top of page

Don't Believe the Hype: Cybersecurity misconceptions

cybersecurity misconceptions

Cybersecurity might seem like a complex and expensive subject, but the truth is, there are many misconceptions that can leave businesses vulnerable. In this short blog we discuss some of the more common misconceptions.


Our business is too small to be targeted by cybercriminals

We often hear about cyber attacks on large organisations, they make front page news. However, a lot of these are not specifically targeting those businesses. These attacks are often opportunistic, targeting weaknesses not businesses, and unfortunately, smaller businesses often lack the robust cybersecurity defences. Even if your data seems insignificant, it is crucial to your business, and to those it belongs to. That data could be a stepping stone to another target, for example a customer you support, or used to commit onward fraud or cyber attack. 

We have antivirus software, that will stop attacks

Whilst Antivirus software is a crucial line of defence, it's not a silver bullet.  It is one layer of defence, that will deter some threats, but determined attackers often find ways around it. Antivirus software primarily focuses on identifying and blocking known malware, although there are more advanced versions available that do not rely solely on signatures, and can identify malicious behaviour. A comprehensive cybersecurity strategy involves multiple layers of protection, including filtering and scanning incoming and outgoing traffic, encrypting sensitive information, separating privileged accounts from accounts used day-to-day by staff, and employee training to identify and avoid social engineering tactics.

MFA is cumbersome, we have strong passwords anyway

Strong passwords are essential, but they're just one piece of account security.  Cybercriminals use tactics, such as phishing, to entice employees into revealing passwords or clicking on malicious links.  Once they have the email address and password, they will attempt to gain access to your services, or other services your users may have registered for. Furthermore, passwords are often leaked through breaches open this party services. If your users are reusing their passwords across multiple sites, these can be replayed in attacks. Multi-factor authentication (MFA) adds an extra layer of security, requiring a second verification code (like one sent to your phone or a push notification to an app) after a password is entered. You should be training your staff to configure MFA on all their personal services, such as their personal email, Amazon and PayPal. Getting them used to this in their personal lives, means they will adopt it in their working lives.

Employees wouldn't fall for phishing attacks

Phishing emails appear to come from legitimate sources and use urgency or emotional manipulation to entice recipients into clicking on malicious links or opening attachments that contain malware.  Imagine a phishing email disguised as a message from your bank, urging you to click a link to "verify your account details."  Regular cybersecurity training can equip your employees to identify red flags in emails, such as generic greetings, misspelled URLs, and pressure tactics. You should also consider using phishing simulations to help you users identify suspicious emails through relevant examples. Your training must also inform employees on how to report suspicious emails to the IT department.

Cybersecurity is too expensive for small businesses

There are a number of free and low-cost cybersecurity solutions available for smaller businesses.  Start by prioritising basic measures like strong authentication, regularly applying software updates, and training employees. There are also free resources, such as the National Cyber Security Centre's (NCSC) Small Business Guide. Following this guide, or the broader 10 Steps to Cyber Security, can help reduce your cyber risk.


Cybersecurity is an investment, not an expense.  By understanding these common cybersecurity misconceptions and taking proactive steps, you can significantly reduce your risk of cyberattacks.  Remember, even a small breach can have devastating consequences. Take control of your digital security today and build a strong defence for your business.

Bonus Content: 

  • To understand your current security posture, you could try our free 10 Steps to Cyber Security assessment, simply visit our Request a Free Assessment page.

  • If your organisations has under 100 employees, we can provide a free training platform


Commenting has been turned off.
bottom of page