Blog

The latest tech news, tips, and advice

6 Common security awareness misconceptions you shouldn’t fall for

img blog Security Compliance 31

In the high stakes world of cybersecurity, operating on false assumptions can leave your business open to a devastating or even a fatal data breach. Misconceptions about security lead people to risky behavior and undermine your efforts to secure your business from cybercriminals as well as the financial and reputational damages they cause.

Here are some common security awareness misconceptions that you should look out for and debunk at every opportunity.

“Security awareness is only important for IT staff”

Despite what the movies might show you, the vast majority of cyberattacks are not caused by elite cybercriminals using supercomputers to hack into the most elaborately protected databases. Instead, most cyberattacks occur because an oblivious employee clicked on a link they shouldn’t have or was fooled into believing a cybercriminals was a trusted party. The point is security awareness is vital for everyone at the company, especially non-IT employees who are ignorant of the different scams and tricks cybercriminals employ. 

“We don’t need security awareness training, we have cutting-edge cybersecurity tools”

Cybersecurity technology is no silver bullet against cyberthreats, especially considering that most attacks are caused by human error. Your castle can have the highest walls, the deepest moat, and the strongest fortifications, but if someone unwittingly opens the gate for the enemy, none of it will matter.

Knowledge is still the best way to spot and prevent cyberattacks, so any effective cybersecurity posture includes regular, in-depth security awareness training in tandem with the latest hardware and software.

“We did some cybersecurity awareness training, so we are secure now”

Think about the technology you used just five years ago and how different it is today. Digital technology moves at a fast pace, and just like the newest smartphone, cybersecurity knowledge has a short shelf life. 

Cybersecurity professionals and cybercriminals are always working on new ways to beat each other, so when one kind of attack is foiled, criminals invent a new one. If your security awareness training is years or even months old, your workforce could be completely oblivious to the newest threats out there, drastically increasing your risk.

“Our business is too small to be targeted, so we don’t need awareness training”

On the contrary, small businesses are a favorite target of cybercriminals because they know small businesses tend to have this line of thinking. Small businesses often skimp on cybersecurity and awareness training, making them easy prey. You might think you aren’t worth spending time on to attack, but many cyberattacks are automated to some degree and indiscriminately pick their targets.

“We’ve done security awareness training for our office workstations, so we’re secure”

Many people operate under the false assumption that cyberattacks only come through office computers, because that’s where the business is. Unfortunately, any internet-connected device can be a vector for attack, and with the rise of bring your own device policies, there are exponentially more ways to attack your business. Just because your personal smartphone is always in your possession doesn’t mean it can’t be used to attack your business. As such, security awareness training should cover smartphones, printers, and any other connected device to ensure maximum protection.

“We can get by with generic, one-size-fits-all security awareness training”

While everyone is responsible for the security of the company’s network, not every role will approach cybersecurity the same way. The receptionist needs to be aware of cyberthreats, but what they need to do or look out for is much different from that of the CIO. Generalized training will undoubtedly lead to gaps in knowledge, reduced engagement, and increased risk.


By understanding and debunking these misconceptions, your team can develop a more effective security awareness program that empowers all employees to become the strongest line of defense against cyberattacks. To keep risks low, regularly reassess and adapt your security awareness efforts to stay ahead of emerging risks. In-Touch Computer Services can tailor an effective security awareness training program to your unique needs. Reach out to us today to get started.

Archives