19 October 2020
The 8 Big Internet Risks – and How to Address Them
Where would we have been in 2020 without the internet? It would be hard to think of a more essential business tool. From Teams meetings to online school, not to mention the many cloud apps that make it possible to work remotely, the internet is at the centre of our 2020 survival kit. Still, it doesn’t come without risks. The more we venture out into the online world, the more we invite that world into our makeshift workplaces. Here are some of the common internet risks to look out for – and suggestions about how to sidestep them.
1. Ignorance is not bliss
When it comes to the online world, the bad guys are looking out for users who will innocently click links, download files, and generally assume that the world is a safe place. No matter what technology you use, a well-informed workforce makes for a much stronger defence. Very few organisations cover online safety in their induction training for new employees, or provide more than cursory ongoing instruction. It is actually quite simple to raise the levels of risk awareness among users, but it takes a planned approach. Ideally, it should be as much a part of workplace safety as lifting with good posture or keeping fire doors accessible.
2. Anyone can create websites quickly
And while many are valuable to our workday, a tremendous number are malicious. Even well-informed staff may make mistakes, so it is up to the organisation to block suspicious content. Firewalls are built to protect a building or location. They identify malicious code, or content that looks abnormal, and may stop users from accessing the site until it is verified. Devices like firewalls must be kept up to date to minimise risk, because new threats emerge by the minute. They have limitations, especially when much of the workforce is working remotely from outside the firewall’s protective reach.
3. All antivirus software is not created equally
A lot of the negative outcomes we see have happened when the business or user feels they are doing the right thing. They have installed antivirus, so it should be safe, right? Not all software is the same, so while the very cheap or free options may be better than nothing, they might not protect well against some of the common risks like ransomware. This is one area where the cheap option can be a massive false economy.
4. Keeping up to date
Software that is out of date, or does not have all security patches applied, is a playground for hackers. This is how intruders burrow deeper into your organisation’s systems, finding more valuable material to exploit or sell. Manually applying patches is undoubtedly time-consuming, but there are some great options to make it easier, ranging from auto patch deployment to managed services. Of course, cloud-based essentials like Microsoft 365 are automatically updated, which means one less job on the to-do list. Outdated hardware is equally problematic. Many smart devices are connected to your network, but many don’t automatically install updates. It is essential to know what is connected and prevent these vulnerabilities being exploited. Visibility of your whole environment is key, and modern networking tools can help you to know exactly what is on your network.
5. Public wi-fi is not private
Not everyone has great, low-cost internet at home, and whether users are escaping the kids at a local café or stopping off to catch up on email between sales calls, the lure of free wi-fi is strong. Unfortunately, it comes with risks. Unscrupulous criminals can set up a ‘man in the middle’ attack, where they set up a wireless access point and read all the information you transmit. This could include emails, passwords, documents, and data. While this is less common in Australia than overseas, it is wise to avoid public wi-fi unless you can really trust the source – hot spotting with your mobile is better. Encryption helps to a point – but emails are not encrypted, so if you have no choice, put any information in an encrypted attachment.
6. Social engineering
Today’s attacks can be incredibly sneaky, using a variety of means to gather information about their target and build a profile. This can be used to impersonate the target, to guess passwords, or to learn more about their online behaviour. For this reason, it is important to be mindful of what you tell anyone online. On social media, consider whether you really need to put your sensitive information like your day and year of birth, your full name, and details about your family. Even those seemingly fun games on Facebook can often be used to work out answers to security questions, such as first pet, mother’s maiden name and so on. The risk isn’t just on social media – often people ask for ID when you buy something, but sending documents like your licence by email is putting it on an unsafe platform. The information could be enough to set up fake profiles, even fake bank accounts. Don’t share sensitive or identity information by email. If you must provide it, you can share it via a OneDrive link that requires SMS verification.
7. Easily guessed passwords
In spite of prompts from IT departments in most businesses, easily guessed passwords are disturbingly common. Passwords are often re-used between accounts, making them more vulnerable still. Education about good password practices is worthwhile – they should be a phrase, rather than a word in the dictionary, and should include upper and lower case, numbers, and symbols. Of course, more complex passwords are harder to remember, especially when we all have to remember so many, so a password manager is recommended. Additionally, two-factor authentication greatly reduces risk, and is simple to implement and use. You may well have a tool like Microsoft Authenticator already included in your Microsoft 365 Business account, and if you’re paying for it, you may as well use it.
8. Nasty content
The internet is great for researching information, connecting with people, and, yes, even looking at cat videos, but it also has a lot of deeply unpleasant material. There is no perfect answer, but organisations have a duty of care to minimise employees’ exposure to the worst of the internet. We auto-block certain types of content, using firewall and endpoint protection tools, and this is largely effective – occasionally it will block something safe, but this is an easy fix and far better than letting through adult, gambling and weapon-related content, for example.