Digital Wellbeing: Are You Having a Safe Internet Day?

• This year, Safer Internet Day is observed on February 6, 2024.
• The 21st Safer Internet Day, organized by the Insafe network of Safer Internet Centres and INHOPE, seeks to shed light on keeping children safe from the harms of the internet.
• Experts shared how individuals and organizations can keep themselves safe in an ever-evolving cybersphere.

Internet safety is a perennial concern for individuals and organizations as it becomes a mainstay across industries holding up communications, entertainment, development, governance and management, productivity, and more.

The concern comes from more than a few bad eggs in the vastness of the ever-growing networking resource, seeking to infiltrate, disrupt, and coerce normality. However, the issue at hand can extend beyond cybersecurity. Besides cyber threats, the cover of anonymity may also lead to sociological turmoil.

Internet safety is thus a social and mental issue as much as it is technological. Safer Internet Day was created in 2004 to address these challenges and spread awareness of what is one of the most indispensable aspects of being online.

The theme for Safer Internet Day 2024 — Together for a Better Internet — focuses on continuing to build on the European Union’s Better Internet for Kids strategy. According to Google, searches for teen mental health have more than doubled between 2019 and 2023, while searches for parental controls, screen time, and AI for kids keep on increasing.

Scott Gerlach, co-founder and CSO at StackHawk, said, “Safer Internet Day is a great reminder that security is a team sport. Collaboration between the teams that monitor suspicious activity and those responsible for building the applications we access daily helps strengthen an organization’s security posture. It fosters a foundation of trust and resilience against future security threats.” Safer Internet Day 2024 is scheduled for today, i.e., February 6.

On Safer Internet Day 2024, Spiceworks News & Insights brings you advice from five experts to ensure you keep your presence on the cybersphere out of harm’s way and maintain a healthy relationship with technology.

A Safer Internet

A safer internet should entail a positive experience where the user feels like they are a part of a community. It should empower, not discourage. It should connect and bridge differences, not become a vehicle for divisiveness. A safer internet should facilitate support, not bullying.

“A safer internet is one in which we all respect each other online,” noted Dave McCarthy, VP of Xbox Operations at Microsoft, while speaking with ConnectSafely.org.

See More: See More: Data Privacy Day 2024: Expert Opinions Shape the Week’s Discourse

1. Gopi Ramamoorthy, head of Security and GRC at Symmetry Systems, on individual security

Ramamoorthy highlighted the importance of keeping your personal information personal. While it certainly is only possible to avail modern services and navigate businesses with user data, specific steps can be taken to stop unhindered access to information.

“For end users, internet security should start with a zero trust principle and least information sharing approach. The core and fundamental steps for end users on safe internet usage are selecting the right browser and security hardening with appropriate browser security and privacy settings,” Ramamoorthy said.

“Each browser provides security and privacy best practices and guidelines. The next step is to check the internal URLs and security settings for the domains. Users may give masked or altered information to certain sites if the services provided by those sites do not depend on the information being collected.”

“I would recommend using online security awareness events organized by service organizations, schools, and local agencies to learn more and ask questions. To protect children’s online and education privacy, regulations such as COPPA, FERPA, and some state laws have statutes. But, at the end of the day, it is left to the knowledge, awareness, and practice of each individual to follow the best practices when they are in the digital world.”

2. Darren Guccione, CEO And co-founder of Keeper Security, on cyber threats

The rapidly widening breadth of the internet and the advancing depth of technology run both ways. As the internet widens, so does the scope of cyberattacks, and as technology advances, organizations may not necessarily upgrade and continue to use legacy systems. This translates into a higher possibility of cyberattacks.

“A fundamentally ‘safe’ internet is simply not feasible with the barrage of threats that individuals and organizations face in today’s world. In a new study by Keeper Security, 92% of IT security leader respondents reveal that cyberattacks are more frequent now than one year ago and are growing more sophisticated. AI-powered attacks, deepfakes, cloud jacking, and fileless attacks topped the list for the emerging attack vectors they feel least equipped to defend against.”

“Although the internet itself will always pose risks, organizations can be safe online by developing a proactive approach to cybersecurity, combining advanced defense mechanisms and basic best practices to mitigate and fight existing attack vectors and burgeoning threats.”

Specifically, Guccione recommended the following:

• Password hygiene: “Leveraging strong, unique passwords for every account and enabling strong multi-factor authentication (MFA). Stolen credentials have long been a leading cause of breaches and cyberattacks. It is essential to use a password manager to create high-strength random passwords for every website, application, and system.”
• Email hygiene: “Exercising an abundance of caution when it comes to opening email attachments and clicking on hyperlinks. Bad actors are increasingly using generative AI to create realistic phishing emails and URLs for spoofed websites and generating variants as fast as they can to circumvent spam detectors.”
• Privileged Access Management (PAM): Deploying a PAM solution helps IT administrators and security personnel manage and secure privileged credentials and ensure the least privileged access. This, combined with tightly monitored access and activity, can greatly reduce cyber risks. If a cybercriminal can gain access to an organization’s networks, PAM can minimize the blast radius by preventing lateral movement.

3. Patrick Harr, CEO at SlashNext

Harr opined that advancements in tech also help cybercriminal syndicates, which consistently employ new techniques, tactics, and procedures to victimize targets. Some threat groups are known to operate under a corporate model, making them highly effective adversaries. This is especially helpful when it comes to exploiting newer technologies.

“Since the Internet was born, it has continued to bring new advancements, new collaboration tools, new communities, knowledge-sharing platforms, and other tools to improve daily life. But of course, it’s also a breeding ground for cybercriminals and threat actors who quickly find a way to abuse any innovations,” Harr said.

“An excellent example is the introduction of the QR code (quick response code). QR codes were first used in 1994 but started gaining rapid adoption more recently, and today, they are widely used in the supply chain, marketing, mobile payments, and information sharing. They especially took off during the global pandemic as a safe, contactless way to make payments, open restaurant menus, etc.”

“Right on cue, as QR codes became more prolific, cybercriminals developed ways to wield them for malicious purposes. QR code phishing (quishing) and QR link jacking (QRLJacking) exploit the trust and convenience of QR codes and instead direct users to malicious sites for credential theft, delivering malware and gaining access to users’ mobile devices to steal personal and financial information.”

“Security researchers have recently observed a 50% surge in QR code-based phishing attacks, and unfortunately, it’s not easy to determine a legitimate QR code from one with malicious intent. People should not scan any randomly found QR codes; think twice about entering any user names/passwords if a QR code takes you to a login page unexpectedly, and certainly, if a QR code physically looks like it’s been tampered with, don’t scan it. To be fully protected from quishing or QRLJacking campaigns, though, users need security solutions that can block all malicious QR codes in both personal and business settings.”

See More: The Financial Impact of Cyber Insecurity on the World Economy

4. John Gallagher, VP at Viakoo Labs, on how enterprises can act

Gallagher believes security should be an organization-wide imperative that extends to every business function and unit, including non-IT staff. The day is an excellent time to reflect on respective cybersecurity efforts.

“Make non-IT teams accountable for security and reward them based on it. This includes empowering employees to achieve goals through training, fostering cross-functional team discussions on best practices, and tracking metrics. Progress in security awareness training within organizations is critical,” Gallagher said.

“Rely on automation where possible. With Internet of Things (IoT) devices, manual methods, in particular, do not scale for password rotations, firmware patching, or certificate management. Likewise, using an automated asset and application discovery solution eliminates guesswork on security status and what systems are vulnerable.”

“Expand security audits outside of IT to all parts of an organization. For example, consider implementing quarterly reviews of external systems to ensure Multi-Factor Authentication (MFA) is enabled, and all users are provisioned with appropriate access. Extending security audits to all systems will ensure they are all reviewed and monitored, reducing the chances of a cyber incident.”

5. Manu Singh, VP of Risk Engineering at Cowbell, on internet safety best practices

Strong and unique passwords, using Two-Factor Authentication (2FA), etc., form the bedrock of the first line of defense against cyber adversaries. And while passwordless sees widespread adoption, here’s what users need to be wary of while treating on the internet.

• “Stay Informed About Phishing Scams: Be cautious of unsolicited emails, messages, or links, especially those requesting sensitive information like passwords, credit card details, or Social Security numbers.
• Be Cautious with Downloads: Only download files, software, or applications from trusted sources, such as official websites or app stores (e.g., Google Play Store, Apple App Store). Be cautious with email attachments; only open them if you trust the sender.
• Keep Software and Operating Systems Updated: Regularly update operating systems, web browsers, and software applications. These updates often contain security patches to address known vulnerabilities. Consider setting computer and mobile devices to download and install software updates automatically.
• Look for HTTPS Encryption: Ensure websites you visit use HTTPS (HyperText Transfer Protocol Secure). Look for the padlock icon in the address bar, which indicates a secure connection. Avoid entering sensitive information on websites without HTTPS.”

How would you proceed with your internet safety? Share with us on LinkedInOpens a new window , X (Twitter)Opens a new window , or FacebookOpens a new window . We’d love to hear from you!

Image source: Shutterstock

MORE ON CYBERSECURITY

• Hackers Set Their Sights on the C-Suite
• Think Global, Act Local: Geopolitical Intelligence in Cybersecurity
• How Tough Is Bcrypt To Crack? Can It Keep Passwords Safe?