By Rajesh Maurya
The global theme of the Safer Internet Day, which is celebrated on February 9, is ‘Play your part for a better Internet’. To kick off the day, Fortinet shares tips for responsible use of digital technology.
It is vital to note that the day was named ‘safer’, not ‘safe’ Internet Day because no technology as powerful as the Internet will ever be entirely safe in this state of affairs. One must be educated on how to reduce and manage risk to stay as secure as possible. The good news is that you can steer away most of the threats by being a responsible Internet user.
The Internet wasn’t designed with security in mind. To make things worse, we forget that our digital foot prints are bigger than we think. Cybercrime is no longer about brute force. It subtly infiltrates your system, stays hidden and extracts data without any detection. Both, consumers and enterprises, are not spared from perils of the Internet.
The amount of sensitive data out there makes each individual vulnerable to ever-evolving threats. It does not matter if the hack was prompted by new revelations about a government’s spying efforts or with the pure intention of stealing money; the Internet is terribly unsecure and definitely not private. Trusted staffers can turn into disgruntled employees overnight, and data can easily wind up in the wrong hands. If one friend who’s turned hostile initiates a hack, our social networks can give away sensitive and personal information. Many of us are vulnerable online.
There are a number of tricks that hackers use to get malware onto your computer, including:
Sending messages out about popular topics, such as celebrities or recent news stories, in order to get more views.
Adding malicious extensions to your browser that can hijack your social media accounts.
Making downloads appear to be from legitimate sources, such as fake updates for Flash.
Disabling your computer’s antivirus and sending you to compromised websites.
Packaging malicious software with legitimate software and advertising it on social media as a special deal (also referred to as Adware).
What do we do now?
Cleaning the digital community
The global theme of the Safer Internet Day this year is, ‘Play your part for a better Internet’. Everyone – including individual users and organisations – are equally responsible to make the Internet safer. Here’s what you can do to ensure a safer digital environment.
For individual users
Individual users have to be very discrete about what they put online specifically on social media sites. Many attackers can and will use this information against you. The most basic way of online protection is to maintain strong passwords and never use the same password for different sites. While keeping multiple passwords might be difficult for many people, there is the option to use password management programmes, which will help maintain different passwords for different systems.
Keep all your operating systems and applications up-to-date. This will equip your system with the latest security patches, updates and drivers. Keeping your system up-to-date will help keep your computer free from viruses and other security threats.
Install all-in-one protection suites including technologies like anti-virus and web filtering in your PCs and mobile devices. Though opting for three or more separate security apps will let you pick the best in each category, running them can be expensive and a challenge in itself. All-in-one security suites are known to offer convenience and usually more affordable. Besides, their individual components are designed to interoperate smoothly.
Think before you click, especially on social media. We are more likely to click on links we receive from friends, so scammers send malicious links to the account owner’s contacts. If a link or an email has something that seems unusual or suspicious, do not click it. You can be careful about opening attachments that you requested, or confirm with the sender if he/she intentionally sent you a file. If you have to send private information, you can use encrypted email service and start a fresh email thread.
Use separate devices one for important transactions like online banking and another one for ‘fun’ things like surfing the Internet or playing games. This will maintain a silo between sensitive information and risks attached to entertainment. If buying another computer is too expensive you could use virtual machine (VM) technology.
Use strong passwords. Of course, this is the most basic step. It is 2016 and it is inevitable to think we are wiser. Based on a list of over two million leaked passwords from 2015, we still need a lesson on how not to choose a password. ‘Password’ and ‘123456’ are still highly popular. Be better this year.
How organisations can play their part to make Internet safer
While the above tips hold true for individuals due to an increasing number of employees going mobile, enterprises have a much bigger responsibility of maintaining security. Transforming into a mobile organisation means new opportunities for your organisation.
As increasing numbers of employees work from home and from other sites, but organisations tend to overlook the security needs of remote workers. Enterprises need to be compliant but the emphasis should be on mitigating risks. At the enterprise level, a risk-based approach to security by building a focused security programme is the need of the hour. Here are some policies which can help to create a good corporate security programme:
Prevent – The known threats. Lots of malware is already known. The cybercriminal might be highly creative but they exhibit the same human flaw shared by us all: laziness. Last year, nearly a quarter of malware was more than 10 years old and almost 90 percent discovered before 2014.
Known threats should be blocked immediately through the use of next-generation firewalls, secure email gateways, endpoint security and other similar products leveraging highly accurate security technologies.
Detect – The unknown. Many new approaches can detect previously unknown threats and create actionable threat intelligence. Sandboxing allows potentially malicious software to be handed off to a sheltered environment so its full behaviour can be directly observed without affecting production networks.
Headlines have lauded it as a perfect solution. While a critical component in the overall defensive scheme, don’t be fooled: sandboxing alone is no panacea. We know how attackers respond to new technologies: they figure out how they work, then find ways around them. That’s why it’s important to stay updated: just as criminals evolve, your system needs to too.
Formulate a good incident response process. It doesn’t matter how much money companies spend on security - no organisation is 100 percent secure from breaches. An enterprise must implement an incident response plan to ensure that is has processes, procedures and skilled resources to quickly identify and mitigate threats as soon as they hit their network. This will help to address and manage the aftermath of a security breach or attack immediately.
The bottom line is that everyone should know it is impossible to be 100 percent protected, unless you consider complete Internet abstinence as a solution. However, if we implement safe Internet practices, we can all play our little part and make the Internet safer.
(Rajesh Maurya is Fortinet Country Manager India and SAARC)