Today marks Safer Internet Day, a day we recognize to promote the safety, security and privacy of internet use across the world. As we become more dependent on internet and internet-enabled devices to power our businesses, organizations and daily lives, it is important for us to understand the significance of keeping information private, safe and secure.
According to the National Cyber Security Alliance, half of Americans are more concerned with the safety of their personal information online than they were at the beginning of the last decade. With the growth in the frequency and sophistication of cyberattacks and rising nation-state risks, internet safety should be a higher priority than it has ever been. With that being said, tech industry leaders provide their thoughts and tips on keeping critical information safe on the internet.
Orion Cassetto, director, Product Marketing, Exabeam
“This Safer Internet Day, it’s more important than ever for individuals and businesses alike to remember the impact a single phishing email could have.
According to the 2019 Verizon Data Breach Investigations Report, phishing is still the No. 1 cause of data breaches. It is essentially a form of social engineering. Hackers are looking for ways to trick you into clicking on something malicious in an email, whether it’s a link or an attachment. It sounds simple, but phishing is just the entry point. It can lead to malware infection, lateral movement, account takeover, identify theft and more. The more compelling and realistic the content, the more likely the recipient is to click on it.
Individuals must be vigilant with email and rely on best practices including:
- Ignore unprompted emails that request an urgent response
- Check sender email addresses and domains
- Hover over links to check their destination before clicking
- Don’t open attachments unless they are expected
- Use additional caution for unrecognized senders
- If you find something to be suspicious, don’t interact. Validate the message and content directly with the company/website the email purports to be from, instead of interacting with the email sender
For organizations, it’s essential to deploy a defense in depth strategy, which could include: security awareness training, including how to spot phishing emails; implementing relevant security products like email security and threat intelligence solutions, which may help identify threat campaigns targeting your organization; and implementing behavioral analysis to help identify users who are behaving anomalously and may have fallen victim to the phishing campaign.”
Sam Humphries, senior product marketing manager, Exabeam
“On Safer Internet Day and beyond, it is important to remember that as smart phone and tablet usage has exploded over the last few years, adversaries have taken notice and are constantly capitalizing on our dependence on these devices to score sensitive data.
According to MITRE ATT&CK, one of the latest techniques includes exploiting certain devices via a charging station at an airport, coffee shop, etc. or infected PC. If the device is connected via a USB on a compromised charging station or PC, an adversary could exploit the device through the connection by injecting malicious applications or simply manipulating the operation system. This could give adversaries access to messages, photos, call logs and more.
Luckily for businesses and consumers, it is easy to take steps to protect yourself from attacks like this. Simply plugging in using a power adapter to an unknown charging station and not just a USB will prevent unknown parties from accessing the phone. USB datablockers, which act as a buffer between the USB and the charging port, can also be used to prevent this. For businesses, developing an in-depth security strategy which includes security awareness training and implementing security products like threat intelligence solutions, which can identify threat actors on a network, can go a long way in protecting against outside threats.”
Trevor Bidle, VP of Information Security and Compliance Officer, US Signal
“This year’s Safer Internet Day gives us a chance to reflect on everything the internet has enabled us to do within the last decade and the effects it has had on our lives. The internet has made smart homes the norm, brought people together from all over the world and allowed information to be shared in seconds. However, the internet has produced just as many dangers as it has benefits.
Few, if any businesses, can exist without the internet in 2020, and cybercriminals are exploiting this. In fact, a 2019 survey revealed that 83 percent of organizations had been hit with a cyberattack within the last two years. Utilizing a third-party managed services provider who can offer web application security and DDoS attack prevention is the most effective way to tackle the threats that the internet brings. A managed services provider would be able to provide protective services such as DDoS mitigation, web application firewall (WAF) and auto-renewing SSL certificate management. However, there are some network-based tactics that any organization connected to the internet should implement as well.
Make firewalls your first line of defense. This includes the external perimeter of your network and internal firewalls that provide backup defense and keep suspicious, often malicious external network traffic away. Employ the latest antivirus and phishing detection technology. Restrict the use of USB drives and external hard drives as these are easy targets for data breaches. If your company has a BYOD policy, ensure that it includes specific measures to mitigate business data risks. Audit your systems regularly, and immediately fix any vulnerabilities. And lastly, make employee security training a priority and ensure that all employees are aware of all security policies.”
Oscar Tovar, security researcher, WhiteHat Security
“Unfortunately, we are never out of danger from a data breach of our personal information. This year during Safer Internet Day, it is important for organizations and individuals to heed the advice of the holiday by working together to make cyberspace a safer place.
For businesses, security training and education is essential for all employees. After applying that core understanding, IT and operations teams should also be partnering with security teams to understand and prioritize how to mitigate risk. In addition, developers need to incorporate security as part of the entire software lifecycle and apply patches to applications immediately – not months after they become available.
As users, we also need to take precautions too. It is essential as a user community that we practice stricter personal security in order to mitigate the impact of data breaches that will, inevitably, occur. Here are some simple tips for securing yourself online:
- Don’t use the same password for all sites and apps. If one site or app is breached, all of your accounts are effectively breached. At the very least, use a variety of passwords to minimize the impact
- Turn on two factor authentication for any app that supports it. It can be a pain, yes, but it’s also one of the best ways to protect your accounts
- Only log into sites that use SSL; you’ll know this by checking if there is an ‘https://’ before the rest of the URL
- Don’t click on any links or attachments in instant messages or emails. As tempting as they might look, you really are rolling the dice with your personal security.”
Alan Conboy, office of the CTO, Scale Computing
“We’re only at the start of 2020 but already the news cycle has been flooded with organisations – from airlines to banks to hospitals, even entire local governments – falling victim to ransomware attacks. Threats such as these are evolving at an unprecedented pace, so holidays like Safer Internet Day, serve as an important reminder for organisations to review their security measures and consider modernising any legacy or outdated defence infrastructures.
Businesses must realise that traditional legacy tools are not only slowing their digital journey down, but leaving them vulnerable to tactical and well-organised criminals. Organisations should be taking advantage of highly-available solutions, such as hyperconvergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber defences, disaster recovery, and backup.
And if organisations do become victim to data corruption, the way they approach the aftermath makes all the difference. Insurance companies are beginning to take an active role, not just in the recovery of data, but in the decision-making when it comes to whether or not to pay a ransom demand. The overall cost of doing business is rising in conjunction with the growing threat of cyber-attacks, and Safer Internet Day should serve as a reminder to every business to brace itself for the impact.”
Yev Pusin, Director of Strategy, Backblaze:
An essential way to ensure your data is protected is to securely back it up on a daily basis. If you back up your devices consistently, you’ll keep all of your important documents and personal information safe in the event of a disaster like data loss or theft. Whether you choose to store data in the cloud (which I recommend) or on a local backup device, using a 3-2-1 backup strategy, and having your data secure and available across multiple devices and locations will better protect it, think of it as data backup diversification!
Here’s a few more tips to keep in mind when using a device that is Wi-Fi enabled:
- Be careful not to access or provide sensitive information and data over open Wi-Fi networks – especially if you don’t fully trust the network’s security. Turning off “automatic connections to open networks” is a great start!
- Using strong passwords and changing them often is a best practice. Remember to never use the same password across multiple accounts.
- Turn off sharing on your devices and reject sharing requests unless you know and trust the person.
- If you’re accessing or providing sensitive information, look at the certs! Double check that the websites are secure, which is indicative of the HTTPS prefix in the URLs. If they aren’t they may not have updated SSL (Secure Socket Layer) Certifications.
- Set up a VPN (Virtual Private Network) to protect your connection by routing traffic through a secure network. If you must use an open network or public Wi-Fi, a VPN is a great way to protect yourself.
Implementing these tips and using a cloud backup solution will keep your data safe from disaster and prying eyes! It’ll also make recovery time quick and easy in the wake of any incident!
Joy Beland, Senior Director, Cybersecurity, ConnectWise
Safer Internet Day is an opportunity to slow down, think about how our online habits might lend themselves to invasion of privacy or loss of data, and start making small changes in our behavior. Over the past ten years, we’ve gone from being online for email only to adopting a constant online presence that starts when we wake up, ends at bedtime, and is accessed from multiple devices.
This constant online presence lends itself to nonchalance in our behavior. Being safe online means that how and when we use our devices needs a second look. Does an important looking email from a semi-familiar name warrant opening that attachment from your cell phone, or do you wait until you’re on a computer with good malware protection and can identify the full email address of the sender? When using a search engine, are you careful to read the actual URL of the website that shows up in the search results, or are you going off the headline that comes up in regular font when you select the results to click on? That second of hesitation may seem inconvenient, but a little extra scrutiny online can be the difference between a happy, productive day and a disaster costing thousands in time and money.
The biggest threats today are business email compromise and extortion – mainly ransomware. There are many good resources to guide you in protecting yourself from these, and the solutions are not just technical. Yes, you can add an email filter or strong endpoint malware protection, but all it takes is one person not paying attention, and credentials get compromised or malware is given permission to install. Education about what to watch for, like validating the sender’s email address and being careful to click legitimate websites when scrolling through search results, are key to staying safe.
Rob Mellor, vice president and general manager EMEA, WhereScape
“On Safer Internet Day, it’s important to remember how far we’ve come since the first websites were launched. As of the beginning of 2020, there are now 4.43 billion websites and a new forecast from IDC estimates that there will be 41.6 billion connected Internet of Things (IoT) devices generating 79.4 zettabytes by 2025. As the number of websites, IoT devices and amount of data increases, it can present a challenge to IT teams looking to incorporate data into existing analytics environments. In addition, businesses also need to ensure their organizations and customers remain safe and protected.
For businesses looking to maximize the value of their data and keep it safe, data automation software is a great option. Data automation significantly reduces the amount of manual coding, allowing IT staff to dedicate more time to deliver results for the business. In addition, data infrastructure automation also aids in data privacy and compliance. Automation does this by enabling businesses to know where each piece of data sits and who can access it, as well as tag it and track its lineage in order to have a complete picture of how it is being used.”