It’s easy to have some misconceptions about business technology since it moves quickly and is very complex. You could spend a long time learning IT and still fall victim to mythical thinking. A lot of people in the tech industry stick with what they know, and tend to ignore new or different ways of solving problems; without knowing all of the context for why the industry changes, myths pop up in our everyday conversations about technology.
In today’s blog post, we’ll take a look at nine common myths and misconceptions and give you a better grounding to make good technology choices.
Myth #1: Windows 11 is Bad
Users (and administrators) have a hard time upgrading their operating system because everything in the old version is “how I like it.” When a software company updates an interface or changes how you find things on the desktop, many people’s first reaction is to think those changes are “bad.” Windows 11 was criticized for this reason, but it was mostly the superficial changes that had people up-in-arms when it was released.
The truth is that Windows 11 is a little more polished, and a little more “to the point” than Windows 10 was. Useful interfaces like the Task View and features like Snap feel more integrated into the experience. I’ve got a mixed environment of Windows 10 and 11, and it can be fairly frustrating to go back to Windows 10, which feels like a choppy experience after using Windows 11 for just a few months. Behind the scenes, the operating system is largely the same, and a few of the areas where it has changed were to simplify things that a lot of users don’t need.
Myth #2: Not clicking on Bad Emails and Links Means My Security is Good
We write about it all the time because it’s really important: don’t click on suspicious links or attachments in emails. However, just because you’ve been successful at not clicking the bad stuff doesn’t mean that you won’t in the future, and it certainly doesn’t mean that everything is good to go. Zero-day vulnerabilities often don’t require you to click or do anything, and a lot of ways that attackers get into your network are based on configurations and older infrastructure.
Myth #3: Windows Defender is Good Protection for my Workstation
Classic antivirus is quickly becoming a thing of the past, since more attacks are able to evade detection by not sitting on your hard drive or mimicking an application. Because of the way Windows Defender scans, it can’t compete with a real-time solution like modern endpoint detection and response. These work by searching for suspicious behavior in addition to looking for suspicious or harmful files.
Myth #4: Antivirus Protection is Enough for our Business
Even if all of your endpoints are protected with modern EDR, you may still have some vulnerabilities based on your infrastructure and the way people connect to your network externally. You need a more holistic approach to security than just avoiding the obviously bad things and scanning your devices. Better firewalls, cloud security solutions, and endpoint detection are all a part of Crown Computers’ recommendations for consistent and wide-reaching security.
Myth #5: Using the Same Password is Fine if I can Keep it Secret
When you set up a password for any account, you are trusting the service to keep it secure. There have been a number of attacks where it turns out that the service provider didn’t properly handle passwords, and when the service was attacked, the bad guys got away with all of the passwords. In other words, it doesn’t matter if you can keep your password secret: you’re relying on all of your services to have perfect security too, and that’s not true. If your password to one service is leaked, bad guys will try that password on all of your other known accounts; if you’ve reused any of your passwords, you’re handing them the keys to your account.
Myth #6: Saving Passwords in my Web Browser is Fine
Using your web browser to save your passwords makes it so that an attacker only needs to breach the password for your browser (be it an Apple, Google, or Microsoft account). Browsers are pushy about getting you to save passwords with them, but it’s always better to have a dedicated password vault to store your credentials in.
Password managers often have a dark web scanning feature, which lets you know when your passwords have been breached by companies you do business with. Using the manager properly means that you’re generating unique passwords as well, meaning that you only have to change one password when a service loses your data.
Myth #7: Public WiFi is All Good
It can be convenient, when traveling or if you don’t have strong cellular service, to hop onto a public WiFi connection provided by an airport, hotel, or library. These connections are very risky, though, because you’re relying on that infrastructure to be secure and private; you can’t have the expectation that the network is maintained well. Either use a VPN service (VPNs) to encrypt all of your traffic on these connections, or don’t use them at all.
Myth #8: Traveling with a Non-encrypted Laptop is Okay
If you spend time on the go with your company’s data on a hard-drive in your laptop, that laptop is vulnerable to be stolen, and along with it would go your company’s data and credentials that can be used to impersonate you. Using hard disk encryption (like Bitlocker in Windows) helps secure the hard drive in case it’s stolen, requiring a key to get any of the data off of it. This makes it basically impossible to lose the data when you lose the laptop; without the encryption, the disk can be accessed simply by putting it into another computer.
Myth #9: My Business is Small Enough to not Consider Security
In the fourth quarter of 2021, 82% of all ransomware attacks were targeted on businesses with less than 1,000 employees. Small businesses are a primary target for cybercrime because they are less likely to have adequate backup solutions or defensive security. You don’t want to be a part of the statistics! If any of these points were illuminating for you, it may be time to work with Crown Computers on new solutions to bolster your security.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team