It’s ‘Safer Internet Day’ and on to mark the occasion, cyber risks expert, Justin Tivey, at Bond Dickinson, looks at what businesses and individuals alike need to do to protect themselves and remain safe on the Internet.
The Internet is a wonderful tool for business, learning and recreation. The benefits and opportunities are many and it is hard to imagine trying to be a competitive and efficient business without using it. Of course, there are real dangers too and the risks have to be prioritised and tackled to make sure that its value is not seriously eroded. As we celebrate Safer Internet Day on Tuesday 7th February, I look at what businesses and individuals alike need to do to protect themselves and remain safe on the Internet.
Whether a public body, a business, a charity or an individual, we are all equally citizens of the Internet. As soon as we establish an online presence and when we surf, post or shop online, we all leave a mark and become part of the giant World Wide Web. As with any society most would accept that we all have a responsibility to help look after those who are vulnerable. This is especially important when it comes to protecting children and young people online.
As a firm, we do a lot of work advising clients on internet strategy and how to plan so that cyber security is enhanced. The good news is that there are steps that can be taken which can make a huge difference. There are legal and technical IT precautions which can be taken to help to improve security but there is often a fear that these will be expensive, and complicated. The reality is that’s not often the case. For example, internet firewalls and virus protection are not expensive and most software has free security upgrades and patches which just need to be used. Making sure that there is a good understanding of what data is held, a robust IT use policy and a clear and simple incident response plan will put any business in a stronger position.
However, beyond all these measures, one of the most powerful tools for enhancing online security is attention to what might be called the human factor. A culture of awareness of risk and taking basic precautions on the internet goes a long way to enhancing online security. The first step is to recognise that cybersecurity is an issue that concerns us all and a genuine threat for every user. The second step is to instill that culture, especially for businesses which have a responsibility to inform employees of the risks. A little bit of regular training goes a long way as the actions of employees still present the greatest risk to IT systems and business information.
While the scale might differ, individuals and businesses need to have essentially the same checklist to make sure security is as good as it can be:
- Make sure that updates and patches for all software used are implemented – these are mostly free.
- Use a good firewall and anti-virus software. Some are free but even proprietary software is relatively inexpensive.
- Use IT kit that is sufficiently up to date that it can operate the updated security – this doesn’t mean constant upgrades and expense just getting rid of old kit once it can no longer do the job. The savings on kit budget will often just end up being spent on dealing with the aftermath of a security breach.
- Make sure access to computers is restricted to approved users only – password phrase protection as a minimum – phrases with numbers and non-letter characters and ideally multi-factor authentication.
- Use different passwords for different systems and change the password regularly.
- If it looks odd don’t open it or click it or reply to it even if seems harmless. It is good to contact the apparent senders of such material by another method to check who they are.
- Use trusted sites or sites whose operators can be identified and verified.
- Share knowledge of problems and issues.
- Have an internet use policy which is short, simple and promotes the above.
- Only use suppliers who take the same approach and who build security into their hardware or online activities.
Businesses have a role to play in making sure their systems are not abused by staff or third parties to target other users, particularly vulnerable ones, and a secure IT system and a clear and enforced internet use policy are key. Events like Safer Internet Day remind us that we all have a part to play to make online a better and safer place.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/