3 Common Cybersecurity Misunderstandings Companies Have

Peter Drucker on knowledge

Imagine a time when you didn't have to hear -- ever again-- the words cybersecurity, breach, or you're at risk. These all too familiar words have become part of our daily stories. Unfortunately, they aren't going away.

Risk exposure is the currency we trade for convenience and access to instant everything.

There is so much information, so many experts, and only so many hours in your day to make sound security decisions. And sometimes this means incomplete facts and flawed assumptions.

We love to hear both questions and confident assumptions. It's an opportunity to fill in the blanks, eliminate costly confusion, and share with you what we're continually learning.

Here are three actual conversations we've had recently that you might find helpful.

1. Our employees don't download anything so we're not concerned about malware.

This statement came from a company who, not long after saying this, suffered a serious internal data breach.

There was a time when you were told by the tech folks never to download anything from an unknown website. That's where malware and viruses come from, they said. While this is still valid advice, website downloads are only one very small part of the malware scene.

There is a long list of malware sources that you are continuously exposed to such as:

  • Adware embedded in a legitimate website

  • Keyloggers quietly downloaded from a website visit or security gap in your network, desktop, laptop, printer, or other device

  • Phishing, spear phishing, warshipping, and smishing attacks that are becoming increasingly sophisticated

  • 2. When I enter an incorrect password a certain number of times, I get locked out. Why doesn't the same thing happen to a hacker?

    That's a great question. When my neighbor Robert asked me this last week, it reminded me how we all use what we know and our personal experience to draw conclusions.

    I explained to Robert that hackers don't necessarily login to an account the way you do. Instead they are continuously scanning networks, wi-fi connections, devices, and more, looking for an unsecured opening. These unprotected backdoors are low-level settings that most of us aren't even aware of. That's what hackers are counting on.

    And yes, responsible password management is still absolutely essential. Cracking and harvesting passwords are lucrative child's play for hackers. Your compromised passwords make their way to the dark web and are quickly sold. By the time you discover your passwords have been compromised, the damage has been done.

    3. I check the company's bank account often so I know we haven't been hacked.

    This statement stopped me in my tracks. It was another startling reminder of how easy it is to leap to risky, flawed conclusions without the right information.

    Hackers don't simply login to your bank account and write themselves a check. The payday they are looking for is the much more lucrative ransomware check they will demand you write. This comes months after they have quietly been sweeping your network and devices for your valuable data.

    Seemingly random pieces of data lead to breaches that extend far beyond your immediate device or company network. As we've shared in the past, we all have an obligation to protect not only our internal data but also the data our clients trust us with.


    There's no doubt that security awareness feels tiresome and overdone. Just think of security as a responsible habit like locking your front door, eating your vegetables, and looking both ways before you cross the street.

    Thanks for Your Thursday Visit

    You're in business to grow and deliver what your customers and clients want most from you.

    We're here to help you make that happen.

    We're a community of curious learners and business leaders. We talk information, knowledge, tools, and resources to help you and your business thrive.

    Knowing the questions to ask your IT provider or internal team is the first step in planning your company's cybersecurity protection.

    This free eBook: Talking With Your IT Provider About Cybersecurity gives you the questions to ask and the key listening points.

    Grab Your Copy Now

    . . .

    Linda Rolf is a lifelong curious learner who believes a knowledge-first approach builds valuable client relationships.

    She is fueled by discovering the unexpected connections among technology, data, information, people and process. For more than four decades, Linda and Quest Technology Group have been their clients' trusted advisor and strategic partner.

    Linda believes that lasting value and trust are created through continuously listening, sharing knowledge freely, and delivering more than their clients even know they need.

    As the CIO of their first startup client said, "The value that Quest brings to Cotton States is far greater than the software they develop."

    Tags: Cybersecurity

     Our Partner Promise

    Quest Technology Group
    315 E. Robinson Street • Suite 525
    Orlando, FL 32801
    Phone: 407 . 843 . 6603


    © 1991-2024 Quest Technology Group, LLC All rights reserved. Your Privacy Matters