Poor Excuses For Avoiding Security

If you are using any of these excuses in your business you are likely already in trouble.  Don’t say we didn’t warn you!

  1. I’m too small to be a target.  Sorry, but false.  Small and medium size businesses are seen as prime targets by my cyber-crime organizations just because they are usually poorly defended, easy to hack, and have assets worth the effort.  If you have cash in a bank account, that can be enough to attract an attack.
  2. Internet security software slows down my system.  While this may be true, it is still important to have this critical protection on your computer.  If your security suite is impacting your performance – get rid of it and replace it with something faster.  We are no longer recommending products from Norton (Symantec) or McAfee because of issues like this.  We like AVG products, or Microsoft Security Essentials if you want to run something that is free.
  3. I only go to safe, well-known web sites.  Again, these sites are prime targets of cyber-criminals looking to distribute malware and Trojan horse remote access programs.  Many high traffic sites have been hacked and turned into malware distribution centers, including the New York Times, Minneapolis Star Tribune, and others.  Another tactic is to purchase an ad on a popular web site, and load the ad with malware downloads.
  4. Windows Updates are incompatible with my stuff (i.e. line of business software, old printers, other network connected devices.)  If you are having conflicts between Windows Updates and device drivers, custom applications, or hardware, then you really need to find a way to fix the problem, or replace the software or device with something that works with a fully patched Windows system.
  5. I turned Windows Updates off, and only update manually.  When Microsoft releases updates on Patch Tuesday, the second Tuesday of every month, these updates usually close newly discovered security vulnerabilities.  If you re avoiding these updates, even by a week, it means you are at greater risk of a breach during that time.
  6. I use a Mac.  Apple users have long claimed, falsely, that they are invulnerable to malware attacks.  They are right up to a point – they are immune to Windows malware attacks.  But the increase in users in the iPhone, iPad, iMac world and their more affluent demographic characteristics mean that the cyber-thieves have written some great Apple specific exploits.  The Apple universe is no longer more secure than Windows.
  7. My ISP says my cable or DSL modem is also a firewall, so I don’t need a dedicated firewall system.  Again, while true to a point, the firewall software in most ISP edge devices is nothing like the protection you get from a dedicated hardware firewall or intrusion detection system.  Oh, and by the way, that ISP firewall ships with all 65,000 ports open by default, so it you didn’t close them down yourself, then the firewall is most likely OFF!
  8. Training my staff about Internet threats is a waste of time and money.  Actually this may be the best place to spend your security budget.  Most successful exploits depend on the trust and cooperation of your employees to open convincing emails and click on the links they see.  once down, remote access software is installed, and no matter how good the rest of your defenses are, they are inside your network and in most cases can continue with impunity and remain undetected.

The time has passed where we could use good luck and hope as Internet defenses.  The bad guys are out there in larger numbers than ever, and with better skills than you can imagine.  You need to treat your digital assets with the same degree of protection as you would cash.  Good systems, and smart, well-trained employees CAN make a positive impact on your network security.  The time to start is today.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.