Safer Internet Day holds paramount significance for both consumers and enterprises as it serves as a powerful reminder of the critical need for a secure and trustworthy digital environment. It serves as an opportunity for organizations to reassess and enhance their cybersecurity measures, fostering a culture of awareness and resilience against evolving cyber threats.
Top cybersecurity experts shared best practices for end users and organizations to help secure their online and offline experiences.
Darren Guccione, Ceo And Co-founder, Keeper Security
A fundamentally “safe” internet is simply not feasible with the barrage of threats that individuals and organizations face in today’s world. In a new study by Keeper Security, 92% of IT security leader respondents reveal that cyberattacks are more frequent now than one year ago- and growing more sophisticated. AI-powered attacks, deepfakes, cloud jacking and fileless attacks topped the list for the emerging attack vectors they feel least equipped to defend against.
Although the internet itself will always pose risks, organizations can be safe online by developing a proactive approach to cybersecurity, combining advanced defense mechanisms and basic best practices to mitigate and fight existing attack vectors and burgeoning threats. Specific steps include:
Leveraging strong, unique passwords for every account and enabling strong multi-factor authentication (MFA). Stolen credentials have long been a leading cause of breaches and cyberattacks. It is essential to use a password manager to create high-strength random passwords for every website, application and system.
Exercising an abundance of caution when it comes to opening email attachments and clicking on hyperlinks. Bad actors are increasingly using generative AI to create realistic phishing emails and URLs for spoofed websites and generating variants as fast as they can to circumvent spam detectors.
Deploying a Privileged Access Management (PAM) solution. PAM helps IT administrators and security personnel manage and secure privileged credentials, and ensure least privilege access. This, combined with tightly monitored access and activity, can greatly reduce cyber risks. In the event a cybercriminal is able to gain access to an organization’s networks, PAM can minimize the blast radius by preventing lateral movement.
Following these proactive steps significantly reduces the likelihood of falling victim to online threats, ultimately creating a safer internet experience.
John Gallagher, VP of Viakoo Labs
Safer Internet Day is a good time for enterprises to reflect on their cybersecurity efforts, ensuring that they extend to every business function and unit. To create strong defenses on an organization-wide scale, companies should consider the following:
Make non-IT teams accountable for security and reward them based on it. This includes empowering employees to achieve goals through training, fostering cross-functional team discussions on best practices, and tracking metrics. Progress in security awareness training within organizations is critical.
Rely on automation where possible. With Internet of Things (IoT) devices, in particular, manual methods do not scale for password rotations, firmware patching, or certificate management. Likewise, using an automated asset and application discovery solution eliminates guesswork on security status and what systems are vulnerable.
Expand security audits outside of IT to all parts of an organization. For example, consider implementing quarterly reviews of external systems to ensure Multi-Factor Authentication (MFA) is enabled and all users are provisioned with appropriate access. Extending security audits to all systems will ensure they are all reviewed and monitored, reducing the chances of a cyber incident.
Patrick Harr, CEO, SlashNext
Since the Internet was born, it has continued to bring new advancements, new collaboration tools, new communities, knowledge sharing platforms, and other tools to improve daily life. But of course, it’s also a breeding ground for cybercriminals and threat actors who quickly find a way to abuse any new innovations. An excellent example is the introduction of the QR code (quick response codes). QR codes were first used in 1994 but started gaining rapid adoption more recently and today are widely used in the supply chain, marketing, mobile payments and information sharing. They especially took off during the global pandemic as a safe, contactless way to make payments, open restaurant menus, etc. Right on cue, as QR codes became more prolific, cybercriminals developed ways to wield them for malicious purposes. QR code phishing (quishing) and QR link jacking (QRLJacking) exploit the trust and convenience of QR codes and instead directing users to malicious sites for credential theft, delivering malware and gaining access to users’ mobile devices to steal personal and financial information. Security researchers have recently observed a 50% surge in QR code-based phishing attacks, and unfortunately, it’s not easy to determine a legitimate QR code from one with malicious intent. People should not scan any randomly found QR codes, think twice about entering any user names/passwords if a QR code takes you to a login page unexpectedly, and certainly if a QR code physically looks like it’s been tampered with, don’t scan it. To be fully protected from quishing or QRLJacking campaigns though, users need security solutions that can block all malicious QR codes in both personal and business settings.
Manu Singh, VP, Risk Engineering, Cowbell
From work to education to entertainment, ensuring a safe online experience is crucial. Safer Internet Day raises awareness about online safety issues to promote safe digital habits, especially for children and young people. The slogan, “Together for a better Internet,” encourages everyone to join the movement and play a role in building a safer Internet.
In addition to standard best practices like using strong, unique passwords and enabling Two-Factor Authentication (2FA), here are a few best practices to follow to safely use the Internet.
Stay Informed About Phishing Scams: Be cautious of unsolicited emails, messages, or links, especially those requesting sensitive information like passwords, credit card details, or Social Security numbers.
Be Cautious with Downloads: Only download files, software, or applications from trusted sources, such as official websites or app stores (e.g., Google Play Store, Apple App Store). Be cautious with email attachments and only open them if you trust the sender.
Keep Software and Operating Systems Updated: Regularly update operating systems, web browsers, and software applications. These updates often contain security patches to address known vulnerabilities. Consider setting computer and mobile devices to automatically download and install software updates.
Look for HTTPS Encryption: Ensure that websites you visit use HTTPS (HyperText Transfer Protocol Secure). Look for the padlock icon in the address bar, which indicates a secure connection. Avoid entering sensitive information on websites without HTTPS.
Safer Internet Day serves as a reminder for individuals, businesses, and organizations to prioritize cybersecurity, protect personal information, and promote a culture of responsible online behavior.
Gopi Ramamoorthy, Head of Security and GRC at Symmetry Systems
For families, navigating the digital world and using technology safely has become more and more challenging in the last decade. Nearly all major organizations heavily depend on the internet and digital world to run their businesses and operations. As part of this digital transformation, these organizations collect large amounts of data from users and customers, including personally identifiable information (PII). With this knowledge, bad actors are trying to steal data from customers and individuals using various covert techniques.
For end users, internet security should start with a zero trust principle and least information sharing approach. The core and fundamental steps for end users on safe internet usage are selection of the right browser, and security hardening with appropriate browser security and privacy settings. Each browser provides security and privacy best practices and guidelines. The next step is to check the internal URLs and security settings for the domains. Users may give masked or altered information to certain sites, if the services provided by those sites do not depend on the information being collected.
I would recommend making use of online security awareness events organized by service organizations, schools and local agencies to learn more and ask questions. For protecting children online and education privacy, the regulations such as COPPA, FERPA and some of the state laws have statutes but, at the end of the day, it is left to the knowledge, awareness and practice of each individual on following the best practices when they are in the digital world.