Safer Internet Day is celebrated every year as a way for schools to educate children on online safety. But it’s not a day that should be solely relevant for school children – it has a lot of relevance to businesses too.
The 2018 Cyber Security Breaches Survey, conducted on behalf of the UK government, revealed that 43% of UK organisations surveyed had experienced a cybersecurity breach or attack in the last 12 months. With highly sophisticated attacks now commonplace, businesses need to assume they will be breached at some point and have coverage to mitigate the risk.
That’s why, to mark today, various IT professionals have come together to give their advice, warnings and predictions on how to stay safe this Safer Internet Day.
1. Renew awareness of online surroundings
Nigel Tozer, Solutions Marketing Director EMEA at Commvault: “This Safer Internet Day, I recommend renewing your awareness of your online surroundings, being conscious of your clicks and careful with the data you divulge. From a business perspective, after you’ve reminded your staff to do their cybersecurity training modules, maybe it’s time you kicked-off that data profiling exercise you’ve been meaning to do? Not only will your organisation be in a less risky place with regard to cyberthreats and regulations like GDPR, you might even find useful data, or make some savings by deleting or archiving redundant information. I’d call that a win-win.”
2. Proactively educate customers
Jeff Bishop, VP, Control, BU Operations at ConnectWise: “On Safer Internet Day, it’s important to remember that tech scams are on the rise around the world. It benefits all technology solution providers (TSPs) to make sure they’re taking the time to help their customers recognise the red flags before it’s too late. Proactive and continuous customer outreach and education will go a long way in showing that you care about their cybersafety. And if you pair those efforts with remote support and access software that offers transparency and security, you’ll be well on your way to establishing your business as a trusted technology adviser.”
3. Train staff accordingly
Naaman Hart, Managed Services Security Engineer at Digital Guardian: “It’s time that businesses thought about applying security to their business practices as IT security tools are not infallible against human behaviour. Malicious individuals are abusing the fact that junior staff implicitly trust their seniors and that they fear for their jobs if they do not act quickly as instructed. You must put in place processes and beliefs that when out of the ordinary requests come through, they should be questioned.”
4. Educate employees
Steve Wainwright, MD and VP EMEA at Skillsoft: “By training employees to question and look out for suspicious emails – for example, checking if the sender email address looks odd and scanning the email for poor grammar and spelling – organisations can reduce the likelihood of successful social engineering attacks. Giving employees the skills and knowledge they need to identify potential attacks is the best way of mitigating the insider threat risk.”
5. Prioritise security
Steve Armstrong, Regional Director, EMEA at Bitglass: “Given that phishing attacks remain among the top vulnerabilities, organisations should prioritise identity and access management to mitigate the risk of compromised credentials. If a login appears suspicious, having a process in place for more stringent user authentication – stepping up Multi Factor Authentication (MFA) for example – can help prevent high-risk accesses. Improved visibility into cloud infrastructure can also be valuable to quickly alert IT administrators to risky events, thereby preventing phishing attacks and credentials compromise.”
6. Evolve security needs with the times
Todd Kelly, CSO at Cradlepoint: “As the network security industry develops better detection and defence solutions, traditional fixed perimeter-based approaches to network security will evolve. Cybersecurity concerns are real but by using expert cloud-based management platforms and software-defined perimeter technologies, they can be effectively addressed. If we commit to tried and true security practices while adopting new approaches that leverage wireless, software-defined and cloud technologies, we don’t have to let our concerns unduly impact our progress.”
7. Look outside of traditional backup capabilities
Steve Blow, Tech Evangelist at Zerto: “Staying safe online is a concept we all think we know about – but when it really boils down to it, are we as safe as we think? The most important thing online is your data. In today’s modern age of online consumerism, it’s important businesses have tools in place which, in the face of adversity, can recover data and regain control, ensuring they are resilient against the many threats the Internet faces. As ransomware attacks in particular are likely to grow in 2019, companies need to start looking outside of traditional backup capabilities to keep the business online and safe; they need to choose a modern, resilient approach that can utilise continuous data protection.”
8. Secure IoT devices
Stephen Gailey, Solutions Architect at Exabeam: “There is, of course, a security cost associated with IoT. Modern software development techniques are a rich source of future security bugs. As people continue to connect their household devices to the Internet, you can expect to see some significant privacy breaches over the coming years. We need to be thinking about this now, particularly as organisations lacking the skills or experience to build such products jump onto the IoT bandwagon.”
9. Protect data in use
Garry McCracken, VP Technology at WinMagic: “Widespread access and use of the Internet, first for commercial transactions and then social networking, meant data was suddenly put at risk. After a competition run by the US National Security Agency, the commercial world settled on Advanced Encryption Standard (AES) for bulk encryption for the Internet. However, all that data in motion travelling around on the Internet eventually comes to rest on a laptop, phone, server or in the cloud, so the need to protect data at rest has grown too. FDE (Full Disk Encryption) with AES is now pretty much standard for protecting data at rest, but even that is not the full story. The cloud – born out of the Internet – is allowing your data to be processed on other people’s computers. That makes data ‘in use’ the next big problem to solve in the coming years.”