyberattacks arrive without anyone’s permission or knowledge. A cyberattack can occur over any internet connection, but increasingly, it begins with a correspondence. Phishing – and Vishing and SMishing – is a request for access that requires an initial response. Spear phishing, in which a communication arrives ostensibly from a customer, friend or contact, is particularly insidious.

A first-line cyberattack defense is managers’ choice to train around these introductions.

Misconception #3: Cybersecurity is an advanced technology game. True, the average IT specialist can’t write effective antivirus software exclusive to the small-to-midsize business any more than the average motorist builds her own car. What is also true is that security is best approached as a mix of business solutions and employee training, along with clear policies and protocols guiding company culture.

Training should emphasize small security thresholds employees can meet at any time:

  • Use strong passphrases and multistep authentication to protect access.
  • Limit access to data or systems to staff who need it to perform core duties.
  • Keep a clean machine — clearly promulgate acceptable (if any) internet downloads.
  • Communicate — with supervisors, with colleagues, with professional associates. Not talking about security is a security risk.

Employees should be shown what phishing scams and other opening gambits look like. Be suspicious of …

Pages:  1 2 Next


Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 128357