Cybersecurity? We already have antivirus. Isn't that enough?

We have been asked this question one too many times. So, let's talk about how the threat landscape has changed, whether a better antivirus would help, what good cybersecurity looks like and what you should do to protect your business.

Table of Contents

The cybersecurity landscape has changed Can I pay more for a better antivirus? So what should I do? What? Cybersecurity includes physical security? So, tell me, what cybersecurity layers do I need? So what should I do again?

The cybersecurity landscape has changed

Unfortunately, your Norton or McAfee antivirus that might have saved you back in the 90's is no longer enough. Times have changed. 

Hackers are no longer geeks (like me) sitting in their dark and dingy basement poking holes at your computer for fun or to let the software developers know that there are holes in your system. Now, they are organised criminals who are working to get a return on time investment. Yes, an ROI is just like a business, but a criminal business in this case.

So, like a business, they have become sophisticated and must meet their KPIs.

 

Can I pay more for a better antivirus?

Yes, you can. But the real question is, is more expensive antivirus is the answer?

There are many ways an hacker can inflict damage without your antivirus even noticing.

Some questions for you to consider:

  • Have you ever clicked a link that takes you to a dodgy-looking site asking for your bank account username and password?

  • Has your assistant ever received an email from you asking them to make a payment to a supplier immediately that you never requested?

  • Has your customer told you they've already paid you but you never received the funds?


In all these cases, antivirus was completely bypassed.

So that should answer the question for you.

Antivirus alone, is not enough to protect you from hackers.

 

So what should I do?

Think of security as layers.

First, let's think of your own home.

If a thief is trying to break into your home... They would have to bypass your home's security measures. 

They would have to:

  1. Jump the fence
  2. Break through the weakest of your external walls, doors, or windows
  3. Break through your locks
  4. Make sure your alarm isn't tripped
  5. Break through internal doors
  6. Rummage around your cabinets to find your valuables

To finally get your valuables and escape.

There are at least 6 layers there.

Cybersecurity is the same. You need to have multiple security layers to protect your business systems and client data both digital and physical layers.

pexels-scottwebb-1029599

What? Cybersecurity includes physical security?

Yes, of course, it does.

Here are some scenarios:

  • If your computer, laptop, USB drive or external hard drive gets lost or stolen, can they access your data?

  • If you've printed sensitive documents, put it in the rubbish bin, can someone get them?

  • If there is a power surge and your hard drive gets fried, is your data still accessible?

Can antivirus protect you from any of these?

Unfortunately, not.

 

So, tell me, what cybersecurity layers do I need?

Many people think that cybersecurity is all about the technology.

Unfortunately, many IT providers, including yours, likely also think it's all about the technology.

The answer is no, it's about people, process, AND technology.

The important thing is to build layers in your defence across all these areas. We call this defence-in-depth.

Good IT security or cybersecurity is all about standards. Leading standards like NIST or ISO 27001 are cybersecurity frameworks built with security in mind and protect some of the biggest companies and governments in Australia and the world. You may not be the biggest company, but there are cut-down versions suitable for business of all sizes.

There really is no point in doing IT without following proper standards or at least have a plan to move towards the continuous improvement of your IT. Unless it's for fun, there is no point in doing anything really if you aren't going to be doing it properly.

So, think again when asking "is my antivirus enough?"

 

So what should I do again?

If you are using a IT provider, ask your provider if they are following any standards.

If they are not, that should be a clear red flag.

If they say they are, ask them to explain it to you.

Many IT providers we meet do not follow any standards, and while they may mention they do cybersecurity most just say it. Unfortunately, not many providers actually understand it or do it.

If you are running your own IT and you are a business owner, think again. Find an expert who can help you because not only will your IT be more secure, but you will also have less stress and more time to focus on what you should be working on, your core business.

I'll leave you with a question. If antivirus is important to you. Are you using antivirus on your phone? Doesn't your phone need cybersecurity protection too?

 

Get in touch with us

Start your holistic cyber security discussion today.

Duong Dang
Operations Director

Related Articles