10 Network Security Myths Debunked

Posted by / March 25, 2016


network-security.jpg

Network Security is Mission-Critical

Most devices in the modern office connect to the network in some form or fashion. This was far from the norm not long ago. Today, companies rely on secure and powerful networks to accommodate the rapid rise of workplace connectivity. Audio-visual systems remain a big part of that equation, and our industry has long focused on improving AV/IT integration for that reason.

Cyber security has become especially important for AV integrators. AV systems no longer simply interface with IT networks. With the prevalence of unified systems integration, the AV network has become the IT network. This makes AV network security in particular just as important as network security more generally.

Don’t assume that your network is secure because you’ve never had security problems in the past. Now is the time to take a proactive approach to AV/IT security. This is especially true for businesses with mission-critical networks. You can’t afford to put security on the back-burner—the risks far outweigh the cost.

Many dangerous myths abound concerning networked security. You’ve probably heard some of them yourself. Let’s look at 10 of the most common myths and clear them up one by one.

1. Cyber attack won’t happen to a small business like us.

Debunked: While the media has focused on large corporate targets, small businesses are equally at risk. Your company may have fewer resources than larger corporations, but your data still appeals to hackers.

Companies of every size may be vulnerable. Hackers often expect small businesses to be less capable of warding off attack than larger corporations. Be on guard no matter the size of your company. It’s especially important for smaller companies to take preventative measures against employees inadvertently putting the network at risk from the inside.

2. Security is important, but the solutions are too time-consuming or costly.

Debunked: The saying goes, “an ounce of prevention is worth a pound of cure.” But in the case of network security, an ounce of prevention is worth a ton of cure. Its absence exposes your organization to a huge amount of unnecessary risk. 

Though it may be hard to measure the ROI of network security, the cost of an attack is devastating. If you take the time to prioritize your most valuable data, any security program is better than none.

3. I’ve tested my network before, so I know it’s secure.

Debunked: Security is not a one-size-fits-all, “set it and forget it” process. Varying degrees of security come with their share of trade-offs in user accessibility. Different solutions are appropriate for different scenarios at different times, and your security needs will evolve with your company.

It’s best for a security expert to determine the balance between security and accessibility. It’s also best to regularly audit your network security. The question isn’t whether your company will become a target—the question is will you be ready if it does.

4. We have a firewall and antivirus software, so we don’t need to worry.

Debunked: Even if your devices are completely isolated from the Internet, your system can be vulnerable to attack. Internal access to networked devices often poses a larger threat than external attack. Users working within the firewall may unknowingly connect with insecure or infected devices, exposing your system to malware from the inside. 

Executive teams should be proactive in addressing internal network security risks. By setting a formal cyber security plan, executives can provide their team more awareness of internal security risks.

Security policies and procedures set at the executive level are also more likely to encourage compliance from the team. Executives should make security a top priority by providing active and visible support for the security program and ensuring that staff are well-trained in security risk mitigation. A unified approach is far more effective than software or firewalls alone.

5. It’s impossible to stand up to an advanced cyber attacker.

Debunked: While it may be impossible to ensure 100% security at every point on the network, there is no reason to think that a security protocol is totally ineffective against advanced attackers. The vast majority of external attacks exploit systems that are poorly administered. Nine times out of ten, proper configuration and systems management goes a long way towards slowing or stopping a security breach.

Take a holistic approach to assessing, developing, implementing, and managing your network security. Too few companies do this, which is in part why there are more mediocre hackers than good ones. With a basic but well thought-out security procedure, you can avoid being low-hanging fruit for less competent hackers on the prowl. In the process, you’ll protect yourself from more advanced attackers as well.

6. We can rely on our security vendor to keep us secure.

Debunked: Security vendors may provide components needed to protect computer systems, but there still needs to be an internal security procedure in place. Your company’s IT team should be involved in testing, maintaining, and updating security as the need arises. Don’t make the mistake of assuming your vendor did it right the first time. It’s always better to check for yourself and seek out a security audit.

7. I can totally trust my employees to make the right security decisions.

Debunked: Network security doesn’t begin and end with the IT department. It requires total effort from the entire team. One weak link in the chain can do enormous damage to the whole enterprise. For that reason, security shouldn’t be left to the honors system. Regular audits, training, and expert consultation are required if your company hopes to stay secure.

8. We would need all new technologies to keep up with cyber criminals.

Debunked: While there are always important new tools to adopt, cyber security is not primarily a technology problem. It’s a people problem. If your organization isn’t willing to invest the time and effort it takes to secure the network, no amount of new technology will help much in the long run.

Avoid the temptation to seek out a silver bullet. There is none. Security takes awareness, diligence, and courage in deciding which risks to take. There will never be a zero-risk scenario. Focus more on enabling yourself to bounce back, learn, and adapt than on seeking a solution for total prevention.

9. Our company would definitely pass a security review on the first try.

Debunked: Security audits are becoming common now with increased focus on cyber security. Auditors looking for problems are paid to find them. Most of the time, they succeed.

Of course, this is a good thing. The whole point of a security review is to find things that you can fix as soon as possible. Little things that come up in a security review may matter as much in total as larger individual risk items. An effective security review doesn’t stop at a systems check. It also involves an extensive analysis of training and security documentation. 

Your company should not expect to pass a security audit on the first try, which is all the more reason to seek one out.

10. We’re more secure with Linux/Mac OS than with Windows. 

Debunked: This is a big one that’s been around for years. Yes, Windows devices are generally more tempting for hackers than Linux or Mac OS devices. But no device is completely secure forever right out of the box. 

Regular patches and updates are necessary regardless of your operating system. Linux is now a popular OS for web servers. This, coupled with its open-source nature, makes it an attractive target. Mac OS has its own share of issues and vulnerabilities as well. If you don’t keep your networked devices updated, they will be sitting ducks to any hacker who may try to insert and run malware remotely.


Moving Forward With Network Security

The myths we’ve looked are pervasive and dangerous, and there are many more than can fit in one post. But our conclusion is hopeful. Security isn’t an enigma. It takes time, effort, and some investment to secure yourself from cyber attack, but the alternative isn’t an option. You can vastly reduce the number of network security incidents your company faces by remaining aware and employing some key tools and procedures.

This isn’t one department’s job. Network configuration may be IT’s purview, but effective security requires strong executive leadership. Company-wide awareness of and adherence to risk-reducing behavior is the only strategy that works. Security is, and always will be, a team effort.

Don’t wait until it’s too late to find out if your network is secure. Contact us today to schedule a security review.


 

Ready to kick your AV up a notch?

Our free guide will help you develop a solid AV network security strategy so that your organization can protect your mission-critical data from cyber attack.
 

security_guide.png

 



Get the Whitepaper

 

 

Categories: Security / Comments