In the first part of my mini-series “IT-Misconceptions” I have a look at “Internet Security”. There are dozens of misunderstandings that are constantly repeated and all too quickly accepted as the truth, without actually being provable. Here I have identified some common misconceptions and point out how the risks resulting from a misconceived perception of IT security can be mitigated.
Misconception No. 1: “My PC firewall protects me from all attacks from the Internet.”
Unfortunately, it’s not that simple. Without the right configuration, a firewall does not provide optimal protection against attacks from the Internet. The so-called “personal firewall” controls the incoming and outgoing data flow to protect the home PC from viruses and other malware. Attacks from the Internet, however, exploit every security hole in installed and used programs as well as in the firewall itself. As with individual programs, the following therefore applies to the firewall as well: The configuration is particularly important. Only with the right filter rules and settings can the security of the computer be guaranteed. The settings should be checked regularly and the filter rules should be defined in such a way that only absolutely necessary access is allowed. If an unknown program requires access to the Internet, the user should check this critically. The firewall of Internet routers should also not be forgotten. We have compiled more information on firewalls here.
Misconception No. 2: “If I have an up-to-date virus protection program, I do not have to install updates for other software immediately.”
This thought is a fallacy. While an antivirus program is important for safe surfing on the Internet, updates for the applications you use should always be installed as soon as possible. Any program installed on your own devices carries the potential risk of being attacked from the Internet. Current malware can exploit existing security holes before anti-virus programs can detect it. The attackers exploit, for example, the time window in which a newly developed malicious code is not yet detected by the antivirus software. For this reason, software manufacturers are constantly trying to close security gaps in their programs by means of updates and so-called patches. This prevents malware from becoming effective at all. Of course, virus protection programs should still be kept up-to-date at all times. This is because they only offer additional protection if their virus signatures are kept up to date with updates. You can find information on update and patch management here.
Misconception No. 3: “A single long letter and character password is perfectly sufficient for my online services”.
No, because if an online service is compromised and your password is stolen, all services protected with this password are at risk. Especially when using e-mail addresses for authentication, user name and password can be easily matched. A good and secure password is therefore essential – but a different password should be used for each online service. Especially for services that contain or query sensitive data, a strong password should be used. Examples of this are access to online banking or shopping. It is generally recommended that you choose a password with a length of at least 8 characters, upper and lower case letters, as well as special characters and numbers. The password should not appear in dictionaries and should not be a proper name. It happens that providers impose restrictions on the assignment of passwords, for example, on the length or use of special characters. Then the password recommendations should be considered as far as the restrictions allow. In addition, passwords should be changed at regular intervals and should never be used more than once for different online services. Password management programs provide assistance, because they can not only manage passwords, but also generate secure passwords. More information on password management can be found here.
Misconception 4: “I only surf on trustworthy sites, so I don’t have to protect myself against cyber attacks”.
Unfortunately, even trustworthy sites can be affected by malware from time to time. For example, it can hide in advertising banners and install itself unnoticed on the user’s PC. It is advisable to stay only on trustworthy sites – but unfortunately you are not protected against cyber attacks. Users who visit common and well-known Internet sites with serious content often feel that they are in the wrong place.