Safer Internet Day is a global initiative that aims to inspire discussion about using technology safely. Its theme for 2020, “together for a better internet,” emphasises the fact that remaining safe online is everybody’s responsibility. Whilst education and awareness around safe internet practices starts at school, in the business world it’s important that it continues far beyond the classroom – after all, in an age characterised by cyberattacks, no business can afford to be complacent when it comes to online security.
So, what better time to assess your technology security postures than Safer Internet Day? ITProPortal spoke to nine industry experts to get their advice on staying secure online.
Educate your employees
IT security tools are not infallible against human behaviour, so businesses need to also apply security to their business practices. Jan van Vliet, VP and EMEA at Digital Guardian, comments: “A business’ first line of defence is its employees. Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and that they fear for their jobs if they do not act quickly as instructed. As a first resort make sure your staff are trained to require third party validation for any financial transaction or introduce payment procedures requiring multiple sets of independent eyes. You must put in place processes and beliefs that when out of the ordinary requests come through they should be questioned."
Agata Nowakowska, Area Vice President at Skillsoft, agrees that a focus on employee training is key: “Over the past decade, the Internet has evolved at an astonishing pace. But hidden among the many revolutionary products and services this has enabled for both businesses and consumers, the cyberthreat landscape continues to mature apace. Phishing and ransomware are just some of the attacks that pose significant risk to organisations, even when they have comprehensive security tools in place. This is largely due to the human element. A recent Kaspersky report found that employee errors or unintentional actions were responsible for 52 per cent of incidents affecting operational technology and industrial control system networks. On Safer Internet Day, employee training must be top of the agenda. All too often the effects of human error can be avoided with clear, simple, and consistent training. For example, providing regular ‘bite sized’ videos that help employees recognise malicious emails can be a hugely effective – yet technically simple – tool to mitigate many of these threats.”
“This Safer Internet Day, it’s more important than ever for individuals and businesses alike to remember the impact a single phishing email could have,” describes Orion Cassetto, Director of Product Marketing at Exabeam.
“According to the 2019 Verizon Data Breach Investigations Report, phishing is still the No. 1 cause of data breaches. It is essentially a form of social engineering. Hackers are looking for ways to trick you into clicking on something malicious in an email, whether it’s a link or an attachment. It sounds simple, but phishing is just the entry point. It can lead to malware infection, lateral movement, account takeover, identify theft and more. The more compelling and realistic the content, the more likely the recipient is to click on it.
“Individuals must be vigilant with email and rely on best practices including:
- Ignore unprompted emails that request an urgent response
- Check sender email addresses and domains
- Hover over links to check their destination before clicking
- Don’t open attachments unless they are expected
- Use additional caution for unrecognised senders
- If you find something to be suspicious, don’t interact. Validate the message and content directly with the company/website the email purports to be from, instead of interacting with the email sender
“For organisations, it’s essential to deploy a defence in-depth strategy, which could include: security awareness training, including how to spot phishing emails; implementing relevant security products like email security and threat intelligence solutions, which may help identify threat campaigns targeting your organisation; and implementing behavioural analysis to help identify users who are behaving anomalously and may have fallen victim to the phishing campaign.”
Utilise security technology to stay secure
Whilst training staff about business security protocols is key, utilising the most appropriate security technologies for your business is also paramount.
“To mitigate the risk of compromised credentials, organisations should prioritise identity and access management capabilities,” Anurag Kahol, CTO at Bitglass comments. "Phishing attacks remain among the top vulnerabilities facing businesses today. To mitigate the risk of compromised credentials, organisations should prioritise identity and access management capabilities. Employing multi-factor authentication requires that users verify their identities beyond the use of a password; for example, through an SMS token sent via text or email. User and entity behaviour analytics (UEBA) leverage machine learning to baseline user behaviour and detect suspicious departures from the norm, triggering alerts and real-time security policies. In general, improved visibility and control in the cloud go a long way toward defending against credential compromise and keeping data safe."
Gijsbert Janssen van Doorn, Tech Evangelist at Zerto, raises this question: “Everyone thinks they know what it means to stay safe online – but when it really boils down to it, are we all really as safe as we think we are? Data is the most important aspect of your online presence. So, in today’s age of online consumerism, it’s important that businesses have a system in place that can recover and regain control in the face of the many threats the internet is up against – something that is cyber-resilient. 2019 saw hackers successfully attack cities, governments, schools and hospitals. Organisations, no matter the sector, need to look outside of traditional backup capabilities in order to keep the company online and safe. They need a resilient approach that can utilise modern technologies such as continuous data protection.”
Andy Swift, Head of Offensive Security at Six Degrees, shares three top security tips that will resonate with individuals and businesses: “One of the great things about Safer Internet Day is its relevance to both our personal and professional lives. Whether I’m advising clients or speaking to friends at the pub (not that they’d tolerate me talking about cybersecurity for too long…), three pieces of advice I’ll give to anyone looking to stay safe online are:
- Use a password manager. We’re all expected to use incredibly complex passwords to keep our Personally Identifiable Information safe, and rightly so. But there’s no way we’ll remember them all without some help. Use a reliable password manager and resist the urge to go back to using ‘Monday1’ for everything.
- Check for HTTPS websites using valid certificates. Sometimes thinking about all the sensitive information you share online can give you a headache. Bank details, passport numbers, addresses… Do yourself a big favour and ensure you only share sensitive information with HTTPS-enabled websites with valid certificates. HTTPS is a secure way to share data with a website, and it prevents cybercriminals from intercepting any information you submit. HTTPS-enabled websites are easy to spot – look for the little padlock on the top-left of your web browser.
- Don’t rely on your web browser to protect you. Today’s web browsers are better than ever at warning you about dangers lurking within the websites you visit. However, they can’t stop you if you still decide to download malicious content. Don’t rely on your web browser alone when you’re online – keep your wits about you and use your common sense at all times.
Don’t rely on your web browser to protect you. Today’s web browsers are better than ever at warning you about dangers lurking within the websites you visit. However, they can’t stop you if you still decide to download malicious content. Don’t rely on your web browser alone when you’re online – keep your wits about you and use your common sense at all times.
The future of online safety
We’re only at the start of 2020 but already the news cycle has been flooded with organisations – from airlines to banks to hospitals, even entire local governments – falling victim to ransomware attacks. Alan Conboy, Office of the CTO at Scale Computing, expands on this topic: "Threats such as these are evolving at an unprecedented pace, so causes like Safer Internet Day, serve as an important reminder for organisations to review their security measures and consider modernising any legacy or outdated defence infrastructures.
“Businesses must realise that traditional legacy tools are not only slowing their digital journey down, but leaving them vulnerable to tactical and well-organised criminals. Organisations should be taking advantage of highly-available solutions, such as hyperconvergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber-defences, disaster recovery, and backup.
“And if organisations do become victim to data corruption, the way they approach the aftermath of this makes all the difference too. Insurance companies are beginning to take an active role, not just in the recovery of data, but in the decision-making, for example, when it comes to whether or not to pay a ransom demand. The overall cost of doing business is rising in conjunction with the growing threat of cyberattacks, and Safer Internet Day should serve as a reminder to every business to brace itself for the impact.”
“The standard response to Safer Internet Day will be about the importance of installing anti-virus software, ensuring all software is up-to-date, enabling two factor, making sure to not download apps from emails, ensure you have a strong unique password, and not to enter your credentials from a link sent via email,” notes Steve Nice, Chief Technologist at Node4.
“But, looking to the future, cybercriminals will begin to employ big data analytics to feed AI systems that target their prey more efficiently for phishing emails. Cybercriminals will continue to use phishing emails to deliver ransomware to target businesses, as they know that their assets are valuable, and to continue working they have to pay. However, what we'll see is this activity spreading to household users who will have their cars and homes targeted. Wouldn't you pay to get control of your car or home back? It may still be a few years off, but it’s inevitable.”
Rob Mellor, vice president and general manager EMEA at WhereScape, concludes: “On Safer Internet Day, it’s important to remember how far we’ve come since the first websites were launched. As of the beginning of 2020, there are now 4.43 billion websites and a new forecast from IDC estimates that there will be 41.6 billion connected Internet of Things (IoT) devices generating 79.4 zettabytes by 2025. As the number of websites, IoT devices and amount of data increases, it can present a challenge to IT teams looking to incorporate data into existing analytics environments. In addition, businesses also need to ensure their organisations and customers remain safe and protected.
“For businesses looking to maximise the value of their data and keep it safe, data automation software is a great option. Data automation significantly reduces the amount of manual coding, allowing IT staff to dedicate more time to deliver results for the business. In addition, data infrastructure automation also aids in data privacy and compliance. Automation does this by enabling businesses to know where each piece of data sits and who can access it, as well as tag it and track its lineage in order to have a complete picture of how it is being used.”
With the internet growing at such a rapid pace, keeping up to date with the latest security practices is vital, especially for companies where breaches, hacks, and cyberattacks have devastating effect. However, whilst education is the first line of defence, businesses must employ new security technologies, enabling them to securely adapt against future cybersecurity threats. To do so, communication about online safety is necessary. Safer Internet Day aims to inspire everybody to engage in conversations about what more can be done to stay secure online, so we can all endeavour to work “together for a better internet”.