October is cybersecurity awareness month. To begin the month, we’d like to present a few myths and their corresponding facts.

Myth #1: We don’t need cybersecurity training

Fact: Every organization and employee that has access to, or could come into contact with sensitive data, should receive cybersecurity training. Threats are continuously evolving, making ongoing training critical for all.

Myth #2: We’ll just deal with a breach when it happens

Fact: Paying for proper security and training is much cheaper than trying to recover from a single breach. In fact, many organizations that suffer a data breach don’t recover at all. Preventative breach measures will go a long way to help protect you.

Myth #3: Cybersecurity threats only enter through the internet

Fact: You don’t need to be connected to the internet to experience a data breach. For example, your organization’s entire IT system could become infected just by one employee using an infected USB drive. Threats come in many forms.

Myth #4: A strong password alone will protect your business

Fact: A strong password is certainly important, but it is not enough to protect your organization entirely. Multi-factor authentication will help protect your account a step further, along with many other necessary security measures.

Myth #5: Small & medium-sized businesses aren’t targeted by cybercriminals

Fact: A majority of data breaches happen at small businesses. Often times, small and medium-sized businesses lack the proper security measures and training to defend against cybercriminals, making them a major target.

Myth #6: Only certain industries are vulnerable to cyber attacks

Fact: While some industries are targeted more fiercely than others, no business is off-limits when it comes to a cyber-attack. If your organization has access to or stores sensitive data, you are vulnerable to a cyber-attack.

Myth #7: Anti-virus & anti-malware software keep you completely safe

Fact: Anti-virus and anti-malware software are incredibly important when it comes to protecting your system, but that doesn’t mean you’re in the clear. This software can’t protect against all cybersecurity risks, many of which involve human error.

Myth #8: Cybersecurity threats only come from the outside

Fact: Many cybersecurity threats do come from the outside, but insider threats are just as likely. Insider threats can have malicious intent or could be the result of an honest mistake. Either way, these insider threats are often difficult to detect.

Myth #9: You can’t be attacked on social networking sites

Fact: Many attacks can stem from social networking sites. For example, if your friend gets breached, you could get private message from them with a link telling you to “click here to watch a funny video!” when in reality, it’s a malicious link.

Myth #10: If wi-fi has a password, it’s secure

Fact: All public Wi-Fi can be compromised, even those with a password set. Anyone who has access to the Wi-Fi password could abuse the connection. That means that if your information isn’t encrypted, it could fall into the wrong hands.

Don’t fall prey to prevailing cybersecurity myths. Be informed.

Co-written by Dan Gavin and Tom Jewkes, the cyber guys from CyberEye. They can be reached at or