Each February, millions of people around the world observe Safer Internet Day, joining “Together for a better internet.” This year marks the 20th anniversary of this global observance, and while a lot has changed over that time, some things remain constant. In particular, effective cybersecurity relies only in part on technology. Even as tools and systems become more powerful, avoiding security mishaps is still largely dependent on people doing the right thing. And while every day is a good day to take stock of what you’re doing to protect yourself, your family and your business online, Safer Internet Day is a great opportunity to stop and reflect on how we can all help promote a responsible, respectful, critical, and creative use of digital technologies – with the ultimate goal of fostering a better internet for all. In support of a safer internet for all – in 2023 and for years to come – here are some insights on today’s most prevalent threats and what you can do to stay cyber secure.
Stick to legitimate software, and keep it up to date
Malicious actors are constantly on the hunt for vulnerabilities in software that will allow them to infiltrate your devices and networks, which is why it’s so important to regularly update your software with the latest patches and security updates. And remember, this applies not just to business software but to games as well. Popular online games have been compromised in recent years, allowing attackers to take over gamers’ PCs or otherwise break into gaming accounts and systems.
While the price tag on some games might tempt certain users to opt for pirated versions they can download free of charge, the risks are high and can end up being extremely costly. Attackers often try to lure victims with pirated software that contains embedded malware or a backdoor into their computers. Key crackers, which can be used to get around software license keys, could also contain dangerous trojans. Beyond the fact that pirating software is unethical, you’re better off sticking to software purchased from legitimate sources for security reasons, too!
Adopt a secure password manager and implement MFA
Duplicate and easy-to-guess passwords make you more vulnerable to attackers, which is why good password management is critical for a safer internet experience. Cybercriminals can easily find troves of stolen usernames and passwords on the dark web and underground forums; billions of usernames and passwords from various breaches are widely available, with millions likely more added each day. They can also scrape personal information about you from social media, including details that you might use to make a password easier for you to remember, but also easier to crack.Creating a strong, unique password for each of your individual logins prevents attackers from accessing multiple accounts should one of those credentials get leaked in a data breach or otherwise compromised. Our pro tip? Use a password manager AND multi-factor authentication (MFA) wherever possible. Password managers can help you generate strong, unique passwords for every single one of your online accounts, and often include additional features like alerts when one of the websites you use has reported a breach. That said, you should do some research before selecting one, as certain password managers may be less secure due to recent compromises. MFA is available (and sometimes even required), for all kinds of online services these days. Combining a good password manager with MFA across all your online accounts is the most effective way to prevent unauthorized access.
Beware of sneaky spear phishing attacks
Spear phishing attacks are a major security threat that continues to evolve in sophistication and efficacy as cybercriminals become more skilled at creating individualized and convincing emails and messages. They often appear to be from a trusted source – masquerading as a note from a friend, family member, co-worker, or other legitimate business or organization (like a retailer, bank, or government agency) – and are often used to deliver malware, tricks recipients into transferring funds or get people to visit phony websites that have been spun-up to harvest login credentials or other personal information. Malicious messages might include attachments with documents that contain malware as well. Once your data is stolen, it’s often sold and used for things like identity theft and fraud. Criminals increasingly rely on automated phishing tools and programs that cull information from social media networks and other sources on the web to better target and personalize their attacks. The growing number of users signing up for various online services year after year has only increased the opportunity for cybercriminals looking to leverage them against unsuspecting consumers.
Protecting yourself from spear phishing attacks starts with being vigilant. Keep an eye out for red flags, such as requests from managers or co-workers that seem out of the ordinary or messages with lots of grammar or spelling mistakes. Be sure to double-check the sender’s full email address to ensure the message is coming from a legitimate contact and delete it if it doesn’t look right, but also keep in mind that attackers can spoof email addresses if your domain doesn’t have the right protections (such as DMARC’s combination of SPF and DKIM). Never download files from unfamiliar senders and be wary of links. At the same time, you should even remain wary of any unexpected links and attachments from senders you appear to know and validate that the contacts actually sent them they seem to be from first. You can always hover your mouse over a link to preview the URL before clicking – or skip the click in favor of manually typing the URL for the intended destination in your internet browser. Or, better yet simply avoid clicking links in phishy messages altogether. And, when in doubt, forward the email to your IT or security department for closer inspection.
Ultimately, if the details don’t add up or anything just feels off, it’s better to stay on the safe side. By staying alert and exercising an abundance of caution, you too can protect yourself from falling victim to sneaky attacks and ensure a safer internet experience.
About the author: Corey Nachreiner is the chief security officer (CSO) of WatchGuard Technologies. Recognized as a thought leader in IT security, Nachreiner spearheads WatchGuard’s technology and security vision and direction. He has operated at the frontline of cybersecurity for 22 years, evaluating and making accurate predictions about information security trends. As an authority on network security and an internationally quoted commentator, Nachreiner's expertise and ability to dissect complex security topics make him a sought-after speaker at forums such as Gartner, Infosec, and RSA. Find him on www.secplicity.org.