Skip to main content
Tech Radar
  • Tech Radar Pro
  • Tech Radar Gaming
Tech Radar Pro TechRadar IT Insights for Business
Subscribe
RSS
(opens in new tab) (opens in new tab) (opens in new tab) (opens in new tab)
Asia
flag of Singapore
Singapore
Europe
flag of Danmark
Danmark
flag of Suomi
Suomi
flag of Norge
Norge
flag of Sverige
Sverige
flag of UK
UK
flag of Italia
Italia
flag of Nederland
Nederland
flag of België (Nederlands)
België (Nederlands)
flag of France
France
flag of Deutschland
Deutschland
flag of España
España
North America
flag of US (English)
US (English)
flag of Canada
Canada
flag of México
México
Australasia
flag of Australia
Australia
flag of New Zealand
New Zealand
Technology Magazines
(opens in new tab)
Technology Magazines (opens in new tab)
Why subscribe?
  • The best tech tutorials and in-depth reviews
  • Try a single issue or save on a subscription
  • Issues delivered straight to your door or device
From$12.99
(opens in new tab)
View (opens in new tab)
  • News
  • Reviews
  • Features
  • Opinions
  • Website builders
  • Web hosting
  • Security

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

  1. Home
  2. News
  3. Pro
Sponsored

6 cybersecurity myths that need to disappear

By Jonas P. DeMuro

Separating security fact from security fiction

Click here for more (opens in new tab)

With malware a constant threat across the internet – it's projected to cost the world six trillion dollars annually by 2021, according to Steve Morgan of the Cybersecurity Business Report – businesses need strong cybersecurity practices to keep networks and user’s devices secure from threats.

However, while there's increasing awareness among businesses and end users of the threats they face, and what can be done to defend against them, there are still plenty of misconceptions around cybersecurity – and here are six in particular that need to be debunked.

1. A firewall keeps the network secure

A firewall is the technology used to keep an internal network secure, and keep unauthorized users off a network, while allowing data transfer to and from the internet. There are two types of firewalls: hardware and software. In a typical home network setup the router is the hardware device, while a PC running Windows contains an integrated software firewall.

While this typical setup sounds like it should be pretty secure, this isn't necessarily the case. It doesn't help that most users don't even install firmware upgrades for their router that contain the security patches that manufacturers put out.

There are plenty of examples of routers being compromised. These include a worm dubbed The Moon (opens in new tab), which infected Linksys routers back in 2014, and which was stopped by the manufacturer issuing a firmware patch. WPS (Wi-Fi Protected Setup) is another known vulnerability for all routers, with users advised to disable the feature in the router’s settings.

The prudent thing is to check that your firewall is secure, and this can be tested via GRC’s ShieldsUP! (opens in new tab). While it's convenient to use a home router, security conscious users would do well to heed the advice Michael Horowitz (opens in new tab) offered at the Hope X Hacker Conference recently in NY. He recommends installing a commercial router that's more robust at the firewall function, as enterprise equipment offers more frequent firmware upgrades, and has no function for WPS or UPnP, another potential security issue.

2. Antivirus software is enough

Just as getting your flu shot annually doesn’t protect you from many other viruses, including the common cold, so just running a single antivirus software program is not enough to protect you from the myriad malware threats out there.

Most antivirus programs do a decent job of protecting against computer viruses, but can be hit and miss when it comes to the multiple other types of malware, including adware, Trojans, spyware, browser hijackers, worms, rootkits, backdoors, keyloggers and ransomware. Microsoft includes Windows Defender integrated into its OS, and while historically it wasn’t the best solution, these days it has improved quite a bit when it comes to dealing with viruses. 

However, Defender still needs to be supplemented with an additional antivirus program, as well as an antimalware program. Choose one to constantly monitor things in the background, and run the others at a regular interval, say once a week.

3. Hacking is only for experts

The proverbial ‘computer hacker’ is the evil computer-coding genius – an individual so smart that they can pit their wits against security services and governments. In the popular imagination they can be found either in their underground lair, or skulking in a coffee shop wearing a hoodie.

We’d be better off if the evil genius depiction was accurate, as hackers would be much rarer; unfortunately there are plenty of hackers who have only rudimentary computer skills, and who make their mischief via existing code. They’ve become so common that they have their own name – ‘script kiddies’, as they don’t write any of the code themselves. The latest program designed for these amateur hackers is known as Autosploilt (opens in new tab), which is designed to detect and automatically exploit known vulnerabilities.

4. Passwords are adequate security

A password screen

Passwords remain a cornerstone of internet security, keeping accounts safe from all types of attacks. However, they get compromised quite often, including by advertisers that grab data even from an online browser's integrated password manager. The insecurity of passwords has even spawned a website (opens in new tab) where users can check if their credentials have been hacked, and are appearing in online databases.

Users are encouraged to come up with strong passwords – i.e. ones that are long and complex – and to change them at regular intervals. Better yet, don’t rely only on a password, and enable two-factor-authentication (2FA), which requires you to use a secondary means of logging into your account, typically via your smartphone. While previously this could involve a text message being sent to your phone, with the advent of SIM card cloning you’re are better off bypassing this older method, and going with the more secure authentication app for those services that offer it.

5. A VPN makes you completely anonymous

A mosaic spelling out the letters VPN

Image credit: Wikimedia

A method frequently turned to for privacy and security online is to run internet traffic through a VPN. The idea is that, by encrypting all the traffic leaving their LAN and going to the internet until it’s decrypted at the VPN’s server, the user will be anonymous, and therefore immune from hacking. However, Cisco has recently issued an alert about a VPN bug that affects their popular Adaptive Security Appliance software, and which can allow a hacker to reset the system, and even take full control of it.

While a VPN encryption tunnel can help in certain situations, such as getting around a geolocation restriction to watch a video, and browsing over a public wireless network to avoid a Wi-Fi packet sniffing attack, this hardly makes the user anonymous, or immune to other types of security compromises.

Remember that a VPN can also be compromised, either via an IP leak or via a DNS leak. In addition, a VPN’s data can be subject to mass decryption from government servers.

6. HTTPS is always secure

the https lock symbol and url

HTTP is the Hyper Text Transfer Protocol, the method by which data is transmitted between the internet and your browser. A variant of this is HTTPS, which stands for Hyper Text Transfer Protocol Secure, which means data is encryption while it’s being transmitted. Websites that support HTTPS are typically banking or other finance-related sites, online stores and others that would benefit from enhanced security.

While HTTPS is generally preferred to its unencrypted counterpart, it’s by no means fully secure. In fact, several years back the ‘Logjam’ vulnerability was described, which according to TechRadar’s Jamie Hinks “lets eavesdroppers view data passing over encrypted connections and then modify it to successfully perform man-in-the-middle attacks”.  

  • Security Week by TechRadar Pro is brought to you in association with CyberGhost.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

By submitting your information you agree to the Terms & Conditions (opens in new tab) and Privacy Policy (opens in new tab) and are aged 16 or over.
Jonas P. DeMuro
Jonas P. DeMuro
Social Links Navigation

Jonas P. DeMuro is a freelance reviewer covering wireless networking hardware.

  1. Richard Montanez looks at someone while stacking shelves in Flamin' Hot
    1
    Hulu and Disney Plus will make streaming movie history in June – and it's about time
  2. 2
    I test PC gaming headsets for a living - and these are my top picks for every budget
  3. 3
    This $399 AMD-based one-eyed PC is one of the wackiest designs I’ve seen in 25 years
  4. 4
    5 ways that ChatGPT is better than Google Bard (and 3 ways it isn't)
  5. 5
    How to clear your Android phone’s cache
  1. A futuristic robot with searchlight arms looking over an apocalyptic field, with the ChatGPT logo shining from its head.
    1
    ChatGPT plugins are officially here, and I’m already filled with dystopian dread
  2. 2
    The iPhone 15's Dynamic Island will be more powerful in one small way
  3. 3
    I was wrong about Nothing: I tried Ear (2)'s personalized hearing tests – they're a big hit
  4. 4
    Your iPhone calls will soon sound as good as they do on WhatsApp
  5. 5
    OPPO Find N2 Flip is here to disrupt the Indian foldable smartphone market

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab).

  • About Us (opens in new tab)
  • Contact Us (opens in new tab)
  • Terms and conditions (opens in new tab)
  • Privacy policy (opens in new tab)
  • Cookies policy (opens in new tab)
  • Advertise with us (opens in new tab)
  • Web notifications (opens in new tab)
  • Accessibility Statement
  • Careers (opens in new tab)

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.