February 6 every year is regarded as Safer Internet Day. SID is a day to promote safer and more responsible use of online technology and mobile phones.
On this Safer Internet Day 2024, Christopher Budd, director, threat research, Sophos X-Ops, offers us some valuable tips on how individuals and businesses can protect themselves on the internet—notably the importance of strong passwords to prevent credential theft, which is used to break into corporate networks and escalate privileges to steal data and eventually launch attacks such as ransomware.
Why is Safer Internet Day is Important?
Christopher Budd responds:
“While we all hate passwords and know they’re a pain, they remain important. Even today we see major companies compromised because of bad password management by them or their people. Using unique passwords for every site (or at least every important site) is still one of the best things you can do to keep yourself secure. In addition to using unique passwords, using a multifactor authentication app is a key step in securing critical accounts.”
The Sophos X-Ops’ Active Adversary Report found that in 2023, for the first time, compromised credentials were the number one root cause of attacks that lead to data theft and ransomware attacks, with over half (56%) of the attacks analyzed linked to a name/password sign-information that wound up in unfriendly hands. That’s a 26% jump from 2022 to 2023.
“It’s also important to remember the power of ‘no.’ The best way to protect your data and information is to not give it away in the first place. Just because a site asks you for your birthday, for instance, doesn’t mean they need it, or they’re entitled to it. If a site or service doesn’t have your information, they can’t lose it or accidently disclose it.
If you do just those two things, you’ll be a long way towards keeping yourself safer online,” added Budd.
Additional Tips to stay safe online include:
- Using caution when clicking on links
- Keeping all applications, apps, and devices up to date
- Investing in good security software
- Treating all unsolicited communications (email, phone calls, texts) as suspicious
