Today, 9th February 2021, marks the 18th edition of Safer Internet Day. This global movement seeks to remind users to remain vigilant online.
With the theme, ‘Together for a better internet,’ Safer Internet Day calls on everyone – whether you are a student, a parent, a teacher, a policy maker or a business decision-maker – to make the internet a safer and better place for all.
Safer Internet Day was initiated by the EU SafeBorders project in 2004 and taken up by the Insafe network as one of its earliest actions in 2005. Today, it has grown beyond its traditional geographic zone and is now celebrated in approximately 170 countries worldwide.
From cyberbullying to social networking to digital identity protection, each year Safer Internet Day aims to raise awareness of emerging online issues and current concerns.
We spoke to security experts who shared top tips and advice on how users can make the Internet a little bit safer for themselves and for everyone, here’s what they have to say:
Adam Palmer, Chief Cybersecurity Strategist, Tenable
“Safer internet day is perhaps more important than ever this year. In the last twelve months, the way we work or access education has changed beyond recognition. Organisations have opened up networks to accommodate a remote workforce. Students are using apps and services, typically the realm of the corporate world, to participate in virtual classes. Many of these cloud-based tools and services are accessed using personal devices that are unsecured or beyond the remit of the IT or security team. This expanded attack service presents an attractive target for attackers who frequently use personal devices to not only steal data on the device itself, but also look to move laterally across networks and cause further harm.
“Research by Tenable’s Security Response Team, examining details from 730 publicly disclosed data breaches in 2020, found that threat actors rely on unpatched vulnerabilities in their attacks. These ‘broken windows’ are primarily used to gain initial access into a target network. From there, attackers leverage serious vulnerabilities, such as Zerologon, to elevate privileges, granting themselves the ability to gain access to domain controllers within the network.
“Most of these attacks are avoidable with basic safety steps. Good security awareness and basic cyber hygiene prevents mistakes that can cause serious harm. In tandem, it is critical that users take responsibility for updating and securing their devices to close these broken windows.
“With technology now an integral part of modern life we all have a part to play in securing the devices we use.”
Kumaravel Ramakrishnan, Product Manager, ManageEngine
“The COVID-19 pandemic has forced organisations across the globe to rethink their concept of workspace. It is likely that a significant portion of people might choose to continue working or studying remotely. Organisations and educational institutions must ensure that their users are being educated on best security practices to reduce the chances of IT vulnerabilities or crucial data being exposed. On this ‘Safer Internet Day’, it is vital that we all come together to prevent cyber-attacks and unlawful activities.
“A few tips that can help organisations keep their users stay safe online is setting a robust BYOD policy and IT asset management (ITAM) strategy in place to help students and employees use both personal and company-owned devices without compromising data security.
“IT and business leaders should also ensure that user training and knowledge management must be prioritised to ensure all users are well aware of the various security attacks, its consequences and the steps that must be taken to avoid such attacks.
“Moreover, organisations should implement a Zero-trust model of security, enforcing the principle of least privilege and by closely monitoring and managing privileged access to the organisation’s/institution’s network significantly reduces the risk of malicious insiders accessing sensitive data.
WATCH: ManageEngine: Why ‘Zero Trust’ should be at the forefront of security strategies
“Finally, organisations must also invest in technologies like SIEM, data loss prevention (DLP) and consider emerging technologies like endpoint detection and response (EDR) and user and entity behavior analytics (UEBA) to identify and mitigate any threat early on.”
Sally Adam, Author, Sophos Naked Security
“If your business has a website, even if it’s only a modest one, go back and review the security of the site and any payment collection services you work with or connect to.
“If you can afford it, get a third-party to do the review so you get an independent opinion of what has been set up well, which parts could be improved, and which parts, if any, need urgent attention. (You can be sure that the crooks are regularly “testing” your server, even if you are not.)
“Meanwhile, if you’re only running a website via HTTP, perhaps because the information you’re providing is public anyway and you don’t think it needs encrypting, please upgrade to HTTPS for the greater good of all.
“On the other hand, if you don’t manage your own website, speak to your hosting service – any reputable provider will be happy to answer your questions, and won’t get in the way of an independent security assessment.
“At a personal level, users should educate their friends and family about internet safety. Lots of occasional web users have become heavy consumers almost overnight. Many people who previously just used the internet to read the news or check emails are now using it in multiple ways every day, including for meeting up for chats with groups of people they don’t know well, if at all.
ALSO IN THE NEWS: Infosec leaders report increase in phishing attacks in 2020: study
“Talk with your friends and family about good online security practices. Advise them on how to spot scams no matter how they arrive.
“Cybercriminals are taking advantage of people being at home to make predatory phone calls; are abusing home deliveries to send scams via SMS; and are taking advantage of people trying to download health advice or set up vaccine appointments.”
