Misconceptions about cybersecurity can lead to employees falling for preventable attacks, according to Jayant Chakravarti at Toolbox. One misconception is that Apple devices are inherently more secure than Windows machines. Steven Hope, CEO and co-founder of Authlogics, told Toolbox that Mac users can grow complacent due to the false impression that Macs can’t get infected with malware.

“There is a common misconception that viruses and malware only exist on Windows and that somehow macOS is immune to them,” Hope said. “While the somewhat misleading Apple ad campaign implying that a Mac can’t get a PC virus is true, they can get infected with a virus/malware designed for macOS. There are malicious apps and web sites that are designed to steal your data or logon information; Apple and Google regularly remove apps from their app stores for this reason. It is important to remember that even a MacBook needs a password and password security is just as important even if you aren’t using Windows.”

Another assumption about security is that employees will naturally be able to recognize phishing attacks. Jonathan Miles, head of strategic intelligence and security research at Mimecast, told Toolbox that a significant number of employees are susceptible to social engineering attacks.

“Organizations need to be educating their workforce on cybersecurity, as Mimecast research shows that 50% of employees still open attachments from unknown sources, and 40% are fooled by an email pretending to be from a member of their organization every week,” Miles said. “To defend and mitigate the threats, it is key that organizations build a layered approach to cybersecurity resilience, including cybersecurity responsibility and awareness embedded deeply throughout all sectors of organizational culture. Offering regular remote working cybersecurity awareness training to employees will be crucial, with organizations recommended to take the initiative on keeping their employees informed about current and prevailing threats.”

New-school security awareness training can give your organization an essential layer of defense by teaching your employees to thwart social engineering attacks.