Safer Internet Day is an excellent opportunity for users of all kinds to brush up on their cyber safety knowledge — although security practice should be maintained on all days, it serves as an important reminder. Valuable advice abounds, from proper antivirus to appropriate sharing on social media.
Security failings, especially in the case of company executives and employees, can result in serious damage to an organisation, as savvy cyber criminals find ways to dupe them into giving away enormous amounts of money or even sensitive corporate information which can then be sold in the Dark Web.
Cyber security best practice: Definition, diversity, training, responsibility and technology
Users are already staying vigilant about suspicious browser extensions, dodgy files and strange ads. And yet, they often skip a crucial step: checking that the website they are surfing is legitimate.
It’s relatively easy for hackers to create ostensibly genuine websites and trick users into interacting with them, inputting their data or downloading secretly malign files.
Tim Callan, senior fellow at Certificate Authority Sectigo, provides some tips to avoid falling for scammers’ tricks online:
1. Check for signs of legitimacy
Many business websites prove their authenticity with Extended Validation (EV) certificates, which are the most thorough level of legitimacy available. When an EV digital certificate is in place, users have the highest level of assurance that they are on a legitimate website, and not on a clever impersonating page deployed by fraudsters. For this reason, the majority of websites that house or obtain personally identifiable information use EV certificates.
For a business to obtain an EV certificate, the identity of the requesting entity must be verified by a certificate authority (CA). To indicate EV is in place, most widely-used browsers display a company-branded address bar, with the company name to the left of the website URL. Users may also check to see whether an Extended Validation certificate is present by clicking on the padlock symbol at the address bar, and then on “Certificate” to view the certificate type and status.
A CTO guide: Cyber security best practice tips
2. Check all emails, especially unsolicited ones
Emails are a well-known gateway for cyber criminals to infiltrate into company networks. Social engineering methods such as phishing or spear-phishing target employees of all ranks, aiming to trick them into handing over sensitive information or wiring money. On receiving an unsolicited message with a delicate request, it’s always best to confirm in person with the sender.
3. Avoid suspicious links
In part a corollary of the above, as malign emails often make use of links to redirect users for their own purposes. Users should remain hyper vigilant in regards to what links they click on and whether they know where they lead. This is especially critical in the case of unsolicited emails which request the user to follow a link – it might very well download harmful software. Strange URLs, suspiciously urgent requests to verify information, or instances of extraordinary good luck should all be triple-checked, and never acted upon until full confirmation that it is safe to click through. Again, when possible, try to check with the sender in person.
Cyber security training: Is it lacking in the enterprise?
The importance of education of training
The need for education and training is paramount, and it starts at school. But, this effort needs to be extended much further in order to improve the global skills deficit.
“We are supporting Safer Internet Day because it is absolutely essential that we teach people about internet safety and other aspects of data security at an early age,” said Mary-Jo de Leeuw, director of Cybersecurity Advocacy, EMEA at (ISC)2 — an international non-profit membership association focused on inspiring a safe and secure cyber world through cyber security training and certification.
“However, the education message should not focus on just children. It is equally important to make sure that the resources, materials and training opportunities are in place for the teachers as well. Educators need access to high-quality cyber security training and certification so that they are best-placed to pass on the most relevant and up-to-date guidance to their pupils, as well as to their colleagues and to parents.”
“On this day, we also need to think about adult education in the workplace to address the cybersecurity skills gap. Encouraging employers and staff in organisations to pursue continuing education and skills development is paramount in this digital age. With almost three million cybersecurity roles unfilled globally, and around 150,000 of those in EMEA, the need for more education, development and training is clear. The theme of Safer Internet Day – Together for a better internet – sums up the situation well.
“Understanding, educating and taking action to ensure a safe and secure cyber world rests with everyone. We all have a role to play in keeping people and data safe online. We all need to know how to navigate the internet without falling foul of the many threats that exist, so that organisations and users are protected from those looking to misuse systems and information. We can only make this digital world safer if we work together.”