Portal Portal Forum Forum Devolutions Force Devolutions Force Hub Business Hub Business Hub Personal Hub Personal Devolutions Send Devolutions Send Devolutions Academy Devolutions Academy Download RDM RDM Workspace Workspace Launcher Launcher
News

Which cybersecurity myths annoy you the most?

Cybersecurity awareness month myths devolutions blog

This post invites the community to share the most persistent and frustrating cybersecurity myths that refuse to die, from “Macs don’t get malware” to “VPN means total privacy.”

Steven Lafortune
Steven Lafortune

Hello! I'm Steven Lafortune—Devolutions' communication maestro by day, riff-slaying guitarist by night, and the ultimate hockey play-by-play guy in between. When I'm not rescuing Hyrule in The Legend of Zelda or watching the extended Lord of the Rings trilogy for the 235,476th time, you’ll probably find me rocking out at a show. Quick-witted, always up for a laugh, and full of fresh ideas, I bring the same energy to my work as I do to the stage!

View more posts

Cybersecurity Month (also known as Cybersecurity Awareness Month) is a global campaign held every October. The goal is to help individuals and organizations adopt simple, smart habits to stay safer online.

To mark the occasion, we are turning to the community and asking: Which cybersecurity myths annoy you the most?

These are the mistaken opinions, misguided half-truths, and loudly argued yet fundamentally wrong “facts” about cybersecurity that refuse to go away.

Some examples

Here are some possible cybersecurity myths that you might find vexing, perplexing, and just plain WRONG:

  • Our company is too small to be a target for hackers.
  • We have antivirus, and that’s enough.
  • MFA is really only necessary for admins; we don’t need it for everyone or all accounts.
  • Macs don’t get malware.
  • Linux doesn’t get malware.
  • If the sender is known, then an email is safe.
  • Our data is in the cloud, so the provider handles security and we don’t have to do anything.
  • VPN = total absolute privacy.
  • Backups mean that we’re ransomware-proof.
  • Attackers don’t bother targeting non-financial data.
  • IoT devices are harmless on the network.
  • Default configs are secure by default.
  • Air-gapped systems can’t be compromised.
  • If we get hacked, we’ll notice immediately.
  • Cyber insurance replaces security controls.
  • TLS/HTTPS means a site is trustworthy.
  • Security is the security team’s job only.
  • Security through obscurity is enough.
  • Internal networks don’t need encryption.
  • Cyberattacks happen only from outside the company.
  • Firmware and drivers don’t need patches.
  • Printers and cameras aren’t potential cybersecurity risks.
  • Screen locks are unnecessary inside the office.
  • SIEM solves detection by itself.
  • Zero Trust is just network micro-segmentation.
  • SSO creates a single point of failure, so avoid it.
  • Passkeys are experimental and unsafe for business.
  • HTTPS automatically means a site is legitimate.
  • Screen sharing is safe if the meeting is internal.
  • View-only links can’t be exfiltrated.

Again, these are just some examples to spark your thinking (and unfortunately, trigger your annoyance!). You can share any and all cybersecurity myths that you believe really, really, REALLY need to disappear once and for all.

Table of contents
Related Posts

Read more News posts