October is the European Cybersecurity Month, which puts the spotlight on staying safe online. We marked last year’s Cybersecurity Month with the launch of version 2 of our ECDL IT Security module, and already, thousands of people around the world have used it to build and certify the knowledge and skills that are vital to avoiding the dangers that can lurk online.
While more of us are discovering the benefits of getting online, the risk of falling victim to a loss or leak of personal and private information, being scammed out of money, or being abused by other people, is sadly still very present. Anyone can fall victim to these attacks, even technology journalists and academics! When journalist Mat Honan was hacked in 2012, with his computer wiped, his Twitter account hijacked and sending out abusive messages, he lost photos of the first year of his daughter’s life, and countless other precious moments. Only after an expensive recovery process was he able to restore his data and return to his digital life.
There might have been some technological solutions that could have mitigated the damage done during the attack, like two-factor authentication (where logins need to be verified by entering a special code). But the key lesson is clearly that technology cannot protect us on its own: we need to know how to look after ourselves, and know how to effectively use technological solutions.
While attacks like the one that hit Mat Honan are rare, there are a lot of smaller risks out there, which could affect you. Thankfully, a lot of the dangers can be avoided with a bit of awareness and knowledge. Learning to recognise fake emails that might be looking to convince you to give up sensitive personal data, or websites that harbour malware, can go a long way to helping you stay safe.
According to research in the UK, breaches in IT security at small and medium enterprises (SMEs) can cost, on average, between £75,000 and £310,000 (from €104,500 to €433,160). Even seemingly innocent actions, like clicking on a link in an email could have catastrophic consequences. One car rental firm was almost forced out of business because of ‘ransomware’ originating in an email opened by an employee. The ransomware, a form of malware or malicious software, blocked access to files on affected computers and demanded a payment to restore the data. In some ways, making sure that employees have the right IT security skills is like insurance: if you don’t make the investment in protecting yourself and your business now, you could suffer much more costly consequences if the worst happens.
We have looked at this topic in our latest position paper on IT Security, which we launched earlier this month. The paper examines the place of IT security in all aspects of life, from home, to school or the office. From protecting your personal information or your employer’s sensitive data, to avoiding viruses or dealing with online bullying, the paper highlights the central role of digital skills.
"Ultimately, it is the actions of the human user that increase the level of exposure to IT security breaches. Installing the most heightened automated security measures and prescriptive policies is only a partial solution. Most of the cyber security breaches could be prevented and high costs avoided if people followed simple IT security principles like using secure passwords, installing antivirus and malware software, and not clicking on suspicious links."
There are lots of technological solutions to cybersecurity, but the most effective way to stay safe and protect your information is simply to equip yourself with the skills and knowledge on where the dangers are and how to avoid them.