Safer Internet Day Reminds Me That Security Is a Team Sport
The 18th edition of Safer Internet Day is upon us, and it reminds me of an important point I've repeated throughout my career: security is a team sport. It is not just the responsibility of the Chief Security Officer, or any one person. To have a safe and secure cyber experience, it requires you pay attention to the little things, starting with the basics. If you don’t, you can be a victim of a breach or identity theft, or have your life disrupted in ways that are not fun.
Various research groups have stated that they expect global cybercrime market to be roughly $10.5 trillion by 2025 (it was around $3 trillion in 2015). According to Cybersecurity Ventures: “This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.”
There are many types of cybercrime, but below is just a sample that the FBI has come up with.
- Business e-mail compromise scams, better known as BEC. FBI’s Internet Crime Complaint Center has said this is the costliest form of cybercrime, and so many of us rely on e-mail everyday.
- Identity theft. There are nearly 16M identity theft victims every year. This usually happens when someone steals your personal information, like your Social Security number or credit card, and uses it to commit theft or fraud.
- Ransomware. The estimated cost of ransomware attack in 2020 is $20 billion. Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems or networks and demands you pay a ransom for their return.
- Spoofing and phishing. 94 percent of malware is delivered via email. Phishing attacks are schemes aimed at tricking you into providing sensitive information to scammers, and they account for more than 80 percent of reported security incidents.
- Online predators as a growing threat to young people. It's estimated that more than 500,000 predators are online everyday.
Having a safe and secure cyber experience starts with ensuring consistent security training, and this is crucial for organizations (or a family) to reduce risk and ensure the security of data.
What steps to focus on
You've heard me say for decades that security awareness training is the cheapest risk-reducing measure one can take. Typically, the most effective programs are those that educate users upon initial hire and every quarter that follows. This training should educate all users, especially those at the executive level or parents who are considered high-value targets.
For organizations or families, creating guidelines and tips for email and social media usage is super helpful. For starters, choosing a strong password is important (mine is Eye82MuchLastNight!!). 2FA, otherwise known as multi-factor authentication, improves your security further. Facebook, Twitter and Instagram all have it, as do many others.
There are a number of tips that can increase your safety online, such as locking down your privacy settings and being discreet about your whereabouts. Oh, and is it really that important to post your photo while 800 miles away from home for a family vacation?
Also, please don't use social credentials to sign into third-party sites. Lastly, handle passwords with care. Treat them like toothbrushes and change them often.
Speaking of social platforms, the privacy permissions differ from platforms to platforms, so do take the time to understand, at a high level, what you are about to use. For example, recently the popular messaging app called WhatsApp told their users that it would give them new ways to message businesses using the service and was updating its privacy terms. A WhatsApp notification made users aware that they would have to accept the new terms by February 2021, or no longer have access to their accounts. People around the world and some media outlets interpreted the notification as a huge change in WhatsApp’s data-sharing practices, mistakenly believing that the company could now read people’s conversations and other personal data. WhatsApp since delayed that from happening. The point here is beware on how your personal data is processed, stored and transmitted, as well as how it's shared.
Remote work is here to stay and like many of us, our house has become a mini data center of sorts — and a much larger attack surface. Many people now have a variety of smart home features: a Google Nest Hub, Sonos One, a Ring doorbell or some kind of smart speaker, display, camera, lock, plug, heating, cooling, lighting… I could go on and on. Cybercriminals have hijacked baby monitors and spied on people using their webcams, for instance. If you own a smart home device, your privacy and security is at risk unless you take precautions such as changing your router name, instead of the default name such as ROUTER or GATEWAY. Also, leverage the strong encryption set up guest networks, change default passwords and audit all devices on your network.
Speaking of networks and Wi-Fi, despite numerous warnings, news headlines and efforts to educate, many folks still don’t understand why connecting to free Wi-Fi is an incredibly dangerous situation, regardless of what you’re doing online. If you have to use it, leverage SSL connections only, use a VPN if possible and don’t access sites that want your PII. Hackers leverage public Wi-Fi to easily capture what you are doing and even compromise your device.
One area that I have not mentioned here and is probably the most important is cyberbulling. 95 percent of teens in the U.S. are online, and the vast majority access the internet on their mobile device, making it the most common medium for cyber bullying.
The most common places where cyberbullying occurs are:
- Social media, such as Facebook, Instagram, Snapchat and Tik Tok.
- Text messaging and messaging apps on mobile or tablet devices.
- Instant messaging, direct messaging and online chatting over the Internet.
- Online forums, chat rooms and message boards, such as Reddit.
- Online gaming communities.
It is critically important to support and encourage all children to think critically about what they see online and speak out when necessary. With so many parents stressed out having to now teach their kids in the home, parents are often exhausted and not paying attention to what their kids are doing online during non-school hours, so we need to double down and make this a priority.
How to build the right team
Some companies and families are highly collaborative and embrace an open atmosphere where workers/kids share ideas and contribute to initiatives and managers/parents encourage teamwork, participation and accountability. Some organizations/families are authoritarian, with leaders dictating participation without considering the experience and input of stakeholders/kids. It is actually the later that struggles most with the adoption of safe Internet practices. So next time you come across a phishing email or suspicious news/text, sit down with your kids and show them. Set the example by being a role model, so that they can learn from you.
Using the famous African proverb: “It takes a village to raise a child.” It is the same with online safety. We have so much at our fingertips, and everything is so easy to access. But we need to slow down, educate our staff and families and remain vigilant. Oh, and CTR+ALT+DELETE before you leave your seat, and think before you click!
From articles to technology labs and more, our experts constantly publish new pieces to help educate our partners, customers, employees and communities. Follow one of our security focus areas to get updates on new content.