Security misconceptions: Computer security

In the third part of our series on "Security misconceptions online", we're looking at the topic of "Computer security". There are dozens of misunderstandings that are repeated over and over, becoming accepted as the truth far too quickly with no actual evidence to prove them. The BSI has identified some common misconceptions and here we show you how to minimise the risks that can arise from misunderstanding IT security.

Misconception 1: "If I have a virus or other malware on my computer, I will notice it".

Users can't always tell if a virus or another piece of malware has made its way onto their computer.
There are many different types of viruses or other malicious programs that cyber criminals can place on computers or mobile devices in many different ways. Many malicious programs that can be installed on computers without causing any noticeable symptoms are equipped with identity theft features. Usually, these programs are designed to spy on users to obtain access data or account and credit card numbers, inflicting significant financial damage on their victims.

Malware that allows attackers to remotely control infected devices may also go entirely undetected by the user. This type of malicious code is often covertly placed on a user's computer when they open an infected e-mail attachment, visit a manipulated website or click on an infected advertising banner. By infecting thousands of computers with the software, the originators can launch attacks (known as DDoS attacks) to paralyse websites or to send out mass spam e-mails. There is no way to completely protect yourself against these threats, particularly when the criminals use so-calledzero-day exploits in their attacks. However, by taking steps such as installing virus protection software, using a firewall, regularly installing software updates and being careful with e-mail attachments, users can maximise their security. Users should also be very careful when downloading or installing software or other files from unknown sources. If you are in any doubt, do not proceed.

Misconception 2: "I don't have anything to hide and I don't have any important data, so I'm not a target for cyber criminals and I don't have to protect myself".

This idea is completely wrong; criminals can make use of any available data.
Anyone who surfs the internet, makes purchases or accesses online banking on an unprotected device will use and leave behind a trail of data that is attractive to cyber criminals. They might not be interested in the holiday photos, correspondence and other private documents you have saved on your PC. But from an unprotected computer, criminals can easily obtain and misuse access data and account and credit card information that has been stored on the system or transmitted via the internet. Unprotected systems can also be infected with malware such as ransomware. The originators of these programs can encrypt the infected computers, making it impossible for users to access their data. The user sees a message demanding the payment of a sum of money (a ransom) to get their data back. The ransom must usually be paid via a covert channel, for example using the internet currency bitcoin. This is the point at which many people realise that they do have data that they don't want to lose - such as holiday and family photos. Inadequately protected devices can also become part of a botnet, where they will be misused for criminal purposes.

Misconception 3: "My data is in the cloud, so I don't need a back-up".

This isn't correct. Using a cloud doesn't guarantee that your data will always be available.
There are a number of advantages to storing your data in the cloud - including the security systems offered by the provider, the ability to access your data at any time and from any device via the internet, and saving storage space, particularly on mobile devices. There are a number of cloud services that offer high security and availability.

However, there is still a possibility that users may be unable to access their data at some point. Technical problems, service provider outages or even a cloud service provider ceasing to exist could all put your data out of reach. With this in mind, it is essential to store important data in more than one location and not just in a cloud. Create regular back-ups, or duplicates, of your data on a hard drive (internal or external). Remember that devices, hard drives and storage media can also break unexpectedly, get lost or be stolen. Check out our Data security tips and read our article on what you need to look out for when Using cloud storage.

Misconception 4: "If I delete all of my data from my device and then empty the recycle bin, the data is gone forever".

Wrong. To permanently delete data from a storage medium or a device, you need to take additional action.
If you want to sell or dispose of an old device or an external storage medium that you no longer need, you must ensure that all of the data is properly deleted to prevent misuse. Moving files to the recycle bin does not remove them from the storage medium. Even if you empty the recycle bin, the data can be easily restored; emptying the recycle bin simply deletes the references to the data in the index (the hardware directory), which frees up the area to be overwritten with new data.

On some storage media, data only disappears for good when it is overwritten. To delete data permanently and securely, you should ideally use a special deletion program. More detailed information is available here. If a device or storage medium is not going to be used by another person or cannot be overwritten for other reasons, it should be physically destroyed. This is the only way to prevent the data from being recovered. Be careful to avoid injury from splinters or chips when destroying the device.

to the top