In-depth

Your essential guide to internet security

How can you stay safe on the internet?

The internet is a fickle beast. On the one hand, we now have access to the sum total of human knowledge (and human opinion) at our fingertips across an incredible range of devices. On the other, it's opened us up to a whole new world of crime, where scammers are waiting seemingly round every corner.

Advertisement - Article continues below

But just because a threat is out there, doesn't mean you must inevitably be vulnerable to it.

Here are some simple steps to ensure both you and your business remain safe on the internet.

Install internet security software

Running internet security software on your endpoints (computers, mobile devices, tablets, etc) is the simplest place to start with a project like this.

Most of the well known antivirus firms, such as Kaspersky Lab, Symantec and AVG, have dedicated internet security products for both individuals and small to medium businesses (SMBs). They include features such as warning you if a page isn't secure, which is particularly important if you're going to be entering sensitive personal data, or if a page is trying to redirect you, as well as protection against malware downloads, including ransomware.

This type of software should ideally be used in conjunction with other on-device anti-malware programs.

Advertisement
Advertisement - Article continues below

Large enterprises will likely have dedicated security resources - either in the form of an individual or team - which should be leading internet security efforts and monitoring. For these businesses, an off-the-shelf solution is unlikely to be suitable. Instead, they should liaise with vendors and/or security-focused managed service providers to develop a system that's suitable for them.

Implement network security systems

Security appliances are a must, particularly for businesses with a large corporate network. The most fundamental of these is the firewall, which filters web traffic to try and prevent malware or malicious actors gaining access to the internal network. There are also email protection systems, and secure web gateway solutions that also offer protection for other internet-connected systems, such as instant messaging programmes.

Advertisement - Article continues below

If your organisation has IoT devices that are connected to the public internet, you should be paying particular attention to finding systems that can protect these end points as well, as their built-in security may not be as strong as those on PCs, laptops or mobile devices.

Education

Educating the rest of the business is a key component of the internet security process for businesses.

The entire business should be encouraged to take a sceptical "better safe than sorry" approach, particularly as workers are one of the most common ways malicious actors gain entry to corporate systems.

For example, genuine-looking messages can be laden with hidden traps, like documents or PDFs containing malicious payloads or links to infected websites a technique commonly known as phishing or, when someone like the CEO or CFO is targeted, whaling.

Users should be told that if they receive an email from the finance department asking to "double check this invoice", for example, they shouldn't be afraid to ask for more details about the contents before opening it. Even better, if your company uses an instant message platform, such as Skype for Business, Slack or Yammer, users should be encouraged to contact the sender directly there to double check. Similarly, the entire organisation must be trained to be receptive to this "belt and braces" approach and not become irritated with colleagues who are doing the best thing for the security of the business.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Similarly, if the email comes from a supplier or customer and includes an attachment or link, it's better for the recipient to call them up for clarification or details than to blindly click the link out of a sense of typical British "don't make a fuss" sentiment.

Users should also be aware of potential phone scams, particularly if the caller claims to be from "Microsoft Support" or similar, or the bank.

The IT department, perhaps in collaboration with HR, should be responsible keeping users up to date with the latest policies and best practices and encouraging individuals to come forward with any questions or concerns.

Test your defences

Everyone is confident in their own ability to create an infallible system, but there's really only one way to be sure your defences hold up under stress get someone to attack them. This will test any technical measures you've put in place, like security software, fire breaks and so on, as well as the efficacy of any training that's been put in place.

Advertisement - Article continues below

There are businesses and individuals that specialise in penetration testing who can be brought in as independent consultants. Alternatively, many security vendors also offer this service, but it may be more useful to use them before you roll out their software than after.

This kind of activity shouldn't be a one-off, however. The security landscape is ever-evolving, with new threats and methods of attack appearing all the time. This kind of drill should be carried out at least once a year to identify any areas of weakness you need to improve upon.

Have a data breach response plan in place

Sometimes, the worst happens and your business should be prepared for this eventuality. Nobody wants to be left trying to figure out who's responsible for notifying the CEO that an attack is taking place once it's already underway.

A data breach response plan should include the names and contact details of the people who will be involved in responding to a breach, whether it's an attack in progress or one that's over by the time it's discovered. This will include members of the IT team and the CTO, who should all have defined roles, as well as the data protection officer (DPO).

Advertisement - Article continues below

In a larger business, this will also include a dedicated person (for example, the CTO's PA), who is responsible for contacting the company's legal team and, if appropriate, PR agency/crisis comms team.

Finally, make sure you keep yourself up to date with the latest security news and best practices from reliable sources.

Main image credit: Bigstock

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement
Advertisement

Recommended

Visit/security/29204/how-can-you-protect-your-business-from-crypto-ransomware
Security

How can you protect your business from crypto-ransomware?

4 Nov 2019
Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020