In this first instalment in our series on "Security Misconceptions about the Internet" we handle the topic "Internet Security". There are dozens of misunderstandings that are repeated over and over, becoming accepted as the truth far too quickly with no actual evidence to prove them. The BSI has identified some common misconceptions and here we show you how to minimise the risks that can arise from misunderstanding IT security.

Misconception 1: "My computer firewall provides protection against all attacks over the Internet."

Unfortunately it is not this easy.
Without proper configuration, a firewall cannot provide optimal protection against internet attacks. The 'personal firewall' checks inbound and outbound data flows to protect your home computer against virus and other malware. However, Internet-based attacks then take advantage every vulnerability in programs installed and in use, and in the firewall. The same applies to firewalls as to other programs: What matters most is how the software is configured.

You can only keep your computer safe by applying the right filter rules and settings. Review your settings regularly and define the filter rules to only allow access that is genuinely required. If an unknown program demands access to the internet, be wary. Remember to check the firewall of Internet routers. Click here for further information on firewalls.

Misconception 2: "If I have an up-to-date virus protection program, I don't need to install other software updates immediately".

This is the wrong conclusion.
Although a virus protection program is important to keep you safe online, you should still install updates to any applications you use as soon as possible after release. All of the programs installed on your devices are potentially at risk of attacks from the internet. The latest malware is able to exploit existing vulnerabilities before they are recognised by an anti-virus program. Attackers can take advantage of this window of time in which their new malicious code is not recognised by anti-virus software. With this in mind, software providers are always trying to eliminate vulnerabilities in their programs by releasing updates and patches. These updates prevent malware from taking hold in the first place. Of course, virus protection programs should also be kept up to date at all times. These programs can only provide additional protection when their virus signatures are kept current with updates. Click here for further information on update and patch management.

Misconception 3: "It's fine to use one long password comprised of both numbers and letters for all my online services".

No, because if one of these online services is compromised and your password is stolen, all of the services that you protect with this password are at risk.
Usernames and passwords are particularly easy to match up if you use your e-mail address for authentication. This is why a good, secure password is essential - but you need to use a different one for each online service that you use. Pay particular attention to creating a strong password for services that use or require you to enter sensitive data. This includes services such as online banking or shopping accounts. Generally, we recommend choosing a password that is at least eight characters long and that is comprised of a mix of upper and lower-case letters, special characters and numbers. Your password should not be a word that is in the dictionary and should not be a name. Some providers place restrictions on the passwords you can use, such as length or the use of special characters.

In such cases, follow the BSI recommendations as far as the restrictions permit. Don't use passwords multiple times for different online services. Password management programs will help you by storing your passwords for you and generating secure passwords. Click here for more information on managing your passwords.

Misconception 4: "I only visit trusted websites, so I don't need to protect myself against cyber attacks".

Unfortunately even trusted websites can be affected by malware from time to time.
For example, malware could be hidden in advertising banners and end up on your PC without you noticing. It is a good idea to only visit trusted sites, but unfortunately that won't protect you against cyber attacks. Users who only browse well-known websites with serious content often have a false sense of security when it comes to cyber attacks.

However, all internet users need protection, regardless of which pages they visit. So-called drive-by downloads, which download content in the background without any interaction on the part of the user, and malicious scripts can also be found on popular websites. No matter how careful you are, we still recommend comprehensive protection in the form of anti-virus software and a firewall - with the aforementioned restrictions - alongside regular security updates.