6 Cybersecurity Myths That Need to Be Debunked
6 Cybersecurity Myths That Need to Be Debunked
There are many myths circulating about cybersecurity. Some are harmless, others are dangerous because they make people believe they don't need to protect themselves or that protection is impossible. As someone who has worked in security for decades, I see daily how these myths harm the security of people and organizations.
Let's examine the six most common myths and debunk them, so you can make informed decisions about your online security.
Myth 1: Cybersecurity is Too Difficult, So Why Bother?
A sadly common belief is that cybersecurity is so complicated that it's not even worth trying. Many people give up before even starting, thinking it's something for technology experts.
The truth is that there are many simple ways to improve your protection, and you don't need to be an expert. Start slowly: avoid reusing passwords, learn to recognize scam messages, use multi-factor authentication. You're probably already using some of these tools without realizing it.
Password managers, for example, are easier to use than most people imagine. They not only store your passwords securely, but also automatically generate strong passwords and fill out forms for you. It's a tool that simplifies your life, not complicates it.
While there's no way to be completely "cyberattack-proof," some behavioral changes can significantly improve your online security. And these changes don't need to be complicated or time-consuming.
Myth 2: It Doesn't Matter If My Device or Account Gets Hacked
Along with the myth that cybersecurity isn't worth the effort, we also frequently hear that people think they have nothing worth protecting. "I'm just an ordinary person," "I don't have important information," "Who would want to hack me?"
The thing is, data collection is a multibillion-dollar industry. Even if you don't consider your data valuable, it is. Your personal data, browsing habits, preferences, all of this has value in the market.
You might think a social media account isn't important. However, if a hacker gains access to your social media, they can impersonate you and try to deceive your friends. They can use your photos to create fake profiles. They can discover information about you that can be used in other attacks.
That's why you should follow good security practices for every account, even those that seem silly or fun. Make security a habit and enjoy peace of mind. It's not about having something to hide, it's about having something to protect.
Myth 3: Password Managers Aren't Safe Because What If the Password Manager Gets Hacked?
We love password managers, but sometimes people express concerns about storing all their passwords in one place. "What if the password manager gets hacked? I lose everything!"
However, high-quality password managers are the safest way to store your passwords. These programs ensure you're using strong and unique passwords for each of your accounts. And they're not like putting all your eggs in one basket, because baskets don't have multi-factor authentication or zero-knowledge architecture.
Due to the technology that password managers use, the password manager company doesn't even know your master password. That's why you want your master password to be long and unique. When you enable MFA on your password manager, it becomes even more secure.
There have been incidents where password manager companies were hacked. However, when you use a strong master password and MFA, you can maintain your security even in these situations. That's why password managers are safer than notebooks, post-its, or documents saved on your computer.
Myth 4: I Have a Strong Password, So I Don't Need to Worry About Anything Else
It's great if you have a strong password with at least 16 characters and a mix of letters, numbers, and special characters. Congratulations! However, this is only one part of being a cybersecurity superstar.
First, each account and device needs its own password. Don't reuse your password, regardless of how strong it is. If you reuse passwords, it means if one of your accounts gets hacked, all your other accounts are at risk. It's like using the same key for your house, car, office, and safe. If someone gets a copy, they have access to everything.
To store all your unique passwords, we recommend a password manager. It makes it easy to have different passwords for each account without needing to memorize all of them.
Next, it's recommended that you enable MFA for each account. This doubles your protection beyond the password. The few seconds needed to type a code sent to your phone or scan your face are worth the extra protection.
In summary: you need a unique and strong password for each account and enable MFA to maintain maximum security in your online life. A strong password is important, but it's not enough alone.
Myth 5: Phishing Emails are Easy to Detect Due to Bad Grammar and Spelling Errors
Often, you can detect phishing and other scam messages because of generic greetings, spelling errors, and bad grammar. This was true a few years ago.
However, since the widespread use of artificial intelligence and large language models, scammers have become much more sophisticated and difficult to identify. The grammar and spelling of phishing emails have improved significantly in just a few years.
Some scam messages can look almost identical to messages from trusted sources, like Amazon or Facebook. If a message is trying to make you click a link or download an attachment, pause for a moment. If the message was sent to your work email, forward it to your IT or security team. If the suspicious message was sent to your personal email, check if the sender has a strange email address. Many email services today allow you to report phishing attempts if something doesn't seem right.
Beyond spelling errors and bad grammar, the main indicator of a scam message is a sense of urgency. Is the message unexpected? Is it trying to make you act quickly without thinking? Even if your high school English teacher would give the message an A+, you should be suspicious of these urgent messages.
Myth 6: A VPN is All You Need
A virtual private network, or VPN, is a great tool for maintaining security, especially when using public wi-fi. However, VPNs are not security magic. You still need to use strong and unique passwords and avoid clicking on scam links to maintain your protection.
A VPN encrypts your web browsing and helps protect your data. However, this is only one aspect of security. A VPN doesn't protect against phishing, doesn't protect against weak passwords, doesn't protect against malware if you download something malicious.
Basically, we recommend using a VPN, but remember that it's just one tool in your cybersecurity toolbox. Use it along with other security practices, not as a substitute for them.
It's Easy to Stay Safe Online
We firmly believe that you can prevent many common cybercrimes by adopting some behaviors. There's no magic solution for cybersecurity, but following some best practices can significantly improve your security.
Start with the basics: use strong and unique passwords, enable MFA, use a password manager, be cautious with suspicious emails and links, use VPN on public networks. These simple practices can make a big difference.
And remember: security is not a destination, it's a journey. You don't need to do everything at once. Start with one practice, master it, then add another. Each step you take improves your security.
Want to discuss cybersecurity myths or need practical guidance on online security?
Connect with me on LinkedIn and let's exchange experiences.
Ricardo Esper is CEO of NESS Processos e Tecnologia (since 1991), CISO of IONIC Health, and CEO of forense.io. Certified CCISO and CEHIv8, he is an active member of HackerOne, OWASP, and the Privacy and Data Protection Commission of OAB SP.