Six views on the most important lessons of Safer Internet Day
Today, February 11, is being observed as Safer Internet Day – a time for organizations and individuals to reflect on best practices around data security and cyber defense.
To help mark the day, Information Management spoke with six information security experts on what they see as the most important lessons of the day, and their advice on how organizations can put best practices to work to protect their data privacy and security.
Security action and awareness should be a daily routine
“This year’s Safer Internet Day gives us a chance to reflect on everything the internet has enabled us to do within the last decade and the effects it has had on our lives. The internet has made smart homes the norm, brought people together from all over the world and allowed information to be shared in seconds. However, the internet has produced just as many dangers as it has benefits.
“Few, if any businesses, can exist without the internet in 2020, and cybercriminals are exploiting this. In fact, a 2019 survey revealed that 83 percent of organizations had been hit with a cyberattack within the last two years. For some organizations, utilizing a third-party managed services provider who can offer web application security and DDoS attack prevention is the most effective way to tackle the threats that the internet brings. A managed services provider would be able to provide protective services such as DDoS mitigation, web application firewall (WAF) and auto-renewing SSL certificate management. However, there are some network-based tactics that any organization connected to the internet should implement as well.
“Make firewalls your first line of defense. This includes the external perimeter of your network and internal firewalls that provide backup defense and keep suspicious, often malicious external network traffic away. Employ the latest antivirus and phishing detection technology. Restrict the use of USB drives and external hard drives as these are easy targets for data breaches. If your company has a BYOD policy, ensure that it includes specific measures to mitigate business data risks. Audit your systems regularly, and immediately fix any vulnerabilities. And lastly, make employee security training a priority and ensure that all employees are aware of all security policies.”
- Trevor Bidle, vice president of information security and compliance officer, US Signal
A strong defense starts with training and education
“Unfortunately, we are never out of danger from a data breach of our personal information. This year during Safer Internet Day, it is important for organizations and individuals to heed the advice of the holiday by working together to make cyberspace a safer place.
“For businesses, security training and education is essential for all employees. After applying that core understanding, IT and operations teams should also be partnering with security teams to understand and prioritize how to mitigate risk. In addition, developers need to incorporate security as part of the entire software lifecycle and apply patches to applications immediately – not months after they become available.
“As users, we also need to take precautions too. It is essential as a user community that we practice stricter personal security in order to mitigate the impact of data breaches that will, inevitably, occur. Here are some simple tips for securing yourself online:
- Don’t use the same password for all sites and apps. If one site or app is breached, all of your accounts are effectively breached. At the very least, use a variety of passwords to minimize the impact
- Turn on two factor authentication for any app that supports it. It can be a pain, yes, but it’s also one of the best ways to protect your accounts
- Only log into sites that use SSL; you’ll know this by checking if there is an ‘https://' before the rest of the URL
- Don’t click on any links or attachments in instant messages or emails. As tempting as they might look, you really are rolling the dice with your personal security."
- Oscar Tovar, security researcher, WhiteHat Security
Legacy systems can add to cyber vulnerabilities
“We’re only at the start of 2020 but already the news cycle has been flooded with organizations – from airlines to banks to hospitals, even entire local governments – falling victim to ransomware attacks. Threats such as these are evolving at an unprecedented pace, so observance days like Safer Internet Day, serve as an important reminder for organizations to review their security measures and consider modernizing any legacy or outdated defense infrastructures.
“Businesses must realize that traditional legacy tools are not only slowing their digital journey down, but leaving them vulnerable to tactical and well-organized criminals. Organizations should be taking advantage of highly-available solutions, such as hyper-convergence and edge computing, that allow them to not only keep up with changing consumer demands, but deploy the most effective cyber defenses, disaster recovery, and backup.
“And if organizations do become victim to data corruption, the way they approach the aftermath makes all the difference. Insurance companies are beginning to take an active role, not just in the recovery of data, but in the decision-making when it comes to whether or not to pay a ransom demand. The overall cost of doing business is rising in conjunction with the growing threat of cyber-attacks, and Safer Internet Day should serve as a reminder to every business to brace itself for the impact.”
- Alan Conboy, office of the chief technology officer, Scale Computing
Five tips to help organizations keep their data safe
“An essential way to ensure your data is protected is to securely back it up on a daily basis. If you back up your devices consistently, you’ll keep all of your important documents and personal information safe in the event of a disaster like data loss or theft. Whether you choose to store data in the cloud (which I recommend) or on a local backup device, using a 3-2-1 backup strategy, and having your data secure and available across multiple devices and locations will better protect it, think of it as data backup diversification!
“Here’s a few more tips to keep in mind when using a device that is Wi-Fi enabled:
- Be careful not to access or provide sensitive information and data over open Wi-Fi networks - especially if you don’t fully trust the network’s security. Turning off “automatic connections to open networks” is a great start!
- Using strong passwords and changing them often is a best practice. Remember to never use the same password across multiple accounts.
- Turn off sharing on your devices and reject sharing requests unless you know and trust the person.
- If you’re accessing or providing sensitive information, look at the certs! Double check that the websites are secure, which is indicative of the HTTPS prefix in the URLs. If they aren’t they may not have updated SSL (Secure Socket Layer) Certifications.
- Set up a VPN (Virtual Private Network) to protect your connection by routing traffic through a secure network. If you must use an open network or public Wi-Fi, a VPN is a great way to protect yourself.
“Implementing these tips and using a cloud backup solution will keep your data safe from disaster and prying eyes! It’ll also make recovery time quick and easy in the wake of any incident.”
- Yev Pusin, director of strategy, Backblaze
Uninformed employees are an organization’s weakest security link
“Safer Internet Day is an opportunity to slow down, think about how our online habits might lend themselves to invasion of privacy or loss of data, and start making small changes in our behavior. Over the past 10 years, we’ve gone from being online for email only to adopting a constant online presence that starts when we wake up, ends at bedtime, and is accessed from multiple devices.
“This constant online presence lends itself to nonchalance in our behavior. Being safe online means that how and when we use our devices needs a second look. Does an important looking email from a semi-familiar name warrant opening that attachment from your cell phone, or do you wait until you’re on a computer with good malware protection and can identify the full email address of the sender? When using a search engine, are you careful to read the actual URL of the website that shows up in the search results, or are you going off the headline that comes up in regular font when you select the results to click on? That second of hesitation may seem inconvenient, but a little extra scrutiny online can be the difference between a happy, productive day and a disaster costing thousands in time and money.
“The biggest threats today are business email compromise and extortion – mainly ransomware. There are many good resources to guide you in protecting yourself from these, and the solutions are not just technical. Yes, you can add an email filter or strong endpoint malware protection, but all it takes is one person not paying attention, and credentials get compromised or malware is given permission to install. Education about what to watch for, like validating the sender’s email address and being careful to click legitimate websites when scrolling through search results, are key to staying safe.”
- Joy Beland, senior director, cybersecurity, ConnectWise
Cyber security can present a new role for automation
“On Safer Internet Day, it’s important to remember how far we’ve come since the first websites were launched. As of the beginning of 2020, there are now 4.43 billion websites and a new forecast from IDC estimates that there will be 41.6 billion connected Internet of Things (IoT) devices generating 79.4 zettabytes by 2025. As the number of websites, IoT devices and amount of data increases, it can present a challenge to IT teams looking to incorporate data into existing analytics environments. In addition, businesses also need to ensure their organizations and customers remain safe and protected.
“For businesses looking to maximize the value of their data and keep it safe, data automation software is a great option. Data automation significantly reduces the amount of manual coding, allowing IT staff to dedicate more time to deliver results for the business. In addition, data infrastructure automation also aids in data privacy and compliance. Automation does this by enabling businesses to know where each piece of data sits and who can access it, as well as tag it and track its lineage in order to have a complete picture of how it is being used.”
- Rob Mellor, vice president and general manager EMEA, WhereScape