Safer Internet Day: Exploring Reliability Online

Safer Internet Day has been a landmark event on technology calendars for more than 18 years. What began as a small-scale initiative as part of the EU SafeBorders project in 2004 has transformed into a global movement acknowledged by more than 170 countries around the world. Each year, Safer Internet Day focuses on a unique theme; in the past it has covered everything from cyberbullying and social networking, digital identity, fraud and cybercrime. Each country celebrates Safer Internet Day with its own theme. This year, on the Tuesday, February 9, 2021, the slogan for Safer Internet Day will be “Together for a better internet,” calling on “all stakeholders to join together to make the internet a safer and better place for all.”

Trust and the internet have an important relationship. Before Google became a verb and back when Amazon was little more than a bookseller, consumers used the internet to browse for information and send the occasional email. Trust was important, but wasn’t imperative. Today, however, people organize their entire lives on the internet. Everything from applying for a driver’s license to buying weekly groceries can be done online, and that often means sharing extremely personal and sensitive information. How many of us have our card details stored online somewhere? The fact is, we trust the internet with our lives, and should our data become compromised and fall into the wrong hands, we become exposed to all kinds of threats and attacks.

Business Challenges

However, it’s not just consumers that are at risk. Business leaders face the same threats, but are in some ways more vulnerable because their organizations are often targeted. If just one employee is exposed to malware or falls for a phishing scam, it can open the doors to serious, business-wide consequences. This risk has only increased as businesses continue to move their operations online as part of their digital transformation strategies. This process has only been accelerated by the pandemic, resulting in a more widely distributed workforce and, therefore, more points of vulnerability. It has never been more important for business leaders and their employees to be aware of the main types of cyberattacks that can threaten their organization. What better time to remind ourselves of the dangers present in the online world than on Safer Internet Day?

Vulnerabilities and Threats

We’ve all heard of malware, but what is it and how does it pose a threat? Malware refers to any kind of malicious program that has been created to cause harm or wreak havoc in a digital space. Last year, more than 70% of all organizations experienced malware spread from one employee to another, with businesses in the U.S. and UK apparently hit the hardest. Malware comes in many shapes and forms, and the bad actors behind it are constantly tweaking and evolving their programs to get around newer security measures. Malware such as ransomware – which effectively steals or encrypts sensitive data and demands payment for its release – can enter a business discreetly through a variety of ways. The methods used by bad actors to penetrate businesses’ defenses change almost as quickly as the malware programs themselves, and any change – such as the move to remote working due to the pandemic – is likely to create new vulnerabilities that can be exploited. Some of the things to look out for in 2021 include:

Credential Stuffing

This form of cyberattack aims to steal account credentials such as usernames and passwords, usually as part of a data breach, to gain unauthorized access to important information. Unlike credential ‘cracking’ which usually involves using expensive software to gain brute-force entry by guessing millions of combinations, credential stuffing equips the attackers with the right credentials – just not necessarily in the right order. They can then use tools, like Selenium or PhantomJS, which are freely accessible, to automate thousands (or even millions) of logins to find email and password combinations that work. As recently as 2018, more than 90% of all login traffic within the e-commerce industry was classified as a credential stuffing attack.

Phishing

Phishing attacks have been around since the mid-1990s, and there’s a reason they are still in use. Unfortunately, it’s because they work. In 2020, more than 85% of all organizations around the world experienced a phishing attack, with 96% of these attacks arriving by email. A phishing attack is when a cybercriminal poses as somebody else – usually a trusted organization or a colleague – to get you to click through to a form and enter personal, private data, which attackers then exploit. It’s one of the reasons banks frequently warn their customers that they will not ask them to share personal data via email.

Fake Updates

This is a relatively new strategy that cybercriminals are using to effectively trick users into hacking themselves. Your IT guys might not fall for this, but the average employee might. Usually, these fake updates arrive in the form of an email instructing users that they need to upgrade their OS. As with a phishing scam, the emails often look very official and mimic a reputable company. As of 2021, it’s one of the most common ways hackers get ransomware into an organization. This could be due to the fact that workforces are more distributed and employees are often isolated at home.

Social Engineering

Malware and phishing scams can be fought with the right tools, training and adequate layers of security, but what about the human element of an organization? Social media is still a relatively new concept on the digital stage, and hackers are only now beginning to see the potential in using deceptive tactics to get information out of people online. What’s to stop a hacker from mimicking somebody’s boss, or setting up a fake company account on Twitter and pretending to be somebody from the IT department? People can be tricked into sharing usernames, passwords and other sensitive company information.

IoT Attacks

The Internet of Things (IoT) refers to digital devices connected via the cloud. From smartphones to smart speakers, people enjoy the convenience, and don’t often consider the potential security threats. Hackers can take control of smart speaker devices and listen in on important meetings, or use somebody’s personal devices as a gateway into an organization’s network. With the number of connected devices increasing exponentially, organizations face an uphill battle ensuring that all of their network endpoints are secure.

How businesses can protect themselves

Businesses have certainly had a challenging time in recent months. Many have had to accelerate their digital transformation strategies to allow everybody to work remotely during the COVID-19 pandemic. While many have gotten it right, some have bypassed security basics, leaving themselves vulnerable to these kinds of attacks. Here are some of the actions that businesses can take to ensure they don’t become the next victim of a data breach, phishing scam or ransomware attack.

Set up spam filters

With so many working from home, our inboxes are likely to be more inundated than usual. Implementing a reputable third-party spam filter will ensure that even the most sophisticated phishing scams are caught and sent straight to your spam folder.

Use SFTP to share data instead of email

We’re all in the habit of sending attachments full of data via email, but with our workforces temporarily distributed, now would be a good time to invest in a cloud provider that offers SFTP (secure file transfer protocol) hosting to store and transfer important data.

DRaaS (Disaster Recovery as a Service)

Just as Software-as-a-Service (SaaS) applications, such as Salesforce or your Microsoft 365 account, can be bought and accessed on-demand via subscription, so, too, can your disaster recovery service. Depending on the size of your organization, you can find a tailored solution that backs up your important data in case of a cyberattack, power outage or natural disaster. It used to be expensive for small organizations to invest in disaster recovery solutions, but thanks to DRaaS and the cloud, it’s easier and more affordable than ever.

Perhaps more important than any of the above, however, is to instill in your workforce a culture of cybersecurity awareness. Security software can be installed and updated, firewalls can be implemented, disaster recovery measures can be put in place, but there’s no substitute for having a team of employees that are educated in cybersecurity and know how to spot threats. All of the basic defensive measures – such as setting strong passwords, recognizing phishing scams and not opening suspicious attachments – all start with employee training.

This Safer Internet Day, consider how vulnerable your business is as we approach the so-called ‘new normal,’ and the steps you can take to tighten security. With so many working remotely, it’s the perfect time to reassess and accelerate your plans for digital transformation.

Avatar photo

Jon Lucas

Jon, along with his business partner Jake Madders, founded Hyve Managed Hosting in the early 00s. Since then, in his role as Director, Jon has facilitated the growth of Hyve from a small start-up to a hugely successful company that has won accolades such as Cloud Company of the Year at the 2018 SVC Awards. With a background in software development, Jon has spent time at Crédit Agricole, Goldman Sachs, JPMorgan Chase and M&C Saatchi throughout his career.

jon-lucas has 4 posts and counting.See all posts by jon-lucas