My top security myths, or security excuses, call them what you want.

I hear these all of the time from clients and everyone believes them. 

1.  We have a firewall, therefore, we are secure.
2. It is only a test server, it does not need to be secured.
3. It’s on the internal network, it doesn’t need to be secured.
4. No one would break in like that.
5. Wireless signals do not leave the building.
6. If we apply updates, all of our servers and desktops will crash.
7. Virtual servers do not need anti virus. 
8. Everyone else does security this way, why can’t we ?   (if all of your friends jumped off a bridge, would you jump off a bridge?)
9. You only need to audit our firewalls, you do not need to check the external web servers, those are secure.
10. If someone broke into our network, we would know about it.
11. Macs and Linux don’t have security problems, never get hacked and dont need anti virus.
12. Firefox is more secure than Internet explorer.
13. Microsoft  CANT be secured.
14. A friend forwarded me an email, therefore it is true.
15. Our former employees would not attack our systems.  We trust them, even though we just fired them, we don’t need to change passwords.
16. No one would attack us, we are to small to have anything of value.