Although the continuous rise of cybercrime is well-known across the globe, the circumstances surrounding it are often less clear. As instances of cyber attacks grow and evolve—sometimes within a very short time frame—it’s difficult to know who is at risk, which data is targeted, and to what extent these attacks pose a threat to overall security.
This uncertainty stems from a lack of context, which can be remedied through a basic understanding of proven cybersecurity protective measures. You can acquire this knowledge by first learning what isn’t true, starting with these 10 debunked cybersecurity myths and their corresponding facts.
1. Myth: Only certain people and organizations are targets.
High-profile financial and government institutions are absolutely targets for wide-ranging cyber attacks. However, not all instances of cybercrime are major organizational data breaches.
In fact, the most common types of cyber attacks include phishing, spoofing, and identity-based attacks—all of which are more often (and more easily, on the part of the attacker) used to target individuals over companies.
2. Myth: It’s okay to use the same password and username combination across multiple accounts.
Although it may be more convenient to choose one strong password to use across multiple accounts and devices, cybercriminals have long since caught on to this habit. With the help of bots and other AI tools, hackers can compromise your data in seconds with a credential stuffing attack: entering one known username and password combination across dozens of popular apps to obtain payment and other personal information.
Instead, use a password manager tool to keep track of unique passwords across your accounts.
3. Phishing emails and SMS messages masquerading as a trusted source are always obvious; you’ll know them when you see them.
This myth may have been true at one time, but is certainly no longer the case. With access to company logos and other visual marketing collateral, names and email addresses of those known to you, and other familiar features, phishing links can now be cleverly embedded within legitimate-looking messages.
Avoid phishing attacks by double-checking sender information and signing into that organization’s account separately to confirm any messages sent to your email or texts. Never click the link sent to you, and be sure to report the message immediately if it’s fraudulent.
4. Public wifi is secure to use with your personal devices—especially if it’s password-protected.
This one is simple: sensitive information shared over a public wifi network is more likely to be intercepted than it would be on a private connection. Plus, while many guest wifi offerings are encrypted, it’s still possible for cybercriminals to install malware via any shared network.
Consider investing in your own VPN (Virtual Private Network) to ensure your data remains protected even when using public wifi.
5. Any data that’s been deleted is not susceptible to hackers.
Data that’s been deleted may still be at risk of being extracted by hackers—both within cloud drives and hard drives. Using file restoration programs, cyber attackers can retrieve files after gaining remote access to your hard drive, while cloud-stored files often remain accessible on your account for 30 days or more.
Practice “deep cleaning” your computer hard drive with free programs like Spybot Search & Destroy and Eraser, and take steps to ensure your phone and computer remain locked if they fall into the wrong hands.
Ready to jumpstart a career in cybersecurity?
Learn the skills you need to fight cybercrime with our part-time and full-time bootcamp offerings
6. Apple Mac computers are invulnerable to malware.
While operating systems are an important differentiator between Mac and PC computers for consumers with varying needs, both are vulnerable to malware. Malware is an umbrella term representing the full gamut of malicious software, including adware, viruses, ransomware, and more.
Both Macs and PCs benefit from antivirus programs like Norton. Just remember to update your antivirus software regularly
7. Data stored via the cloud is automatically secure—with built-in protection from potential breaches.
Just as deleted data can be accessed via both hard drive and the cloud, live data can also be accessed through both storage locations. The difference lies in how cloud data is accessed.
Cloud storage usually offers an additional layer of security over local storage, because it’s backed up continually and stored offsite. However, that’s not to say all cloud storage is automatically safe. Be sure to use secure wi-fi networks, strong passwords, and other account security best practices (in addition to device security best practices) to keep these files protected.
8. Multi-factor authentication is unnecessary.
According to a March 2023 report by Microsoft, over 99.9% of the account compromise reports they deal with could have been prevented by multi-factor identification. Plus, considering many devices, apps, and email providers offer built-in MFA functionality, there’s really no reason not to use them.
9. Cyber attacks are always the result of intentional, external threats.
It’s easy to hear words like cybercriminal and hacker and imagine a shrouded figure from an action movie typing furiously to achieve the singular goal of stealing your information. At both an organizational and individual level, though, many data breaches stem from general data misuse or negligence.
Keeping in mind that nearly 22% of cyber security incidents are caused by internal threats, businesses and organizations—and the individuals who represent them—should practice standardized cybersecurity measures both at home and in the office.
10. Seeking a career in cybersecurity is impossible without a traditional 4-year degree.
While certainly not an easy task, regardless of your educational and professional background, a fulfilling career in cybersecurity is within reach! In response to the increasing shortage of cybersecurity professionals across the globe, employers are seeking motivated, prospective cybercrime fighters with specialized skills to fill these roles.
Learn more about the part-time and full-time Fullstack Academy Cybersecurity Bootcamp, and explore what it takes to become a working cyber professional.