Today is Safer Internet Day and cybersecurity awareness groups from over 100 countries are coming together to help ensure we all work together to improve internet safety. Below I’ve detailed four simple things everyone including kids, parents, CEOs, administrators, and security researchers alike, can immediately do to stay safe. We can and should all work together for a better internet.
In my work, I’ve learned that the key to being safer on the internet is keeping it simple. A majority of the problems you run into can be solved by sticking to these effective four basics:
1. Patch your devices and systems: This was one of the first lessons I learned in security and I come back to it all the time. Patch your devices, computers, servers, apps, IoT devices, cable modems, smart watches, everything. Patches are a way of life and they are relatively painless to apply.
I learned the value of patching when I first got into security in 2004 as a systems administrator and had to deal with an unpatched server that was hacked. The customer’s server hosted a PHP forum and attackers replaced the front page with a mp3 that played music and featured an onslaught of animated gif text complete with a star-field background. It was very exciting and I got to do what we now call "indecent response." In fact, it was typical clean and restore work. And it taught me that internet security is about focusing on the simple basics.
2. Think before you open or click: Malicious attachments, links, and text messages continue to be a problem because they work. Don’t just open an email attachment or click on a link because it’s talks about something interesting, like Greta Thunberg, or something scary, like Coronavirus. Email is the number one threat vector for both malware distribution and phishing because it provides a direct channel between you and the attacker. And SMS scams take advantage of our “always on” mobile culture.
3. Check the privacy settings and use two-factor authentication: Be sure you examine the privacy settings on mobile apps to protect your sensitive information while also utilizing two factor authentication whenever it’s available. For example, if you are using TikTok be sure you understand its privacy statement, the permissions the app requires on Android and iOS devices, the information it sends to servers, as well as the app’s privacy controls for uploaded content. It’s important you know where your information is being stored and how it’s being used and secured.
4. Click the lock, check the website cert: We used to tell people to “look for the lock” while on a website before entering information like credit card numbers. Unfortunately, that’s not good enough these days. In our Q3 Threat Report, we found that over 26% of fraudulent domains used SSL certificates. It’s critical to look beyond the lock and actually click the padlock to check the digital certificate to make sure you’re talking with who you think you are. I’ve put an example of what to look for in Figure 1.
Figure 1 Verifying the server on a digital certificate
This year’s Safer Internet Day theme is “Together for a better internet,” so don’t just do these four things yourself: tell you kids, your family, and your co-workers. These tips may not seem like much, but they can make a big impact.
Of course, nothing is 100% effective all the time, but security is a process, not a product. Safer internet isn't just one day a year, it's all year long. Safer Internet Day is an opportunity to call attention and focus to what people can and should do to improve the overall security of the internet and make it safer for everyone, every day.