Happy
Safer Internet Day! Now in its 18th year, Safer Internet Day stands to remind
those who use the internet for business, personal, and every reason in between
to have their guard up anytime you go online. While the internet has
revolutionized the way we do everything from communicating to paying bills to
shopping, everyone needs to be aware of the dangers on the internet and how to
avoid them.
With
the theme this year of "Together for a better internet," we honored Safer
Internet Day by speaking to cybersecurity experts to learn about what
threats are out there and what you can do to keep yourself and those around you
safe.
---
Lex Boost, CEO, Leaseweb USA
"Today
we are more dependent on the internet than ever and are using it in new and
creative ways to assist in everyday activities. With this increased use,
reinforcing internet safety procedures is critical.
Cybercriminals
are constantly looking for ways to negatively impact internet experiences and
the vast size of the internet means that keeping the internet safe is a
communal task. Businesses can contribute to the task by ensuring company-wide
cybersecurity tools are in place, promoting internet safety best practices for
employee use, and by working alongside organizations whose mission is to keep
the internet safe.
Internally,
employers should be implementing strong cybersecurity tools to ensure that
their team's internet usage is secure. A managed cybersecurity solution from a
hosting provider can provide a company with enhanced
physical and cybersecurity measures including intake investigations, vulnerability
detection, and 24/7 security monitoring.
It
is also important for best safety practices to be promoted in any work
environment, especially a remote work environment. The first thing to ensure is
that employees are utilizing a
robust internet security software that includes firewalls, pop-up blockers,
vulnerability scanning, and email spam filters. Other safety practices include
regularly updating your password, connecting to a VPN when accessing company
data, not clicking on links in emails unless they are confirmed to be 100%
safe, and backing up data regularly.
Importantly,
companies can be a part of the communal solution by supporting
non-profits that monitor, identify and combat cybercrime around the world. We
at Leaseweb work closely with a number of these organizations including CyberDefcon, Shadow Server, and Stop Forum Spam. Tech companies in
particular can provide
tools to
these non-profits such as servers and network bandwidth.
Keeping
the internet safe requires a combination of tactics. But deploying company-wide
tools, promoting employee best practices and working as a global network can go
a long way in combating those that seek to make the internet dangerous."
--
Jay Ryerse, VP Cybersecurity Initiatives, ConnectWise
"Safer
Internet Day serves as a reminder that tech scams are on the rise around the
globe. For both individuals and organizations, it's important to stop and
analyze how our online habits could lend themselves to an invasion of privacy
or loss of data.
With
a remote workforce, company and personal devices are being used to access the
internet, and many without pre-installed endpoint protection. When it comes to
protection, just having anti-virus software is not enough. There's more to
securing a device including EDR, DNS security, enforcement of proper security
policies and user education.
To
avoid a cyber incident, it's important for users to be aware of the
applications they're installing, websites they're browsing, and links they're
clicking on. Being safe online means that we need to take a second look at how
and when we use our devices.
The
biggest threats today are business email compromise and ransomware. All it
takes is one person not paying attention, and user credentials can be
compromised or malware given permission to install. Businesses need to take
responsibility for providing security education, training and guidance on
policies for their employees and clients. In doing so, team members learn how
to protect sensitive information, understand their responsibilities, and
recognize signs of a malicious threat."
--
Ralph Pisani, president, Exabeam
"In
recent months, we witnessed one of the broadest cyberattacks in our history,
affecting government organizations, enterprises and even cybersecurity leaders.
Sadly, that means that as a society and an industry, we are still failing to
learn the best practices necessary for safeguarding our digital identities.
This impacts both individuals and enterprises. In the far corners of the
internet, credentials remain the most valuable asset for malicious actors.
To
achieve a safer, more secure internet, we must teach users proper credential
protection through security awareness training, including using multi-factor
authentication. We can employ security solutions that protect email servers,
but individuals should also be able to accurately spot phishing emails in their
personal and professional email accounts. Organizations can use proactive
threat intelligence to identify campaigns targeted at them, and behavioral
analytics technology to reliably distinguish the abnormal activity of attackers
from normal user behavior to identify and remove intruders from the network.
As
we do each year, Exabeam joins the cyber community to raise awareness of Safer
Internet Day. We share these suggestions to educate and ensure the internet
serves the greater good, while fulfilling the mission of creating a better
online experience for everyone and helping security teams outsmart the
odds."
---
Rick Vanover, Senior Director of Product Strategy, Veeam
"Organizations today need to have a strong, multi-layered defense and
strategy against ransomware in order to protect data and avoid finding
themselves in a situation where there is data loss or the threat of
ransom payment. This begins with a ransomware resilience strategy, which
includes education, implementation and remediation. As ransomware
attacks continue to get bigger and more destructive, organizations need
to implement these critical steps to prepare and defend against attacks
and hackers. The reality of today is that a dual strategy of individual
user behavior and safeguards from IT is needed to provide a Safer
Internet experience.
Education – beginning after threat actors
are identified – should be targeted at both IT staff and all users
within an organization as threats can be introduced from both personas.
Remote access, phishing and software updates are the three main
mechanisms for entry. Organizations must focus IT investment to be
resilient against ransomware from an attack vector perspective.
Next,
implementation of a backup solution is a critical step in this process
towards resilience. By implementing backup solutions that thoroughly
create and maintain strong business continuity, organizations have a
dependable system in place that keeps them from ever having to pay to
get their data back. When it comes to a ransomware incident, resiliency
is completely predicated on how the backup solution is implemented and
the behavior of the threat, and lastly the course of remediation.
Organizations should be prepared to remediate if a threat is introduced
and put a plan in place that outlines specifically what to do when a
threat is discovered. This includes support, communication, decision
making, and restore options.
Prevention is the best approach
for defense. With the right preparation, the steps outlined here can
increase any organization’s resiliency against cyber-attacks – whether
in office, remote or a combination of the two – to avoid data loss,
financial loss, business reputation damage or more."
--
Robert Prigge, CEO of Jumio
“With after-school activities on pause and virtual learning in full swing as 1.2 billion children are out of the classroom due to COVID-19 restrictions, the internet has become critical for children to learn and connect with friends, family and classmates amid the pandemic.
However, this puts minors at an increased risk of falling victim to online predators, cyberbullying and inappropriate online content. Currently, there are limited age verification requirements preventing children from engaging in online chat or viewing inappropriate content on social media platforms, and without identity verification it is impossible to confirm a user is who they claim to be online, which opens the door to malicious actors looking to harm minors or steal their personal information.
In addition, websites selling age-restricted products such as fireworks, tobacco and alcohol often authenticate users with a simple “are you of age?” pop-up button, which offers no real proof of age. Researchers at Lero, the Science Foundation Ireland Research Centre for Software have discovered that it’s relatively easy for children to lie about their age or easily sidestep age verification protocols to access popular social media sites. This lets underage users view restricted websites and order products which could result in physical harm.
On Safer Internet Day and always, it is critical to recognize the need to protect minors online and hold online companies responsible for keeping minors safe while using their sites. The U.S. is likely to follow in the footsteps of Ofcom, the UK’s first internet watchdog, by implementing new legislation aimed to mitigate social harm, enforce age verification and remove legal protections for tech companies that fail to police illegal content. And it’s time online organizations start preparing for those laws. As learning, communications and social interaction continue remotely into 2021, online businesses must implement stronger age and identity verification methods to regulate age-restricted content and purchases, while policing age on social platforms, to protect minors and ultimately take a stand against social harm and create a safer internet.”
--
James Carder, CSO of LogRhythm
“Safer Internet Day is an important reminder that the rapidly expanding digital world needs to be protected and preserved for everyone. With over 4.5 billion internet users across the globe, the internet has become a daily necessity that many are reliant upon to work, learn and communicate. While it is important to recognize the growing value that the online community provides, it’s equally imperative to acknowledge that organizations and consumers alike can continue to make the internet safer and more secure.
As remote work continues amid the pandemic, online activity has increased substantially for most consumers. This means more data is shared across the web and sensitive information is exchanging hands at an all-time high. The substantial increase in online and mobile consumption puts more pressure on organizations to ensure consumers’ information is protected against data breaches and cyberattacks as hackers are preying on this heightened activity. We saw some record breaches in 2020 that serve as a reminder for companies to ensure they are employing zero-trust paradigms and strong detection and response capabilities to address vulnerabilities and incidents when their impacts can be minimized. Malicious actors continue to target government, manufacturing, healthcare and education sectors via phishing attacks and other social engineering tactics, and it remains critical for organizations in these industries to ramp up investments in cybersecurity measures.
Consumers also need to be aware of how companies are using their information. Only one-in-five consumers regularly read a company’s privacy policy before agreeing to it, and many entrust or lend information without proper understanding of how it will be used. To start, internet users can read frequented retailers privacy policies to determine what information is being recorded. Knowing that free platforms are constantly collecting data as a method of payment must be top of mind for internet users. Aspects of personal information such as location, contact information and search history can all be accessed and leveraged.
Lawmakers are beginning to take more notice as well and recent legislation ranging from GDPR to the California Data Privacy Act are making sure that consumers have a better understanding and control of their sensitive information. Future regulations and statutes will continue to build consumer trust and make it harder for malicious actors to obtain sensitive information. By staying diligent and informed, consumers, organizations and lawmakers can make the internet a safer place for everyone.”
--
Ashish Gupta, CEO & President of Bugcrowd
“The internet has long been an important means for most of the globe to operate on a day-to-day basis, and the recent pandemic has elevated it to an even more essential component of our daily lives. Safer Internet Day is a significant observance and serves as a call to action for organizations and consumers alike to make the global online network a more valuable and protected resource.
In light of recent data breaches and hacks, organizations have even more of an obligation to protect customer information. Consumer trust is drastically low regarding data privacy, with 79% of adults expressing concerns over how companies are using and collecting data. To truly make the internet a better place, enterprises must adopt crowdsourced cybersecurity as an integral component of security posture. By making strategic investments in a layered cybersecurity approach to protect consumers, who are ultimately the biggest victims when cyberattacks and data breaches occur, organizations can meet the challenges of a distributed workforce and protect sensitive data from evolving threats.
From a consumer standpoint, identity theft and data breaches have been rising at a rapid pace—but there are numerous ways to ensure online browsing and interactions are safeguarded. Parental controls can be installed to ensure young children aren’t viewing explicit content, and users can opt out of data collection wherever possible to keep sensitive information confidential. Additionally, using multiple strong passwords, implementing two-factor authentication across accounts, sending encrypted files and installing spyware and anti-virus software on devices can provide protection against viruses and malicious threat actors. It takes a community of defenders to combat a community of adversaries, and when we all come together, we can collectively make the internet a safer environment for everyone.”
--
Corey Nachreiner, CTO at network security company WatchGuard Technologies
“Online criminals don’t have an ‘off-season,’ so maintaining excellent security hygiene should be a top priority no matter what day, week or month it happens to be. That said, Safer Internet Day is a great opportunity to take a step back, educate yourself on today’s top threats and renew your commitment to strong security. Here are a few key tips and best practices to keep in mind this year:
Combat automated spear phishing attacks –
One major security threat every person should be on the lookout for is spear phishing. These attacks involve highly targeted and convincing emails with specific and accurate details about you, your company or your personal life. Their goal is typically to get you to click on a malicious link that will lead you to give up privileged login credentials, download files that spread malware, disclose confidential information or even transfer money. In the past, spear phishing required hackers to go through manual and time-consuming processes, but this will change in 2021. We believe threat actors will combine automated phishing tools and programs capable of trolling social media networks and various websites to unleash a tidal wave of customized, believable spear phishing attacks. By cutting out the manual processes, cybercriminals can increase the volume and success rate of their campaigns. Additionally, as society continues to grapple with the impact of COVID-19, global political strife, and general financial insecurity in 2021, expect to see these automated spear phishing attacks prey on fears around the pandemic, politics, and the economy.
Some security services like DNS filtering can prevent such attacks from succeeding, but one essential best practice to avoid falling victim to a spear phisher is to watch out for the warning signs. Be on the lookout for requests from managers or co-workers that seem out of the ordinary. Check for any details that just don’t add up. Always check the full email address to ensure it’s from a legitimate source, but don’t always trust that either, as attackers can spoof email addresses if your domain doesn’t have the right protections. It ultimately comes down to remaining vigilant and using an abundance of caution. Never download files from unfamiliar senders, skip the link in favor of manually typing in your intended destination, and when in doubt, forward the email to your IT or security department for closer inspection.
Be wary of worms targeting home networks –
The pandemic forced most of the world to transition to remote work practically overnight. This shift has persisted for the past year and will continue throughout 2021 and beyond. As a result, you can expect cybercriminals will change their tactics and create attacks specifically targeting you while you work at home beyond the protection of most corporate security controls. We expect that cybercriminals will exploit your (likely) under-protected home network as an avenue to access valuable corporate endpoint devices. Malicious hackers will leverage worm functionality modules in malware designed to deliberately seek out and infect company-owned laptops with VPN connections to try to infiltrate corporate networks.
There are two things you can do to make sure your VPN connection doesn’t become a back door to your corporate network. First, make sure your IT or security department has some sort of endpoint protection service installed on your home-based computer. Second, ask your IT department to verify that your VPN requires an endpoint health check before allowing connections back to headquarters. This way, worms preying on home-connected devices to target corporate networks will have more difficulty infecting the computer in the first place and won’t be able to make a VPN connection if they are infected or lack the normal security policy.
Adopt a password manager and implement MFA –
Authentication attacks and the data breaches that fuel them have become a daily occurrence. Cybercriminals have found incredible success using the troves of stolen usernames and passwords available on underground forums to compromise organizations using password spraying and credential stuffing attacks. These attacks take advantage of the fact that many users still fail to choose strong and unique passwords for each of their individual accounts. Just look at the dark web and the many underground forums. There are now billions of usernames and passwords from various breaches, widely available, with millions added every day.
Another way to improve your internet security posture (and that of your employer) is to use a password manager and multi-factor authentication (MFA) wherever possible. Password managers can help create strong, unique passwords for each and every one of your online accounts. This will ensure that attackers can’t use one compromised credential to access multiple accounts. Combining a good password manager with MFA across all your important online accounts is the most effective way to prevent unauthorized access.”
##