Common Myths

Formatting a hard drive is fine
“New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders from eBay contained personal, private and sensitive information -- everything from corporate financial data to the Web-surfing history and downloads of a man with a foot fetish.” Computerworld, 2009.

Formatting a hard drive doesn’t totally remove data and often it can be recovered with off-the-shelf software. The best way to remove data is to physically destroy the hard drive or use overwriting software. Overwriting software will blast the hard drive with zeros to overwrite all data from 0MB to 1GB (or whatever the size of the hard drive).

Most malware comes from emails
Years ago this was true and quite a few emails have attachments. While it is still partly true, dodgy links within emails are now more fashionable. A new, greater threat is picking up viruses from websites. Some new websites are deliberately set up to infect computers, sometimes genuine websites which people trust are infected in the hope that people will log-on and pick up the virus.

Windows log-in prompt is bulletproof
Even some IT professionals think this is true! There is quite a lot of free software out there can be used to circumvent passwords, reset them or just guess. Full-disc encryption is the only safe option to stop people bypassing log-ins and of course it encrypts all data.

I have antivirus so I can’t get infected
No antivirus scanner, no matter how reputable the source, is 100% accurate. There are many types of viruses and literally millions of them out there. Every day dozens of viruses are created so it’s hard for antivirus software to keep up ... which is why updates are released daily.

A firewall is enough
If they are lucky, most individuals and small businesses will have a firewall and antivirus system installed from the offset which gives protection against some threats. But what is really needed is a multiple-step approach: updates, antivirus, back-up, encryption, physical security and so on. A firewall won’t stop an email being intercepted or prevent a laptop or USB drive from being stolen.

Nothing to steal
Who’s going to target me, I am just a 30 year old man earning £30,000 a year in London? You might not be a celebrity earning millions and the paparazzi are scarcely going to be interested in your holiday photos but identity theft can still happen and credit card details always useful. Information and data input into a computer can still be captured and keystrokes used to 'steal' credit card details.

Website security
On their shopping cart checkout most websites claim, “This website is protected by the latest 256bit military grade encryption”. What does this mean? Data sent between the client (your PC) and the server (the website) is encrypted to stop interception. It doesn’t mean the data stored on your computer or on their server is secure. All it means is that eavesdroppers cannot intercept data en route between you and the website. SSL certificates can be bought reasonably easily from around £8 a year.

Macs are bulletproof
People often buy Apple Macintosh because there are quick, more stable and more secure. There is truth in this but then again one of the first computer viruses started on a Mac about 30 years ago. Microsoft has the monopoly so the bad guys will often target the platform with the greatest number of users. More users, more threats... Sophos has even started to give away free Mac antivirus software because it’s so hard to sell.

Friendly email
My colleague or friend sent me this email so it must be safe and virus free, mustn't it? Two problems: their account could have been hijacked so everyone gets a dodgy email from them; or perhaps someone is spoofing their email address which is quite a simple process.

Infections shout
I don’t have any infections because I would know. Five or more years ago and most viruses would flash messages on the screen or open pop-ups. These days they have become silent and can send personal data off-site without anybody realising.

USB viruses
Most people’s main worry is picking up a virus from a USB stick. Go back five years and USB drives were blamed for most infections ... how many people 'lost' their homework through computer infections? While it is true viruses can move between computers via USB, the biggest threat is data exposure/loss. USB drives are often used as a back-up ... but leave it on the train and the finder is privy to personal and/or business data.

High spend means greater security
We’ve just re-designed our security with 12-foot high fences, barbed wire, hardware firewalls, three tiers of antivirus, data encryption, data backup, antivirus, fingerprint scanner, armed guards, retina scanner, man traps ... Great but what about the weakest link.... your staff? Fantastic security can filter down to staff and effect how they work. A social engineer could phone up any member of staff and ask for sensitive details and in a flash that £5 million security package has failed.

Intrusions comes from the outside
When most people think about network intrusion they automatically think of some evil external hacker. Statistics show that up to 80% of intrusions had some 'inside' connection. Employees know passwords, software versions, the infrastructure layout, information useful to outsiders planning an attack.

So many people ... so it won’t happen to me
A lot of network attacks and viruses are totally automated and work by themselves and can randomly target and penetrate vulnerable computers. Website viruses and defacements are often automated; for example, one infected website can in turn go after and infect other websites. Many people or companies think it won’t happen to them – read this articles 'It will never happen to me. Well, it nearly happened to us and we're a data security company'.

Security is only needed for larger businesses
Most individuals and small businesses do not seem to think about IT security or invest in it, while larger businesses will often have a department dedicated to it. Small businesses can still hold sensitive and valuable data; for example, people are going to take a greater interest in a private, one-man celebrity barrister because of the data he or she holds. Anybody can lose a USB drive, so if a solicitor were to leave sensitive papers on a small-scale divorce case on a train, the end client, famous or otherwise, would not be best pleased. All data is important to somebody.