BLOG 10 Data Privacy Myths Busted

10 Data Privacy Myths Busted


The increasing reliance of organizations on the digital ecosystem to store their data and run applications has accentuated the debate around data privacy. Every now and then, a so-called cybersecurity expert comes up with their own version of how you should be protecting your digital assets. Amidst an overflowing stream of opinions, it's hard to tell facts from opinion.

Let’s take a look at some of the common data privacy myths that you might have mistaken for facts.

Myth 1: Proprietary applications tend to be securer than open-source ones

This one may not come as a surprise as even IT managers of large organizations have fallen for this misinformation. The security of an application includes a lot of variables, and the presence or absence of open-source technologies in your application stack isn’t one of them. On the contrary, open-source tools backed by a large community tend to be more secure than a proprietary software system that has never left a small security team.

What matters is the quality and quantity of the community backing the open-source software (or the reputation of software author in the case of proprietary software). If we take WordPress as an example, the reason it is such a secure CMS is because it has one of the biggest active communities on the planet for an open-source tool.

When we talk about reputation, it doesn’t necessarily mean how well-known they are as a company. For example, you might be a little hesitant to use a project management tool made by Facebook. We use one made by Microsoft because we know how sincere they are about securing the private information of their users, whether business or personal.

Myth 2: Data theft is the work of sophisticated hackers with advanced software

While large groups working in tandem with a state’s backing is a reality of today’s world, targeted attacks are few and uncommon and they are often a result of a political motivation. Mass cyber attacks (including ransomware attacks) are the work of what you could call the petty thieves of the digital world.

They use ripped off open-source software to employ rudimentary attack sequences, often containing dictionaryware-assisted brute force attacks with a pinch of cheap techniques like phishing and social engineering.

Since they target millions of private networks at a time, they work on economies of scale. Their attack vectors may somewhat be a case of hit or miss, but there will always be that one curious guy in the accounting department who opens all his emails no matter how suspicious they may look. Awareness about data privacy is the key here.

Myth 3: Private clouds are safer than public clouds

If by private cloud you mean your twenty-year older server running Microsoft Server 2003 at an isolated location in the Arizona desert, then unfortunately public cloud service providers such as Google Cloud and Amazon Web Services will do more justice to your privacy goals.

Since public cloud services are used by millions of customers and are subject to local and international privacy law, they are far less likely to be the victim of a teenage amateur giving hacking their first try.

Read on: How Can You Save Up To 65% On Your Cloud Costs?

Myth 4: Hackers are digital extortionists after your money

The reason we call them ransomware is because the criminals say they will release our data upon receiving 10 BTCs. However, ransomware accounts for less than 10% of global cyberattacks. What looks like an out of place minor spyware detected by your antispyware could be the work of a team of state-sponsored cyber experts trying to steal sensitive information on your offshore business endeavors. Otherwise, it could be an anonymous person hired by one of your competitors to get a clue on your product development initiatives.

In a nutshell, hackers who attack your computer may be more than an applicant to an elite black hat hacker group trying to prove their worthiness. In fact, digital extortionists are the least scary of the bunch because you know their intent.

Myth 5: Identity theft is impossible with the latest security patches

Even the most impenetrable security system has some security holes left to be identified and eventually fixed. If you have heard the term ‘zero-day vulnerability’ then you know what this means. It’s a game of cat and mouse. It could be a small script acting as a cute kitten video that you clicked in the morning, and then nothing turned up. Now the hacker has access to the PHI of thousands of customers relying your company with their healthcare information.

Even with zero trust security, a piece of software could potentially be used to steal your employee’s private information without anyone noticing.

Myth 6: You have to open a file to be infected by spyware

Studies and real-world instances have shown that in some cases you don’t have to click on the suspecting link or open the funny meme to get infected. The idea is to interact with any digital asset with caution and not access it if you have even slightest of doubt. Whenever in doubt, consult your IT manager or a security expert in the team before taking any action.

Myth 7: BYOD devices protected with strong protection methods are impenetrable

Whether it’s Windows Hello, face ID or a traditional PIN based authentication method, they have been bypassed in the past and will be in the future. In case of BYOD devices, hardware-based security such as a Ubikey is recommended to be more secure.

Myth 8: Larger enterprises are more susceptible to cyberattacks than SMBs

If you were a hacker, which you would prefer: breaking into the network of 15 SMBs with subpar application security or breaking into an A-list company with a dedicated security team shrewder and larger than the senate council?

Not every hacker is unfolding a web of lies and is high on political justice. Some are just poor and looking for an alternate source of income. AppSec shouldn’t be an afterthought whether you’re a large organization or a team of three.

Read on: What Are Bot Attacks And How Do You Secure Your Organization Against Them?

Myth 9: Legacy software is securer than modern software because of incompatible data models

What at first shines as mitigation in the form of incompatible data exchange layers may later come to haunt you in the form of poorer inbuilt security, making an old application easy to get into once the hacker has access to the underlying software or hardware. Thinking legacy software won’t be on cybercriminal’s agenda is same as thinking burglars are less likely to rob a local bank than the Bank of America.

Remember, there are no good excuses for delaying your app modernization plans.

Myth 10: Remote workers are a larger risk to privacy

If policies in place at your organization aren’t doing justice to your current state of enterprise IT, then both remote workers and inhouse workers will be at the same level of risk to your organization. If your organization is running scrutiny on their remote employees because they believe they could sell company data to your rival for some quick cash, then the problem isn’t remote working but rather your IT policies that are in a desperate need of an update.

What does data privacy mean to your organization’s IT?

Organizations collect and process data from various inputs and not all are subject to the same level of scrutiny. Privacy protection is an important metric for your customers’ data. Beyond your internal privacy policy, there are several regulatory, moral and legal obligations to fulfill to avoid attracting the ire of privacy advocates and law enforcement agencies.

When it comes to data privacy, it is simpler to stick to the key basics than to ride the wave of popular opinion or what is trending in the privacy and security market. At the end of the day, whether it is digital privacy or actual privacy, consent is the key.

Rare Crew puts security first

As top-rated custom software developers, at Rare Crew we always make our clients’ security the utmost priority. Using up-to-date security best practices, we do our best to deliver software you can rely on.

If you want to know more, don’t hesitate to get in touch.



Cookie Settings


When you visit any website, it may store or retrieve information on your browser in the form of cookies. This information may be about you, your preferences or your device. This is mostly used to make the website work as you would expect it to. The information doesn’t identify you but can be used to offer a more personalized web experience.

Because we respect your right to privacy, you can choose to not allow certain types of cookies. By clicking on the different category headings, you can find out more and change from our default settings. However, by blocking certain types of cookies this may negatively impact your experience on the site and the services we are able to offer.

Cookie Policy

Manage Consent Preferences

These cookies are necessary for the website to be able to function, hence cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services. This includes setting your privacy preferences, logging in or filling in forms. You can set up your browser to block or alert you about these cookies, however some parts of the website won’t work as a result. These cookies don’t store any personally identifiable information.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site. They help us know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our site.

These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.    They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.