It is no secret that online threats are constantly growing, whether it's fraudulent activity, data breaches or denial of service, there are a myriad of traps that we can fall into when using the internet. We can never be reminded about the importance of staying safe online too often, so to coincide with this year’s Safer Internet Day, we spoke to a range of cybersecurity and technology experts to learn more about the growing threats online and gather some top tips on how to stay protected.
It could be you
Whilst Safer Internet Day campaigns for the safe and positive use of technology, unfortunately, this is far from reality. Although many take the attitude of ‘it won’t be me’, anyone could fall into the traps laid by cybercriminals.
“For large organisations, one of the biggest obstacles to overcome is the ‘it won’t happen to us’ mentality, which often comes after installing a new compliance tool, or moving to the cloud. It’s really not that simple,” urges Samantha Humphries, Head of Security Strategy EMEA at Exabeam. “Cybersecurity is not a ‘tick box exercise.’ And in spite of what some vendors may claim… all attacks can’t be prevented by any one tool. Unfortunately, it’s this sense of false confidence that sees too many organisations scrimp on the fundamentals of cyber hygiene. There is no ‘one size fits all’ approach in cybersecurity, and ‘normal’ user behaviour will look different for every company.”
Bryson Medlock, Threat Researcher at ConnectWise Cyber Research Unit adds: "If you’ve ever helped an ageing friend or family member add their covid passport to their apple wallet, navigate social media, or interact via email or online messenger, you might think they are more vulnerable to cyber threats than the younger tech-savvy generations. However, Millenials and Zoomers are more likely to fall victim to cybercriminals than their elders. Lifelong experience with digital communications has made younger generations more comfortable with online computing - and complacent in their cyber security habits. In comparison, older generations are more distrusting of online communication. Their attitudes are the very essence of the “zero trust” cyber security model.”
It’s an ever-growing threat
Over the years we have seen the growing sophistication of cybercriminals as their tricks and traps become harder to identify and there is no sign of this slowing down.
“Whereas 10-20 years ago, businesses were protecting data from human error or ‘acts of God’, such as natural disasters, that could destroy servers holding their data, in the present day, we have to protect data from other people actively trying to access it,” explains Stuart Abbott, Area Vice President & General Manager of UK & Ireland at Commvault. “If not protected adequately, it's only a matter of time before a cybercriminal makes you rethink your priorities, by which time the damage is likely already done. This is an issue that everyone must take seriously - no sector is immune.”
“Every laptop, tablet and mobile device becomes another endpoint that cybercriminals can try to take advantage of, and so it’s vital that organisations take their security seriously,” adds Scott Boyle, Head of Information Security, Totalmobile. “For businesses with mobile workers, the challenge is even greater – mobility extends your company’s digital footprint, and therefore the perimeter of what you need to manage. Staff need to be able to securely access files on the move, meaning that their organisation’s cybersecurity measures need to cover any and every location.”
A key way that cybercriminals trick people is by exploiting the latest crazes and events. As “the fine-able deadline for tax self-assessments has been extended until the end of February, cybercriminals are likely to exploit the opportunity — just as they did with COVID vaccine appointments and test and trace contacts,” reminds Hugh Scantlebury, CEO and Founder of Aqilla. “Many of these phishing scams will imitate government communications and look very official and legitimate. It is important to be alert and clued up to spot any abnormalities and avoid falling into their traps. The changing rules around the deadlines has inevitability caused confusion, but research any concerns on official websites and don’t let any cybercriminals convince you otherwise.”
Terry Storrar, Managing Director at Leaseweb UK continues: “Threat actors are constantly on the lookout for new ways to infiltrate and wreak havoc on an organisation’s operations. However, the internet is now so ubiquitous that its security is not just a corporate responsibility; everyone has a part to play in internet safety. Keeping the internet safe requires a combination of tactics at an individual, organisational, national and global level. By deploying company-wide tools, promoting employee best practices and working as a global network, businesses can go a long way in combating those that seek to make the internet dangerous”.
A two-pronged approach to cybersecurity is essential to stay safe online: training and technology.
“Security awareness training is invaluable,” insists Totalmobile’s Boyle. “Initial onboarding training should be introduced, supplemented by regular refresher courses. With measures such as these in place, organisations – even those with workers on the move – will be much better placed to prevent any of their sensitive data from falling into the wrong hands”.
Such training can ensure that employees have good cyber hygiene and know the basics of cybersecurity, such as “changing passwords regularly and making sure they’re difficult to guess (123456 is still the most common password in use!),” adds Sascha Giese, Head Geek™ at SolarWinds. “Ensuring their home Wi-Fi network is secure and no one outside the home has access. Being aware of the risks of phishing, what to look out for, and how to report any phishing attempts. Though these might seem insignificant compared to the organisation-wide security systems working around the clock, every person has a part to play in using technology safely. Being mindful of how their working practices can impact the wider organisation is a vital step in preventing cyber disasters.”
To conclude, Andy Swift, Head of Offensive Security at Six Degrees provides further top tips to ensure that you stay protected online:
“Use a password manager. We’re all expected to use incredibly complex passwords to keep our Personally Identifiable Information safe, and rightly so. But there’s no way we’ll remember them all without some help. Use a reliable password manager and resist the urge to go back to using ‘Monday1’ for everything.
Check for HTTPS websites using valid certificates. Sometimes thinking about all the sensitive information you share online can give you a headache. Bank details, passport numbers, addresses… Do yourself a big favour and ensure you only share sensitive information with HTTPS-enabled websites with valid certificates. HTTPS is a secure way to share data with a website, and it prevents cybercriminals from intercepting any information you submit. HTTPS-enabled websites are easy to spot – look for the little padlock on the top-left of your web browser.
Don’t rely on your web browser to protect you. Today’s web browsers are better than ever at warning you about dangers lurking within the websites you visit. However, they can’t stop you if you still decide to download malicious content. Don’t rely on your web browser alone when you’re online – keep your wits about you and use your common sense at all times."