ADVERTISEMENT

The dumbest cybersecurity myths that are actually getting you hacked

Hackers just love when you believe these cybersecurity myths. The crowd on Reddit is roasting the worst myths that are still getting companies breached.

cybersecurity myths

Image by Cybernews

Paulina Okunytė
Paulina Okunytė Senior Journalist
Apr 12, 2025 Updated: 29 July 2025 9 min read

1. "We're too small to be a target"

small business
Image from Gettyimages

2. “I don’t go to weird websites”

Darkweb-hacker-keyboard

3. "Antivirus is enough"

binary code
Image from Gettyimages

4. "We only need to worry about external attackers"

Hacker attacker surrounded people
Image by Cybernews.
vilius Ernestas Naprys Gintaras Radauskas Paulina Okunyte
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.

5. “There’s no such thing as a virus for Apple or Linux”

Apple vulnerabilities
Image by Cybernews.

6. "SSL means my site is secure"

SSL website
Image from Gettyimages
"HTTPS means my email is encrypted."
"Lock symbol on the web page means it is secure and legit."
"If it starts with https it's secure."
ADVERTISEMENT

7. "We’ll fix it in version 2.0"

Coder
Image from Gettyimages
“My favorite version of this is: It's a critical security vulnerability on a public-facing website, we will fix it in 2.0.”

8. "We train employees for phishing and that’s enough"

Phishing, trap
Image by Cybernews.
“I run quarterly comprehensive trainings with monthly phishing campaigns and I still get three people out of 200 failing them. Training is good and I advocate for it, but social engineering still works with or without it. Some people just are dumb.”

9. "Patching, antivirus, and a firewall are enough"

Patch on software. Concept of software patching

10. “We’re compliant, so we’re good!”

Padlock unlocked computer saying GDPR
Image by Shutterstock

11. "Regular password changes improve security"

password
Image from Gettyimages

12. “My host is Amazon or Google, I’m fine”

AWS
Image by Benoit Tessier | Reuters

13. “My developers know what they are doing so no need to control”

developer burnout
Image by Shutterstock.
ADVERTISEMENT