NSCS warns about business’s third party cyber security risks

GCHQ’s NCSC warns that third party suppliers may be businesses’ biggest cyber security risk.

GCHQ's NCSC warns that third party suppliers may be businesses' biggest cyber security risk.

Despite spending millions on cyber security enhancements and compliance around the General Data Protection Regulation (GDPR), organisations remain reluctant to address the weakest link in their IT security environment – their supply chain and associated third-party relationships.

A report in October from the UK National Cyber Security Centre revealed that the GCHQ offshoot had stopped almost 1,200 attacks in the past two years and is fighting off around 10 attacks every week.

Addressing third party cyber security risks are challenging and significant.

For larger organisations, procurement decisions are usually made without input from those responsible for cyber security, and such agreements can provide access to critical systems via open application programming interfaces (APIs) and other interaction mechanisms.

Supplier relationships are also overwhelming without a standard process to manage cyber risk when the relationship is via an arms-length contractual arrangement. Many organisations are struggling to address their internal network security issues and have not sufficiently considered the risks beyond their own network.

But third party cyber security risk is too significant and too dangerous an issue for board members to continue to overlook.

NIS Directive
Current regulatory initiatives including the Networks and Information Systems (NIS) Directive and GDPR require organisations to take responsibility for ensuring that external suppliers have implemented adequate cyber security measures.

Both NIS and GDPR require notification to the Information Commissioner’s Office (ICO) no later than 72 hours after an organisation is aware of a data breach or a cyber incident having a substantial impact on its services.

Many data breaches affecting large organisations occur within a third party service provider. Organisations that do not have the contractual provisions and processes in place with these suppliers to secure the necessary information surrounding the data breach are unlikely to meet the 72-hour deadline.

Missed deadlines and poor or inaccurate information reveal due diligence and contractual failures. These failures increase the risk of a regulatory investigation and significant financial penalties.

But regulatory fines are just the beginning. There are also civil liabilities, as well as loss of consumer trust and investor confidence that result from a cyber breach. Under GDPR, individuals can claim compensation for material and non-material damage.

A data controller is jointly and severally liable for the damage if it was in some way also responsible for a breach due to unlawful processing by a data processor.

To mitigate these risks, organisations that outsource cyber security functions should comprehensively review their third party contractual arrangements and revise their internal procurement processes and procedures to include cyber security assessments. These reviews should, at a minimum, assess, document and monitor these agreements.

Cyber threats are on the rise in both number and complexity. They are purposely attacking the supply chain. Recent regulatory approaches under NIS and GDPR require organisations to take an active role overseeing their third-party providers.

Failure to do so can result in regulatory fines, civil liabilities and reputational loss. Investing human and financial capital now to assess and mitigate risk can help significantly reduce these liabilities, protect an organisation’s reputation and strengthen consumer trust.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Investors target Board Directors for cyber security incidents PT2

Investors are growing concerned that directors are ill prepared for cyber security incidents and technological challenges.

Investors target Board Directors for cyber security incidents

An investor “We want the board to be tech savvy, but we wouldn’t just want it to be a tech board. Our fear is they appoint a tech expert but then no one else on the board is engaged. We want to understand the extent to which all the board is competent.”

Earlier this week, British Airways was forced to vow to compensate passengers after it revealed hackers had stolen data relating to about 380,000 customers from its website and mobile app during a two-week period in August. The data included personal and financial details.

Companies ranging from Equifax to JPMorgan Chase have all suffered data breaches in recent years. Meanwhile, large multinationals from Moller-Maersk to Reckitt Benckinser and FedEx were all forced to warn shareholders that the NotPetya cyber attack in 2017 had hurt profits, potentially costing each company hundreds of millions of dollars.

Ovidiu Patrascu, research analyst at Schroders, says it is crucial that companies have well-resourced cyber security teams that should ideally report directly to the highest levels of the organisation.

“As seen in a number of recent high-profile public failures, data breaches often uncover poor governance practices and weak management at the heart of companies, while also hitting their revenues and intangible assets such as reputation and trust,” he says.

“Cyber risk should also not just be the preserve of tech specialists — company boards also need to ensure they understand and can effectively oversee these very particular risks,” he adds.

A 2017 study by the Ponemon Institute, a research centre, found that there had been a 22.7 per cent rise in the cost of cyber security for businesses in just one year. It also found a 27.4 per cent rise in the number of data breaches at businesses, based on 2,182 interviews from 254 companies in seven countries — Australia, France, Germany, Italy, Japan, the UK and the US.

A follow-up study in 2018 found that the average cost of a data breach globally is $3.86m, a 6.4 per cent increase from the 2017 report. It also warned that so-called “mega breaches”, ranging from 1m to 50m records lost, could cost companies between $40m and $350m to deal with.

For many investors, the fact that a huge technology company such as Facebook could suffer a data breach has hit home how vulnerable smaller or less tech-savvy businesses could be. In July, Britain’s Information Commissioner’s Office hit Facebook with its first financial penalty over the data leak to Cambridge Analytica, accusing the social network of breaking the law.

A big investor at a large asset manager says that he wants boards to be able to explain where their key vulnerabilities are and whether they have stress tested the financial impact of tech issues. “We think every board member should be able to speak about this issue. They need to know where they are vulnerable, what the impact could be and how the board would respond,” he adds.

Mr Krefting says he wants the businesses M&G invests in to clearly outline in their reports and accounts what risks they face when it comes to technology and cyber security. “When we talk to companies about this, they often clam up — either because the CEO or chair doesn’t know about it or it is delegated to the chief information officer or someone below the board, or they say this is too sensitive.”

But he adds: “We want policies on governance and structures and how they are approaching cyber. We don’t necessarily need to know how many times they were faced with attempted hacks last week, but we want to see processes and that they are doing testing and that the right controls are in place.”

This article was first published by the Financial Times at https://www.ft.com/content/c70caa94-2d88-3ece-b802-79e9bac2f32c.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Investors target Board Directors for cyber security incidents

Investors are growing concerned that directors are ill prepared for cyber security incidents and technological challenges.

Investors are growing concerned that directors are ill prepared for cyber security incidents and technological challenges.

Facebook has been hit with a fine, a slowdown in user growth and a fall in its share price since news of the Cambridge Analytica data scandal broke in March.

In the months since, the social media company’s handling of the scandal — where data was improperly obtained from up to 87m users — has been heavily scrutinised by regulators, politicians and users.

Facebook chief operating officer Sheryl Sandburg last week testified before Congress, facing hours of questioning from the Senate Intelligence Committee. She said the company was “strengthening our defences” against targeted hacking and data collection.

It is also being closely watched by corporate governance specialists at big asset managers who are increasingly concerned that senior management and board directors at listed businesses across the world are ill-prepared for potential data breaches and other technology problems.

“We see cyber security as a key emerging risk,” says Rupert Krefting, head of corporate finance and stewardship at M&G Prudential, which oversees £342 billion in assets. “It is hard for us to judge if management and board directors at listed businesses really do know the technology risks because they are not prepared to talk about it.”

Now a growing number of investors are demanding that directors ensure they are well versed in the technology issues their companies could face.

number cyber data breaches by company type

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email [email protected] to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/c70caa94-2d88-3ece-b802-79e9bac2f32c

Leon Kamhi, head of responsibility at Hermes Investment Management, says the asset manager is engaging “heavily” on the issue. “Cyber security risk is a big issue,” he says. “IT skills on boards can be really important in order to challenge what a head of IT is doing at the inside. Boards need to be on top of it.”

“We want the board to be tech savvy, but we wouldn’t just want it to be a tech board. Our fear is they appoint a tech expert but then no one else on the board is engaged. We want to understand the extent to which all the board is competent.”

The introduction of stringent European data protection rules earlier this year has also prompted investors to ask tough questions about how well companies are coping with technological changes. The General Data Protection Regulation, which came into effect in the EU in May, has reshaped how companies can collect, use and store personal information. Companies face fines of up to 4 per cent of global turnover or €20m, whichever is greater, if they fall foul of GDPR.

Mr Kamhi says that if companies do not step up on cyber security issues there is a risk they will be hit with even more legislation.

Many investors believe the potential issues companies could face linked to technology are far reaching. As well as being “disrupted” — meaning technological solutions could be developed that upend their business model — companies that hold consumer information are at risk of data breaches. There are also concerns about hacks or cyber attacks which could damage business brands and cost businesses millions of dollars.

If you want to save yourself stress, money and a damaged reputation from a cyber incident – for a cyber security incident prevention, protection and training please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOW
Contact Cyber 139

Cyber security criminals outspend businesses in security battles

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Cyber security criminals are spending 10 times more money finding weaknesses in the cyber defences of organisations than the organisations they target are spending on protecting against attack.

Research from Carbon Black carried out in August also asked 250 UK-based CIOs, CTOs and CISOs about the attacks they faced over the past 12 months.

In total, 92% of UK businesses have had cyber security breaches in the past year and nearly half off those reported falling victim to multiple breaches (three to five times in the past year).

A total of 82% of respondents said they have experienced more attacks this year than last year. In the financial services sector, 89% said this is the case, while 83% of government organisations and 84% of retailers had also experienced an increase in the number of attacks.

Malware was the most common attack on the UK organisations surveyed, with about 28% experiencing at least one such attempted breach. Ransomware was the next most common, with 17.4% reporting at least one attack.

“Following a global trend, cyber attacks in the UK are becoming more frequent and more sophisticated, as nation state actors and crime syndicates continue to leverage fileless attacks, lateral movement, island hopping and counter incident response in an effort to remain undetected,” said the report. “This issue is compounded by resources and budgeting. Not only is there a major talent deficit in cyber security, there is also a major spending delta.”

The report found that IT leaders believe Russia and China to be the source of the vast majority of cyber attacks, but it identified North America as the starting point for more attacks than Iran and North Korea combined.

If you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

LORCA identifies top priorities for cyber security innovation

The top priorities for cyber security innovation are identity management, patch management and configuration management.

The top priorities for cyber security innovation are identity management, patch management and configuration management.

“These are basic components of cyber security, but failure to do them well is still responsible for the bulk of cyber attacks that we are seeing.”said the new LORCA CEO  Hannigan

Identity is one area where the UK is particularly strong, with some great companies focused on it, he said, particularly in the academic “pre-company” sector, where universities are doing some “really innovative things” around identity management and authentication.

“Identity is key to cyber security, and if we can get a product out there that beats others, the sky is the limit, especially for the export market, and it will be about who gets there first with a viable solution,” he said.

Hannigan believes the internet of things (IoT) and cloud computing are two more areas where cyber security entrepreneurs should be focusing their efforts.

He said cloud computing is “problematic” because it makes it harder for companies to understand what the perimeters of their networks are.

“Even for those companies that have worked out what their cyber security policy is and managed the risks, suddenly to do all their processing and storage in the cloud complicates that,” said Hannigan. “It is not terminal, but it means they need to rethink their risks and mitigations.”

He advised organisations to look at the guidance on security in the cloud from the National Cyber Security Centre (NCSC).

IoT is ripe for innovation

The IoT is “ripe for innovation”, said Hannigan, because it is unlikely that regulation or government guidelines will address the immediate risks.

“It is going to be a long time before security by default is achieved, so in the meantime we need to find ways to mitigate potential disasters, with billions of devices connecting to the internet,” he said.

In terms of going to market, Hannigan advises cyber security entrepreneurs to spend some time considering things from the customer’s perspective.

“In the UK, companies are more likely to be conservative in their cyber security investments and stick with well-established suppliers than countries like the US and Israel, so startups need to take that into consideration,” he said.

Hannigan believes Lorca has a role to play here in helping startups to think through how their technology will integrate with existing IT environments, making it as easy as possible with minimal disruption.

Time and skills required by businesses

Although businesses do not necessarily need to spend a fortune on cyber security, it does require some time and sometimes skills that may be lacking in-house, said Hannigan.

“I do have sympathy for small businesses, but many are doing more than they used to in the past and are using things like Cyber Essentials and the small business guide because they are seeing how cyber attacks are affecting companies or because their insurance companies have told them to,” he said.

Hannigan believes there is a need for effective managed security services for small and medium-sized businesses. “A regular complaint I get is that managed security services suppliers are not really appropriate for small businesses and aren’t necessarily that effective, so there is a challenge there to the industry to come up with managed security services that really work and that don’t just dump the problem back onto the client, but actually do something about it,” he said.

LORCA to help drive UK cyber exports

LORCA – the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

LORCA - the new London cyber security innovation centre will help to boost exports of UK cyber security expertise.

A key part of the ambition for London’s £13.5m government-funded cyber innovation centre is that it will help drive UK exports, according to Robert Hannigan, former head of GCHQ.

“We hope that companies founded and given a boost and support in going to market will also go to market overseas,” he said at the official opening of the centre – to be known as the London Office for Rapid Cybersecurity Advancement (Lorca).

“The government’s ambition is very clearly to make the UK a leader in cyber security exports, and I see massive potential out there in countries around the world that need a variety of different solutions,” said Hannigan, who will lead Lorca’s industry advisory board.

“We know we have great talent, potential and possibilities, and bringing it all together was the challenge for government and what has led to this [cyber security innovation] centre,” he said.

The centre will play an important role in bringing together the many good innovators and incubators across the UK and provide a focal point for interacting with government, said Hannigan.

Lorca will also bring together cyber security innovators with academics in the field, with various industry sectors – starting with the cyber security-leading finance sector, with other technical and non-technical disciplines, and with international partners.

“This centre has links to the US, Israel and Singapore, and convening the three most prominent cyber security industry centres in the world is going to be very powerful in magnifying the value of this centre,” said Hannigan.

Commenting further on the potential for cyber security exports, Hannigan said there is a “massive market” out there because there are many economies that are some way behind the cyber security technology front-runners that are looking for solutions.

“There is massive potential, we have got some great companies, the UK has a good reputation and we should capitalise on that because if we put all that together and get it right, we will have a booming cyber security export industry,” he said.

“There is a lot of private sector capital looking to invest in cyber. So there is no shortage of capital, it is all about finding the right vehicle, and Lorca will help with that. But there is no reason why, in the future, there shouldn’t be more initiatives along the same lines.”

For this reason, Hannigan believes there is room for many more initiatives aimed at supporting cyber security entrepreneurs.

“There is no competition between incubators and accelerators within the UK – the more the merrier,” he said, explaining that each has something different to offer, with Lorca being more industry-focused with international links, for example, and the GCHQ accelerator and innovation centre in Cheltenham being more focused on national cyber security.

The government funding for Lorca will also promote its role as a convening body for other accelerators and incubators as a “useful way of amplifying the UK’s overall cyber security offering, particularly overseas, said Hannigan.

Data protection is critical for all small businesses

Small businesses that misuse data or fall victim to breaches not only risk financial loss, but also reputational damage.

Small businesses that misuse data or fall victim to breaches not only risk financial loss, but also reputational damage.

A study from Gigya showed that 69% of consumers have reservations about brands handling their personal information, while nearly half of UK firms were affected by a data breach in 2017.

By failing to implement sufficient mechanisms to protect customer data, companies not only risk incurring financial loss by having to pay hefty fines and mitigate damage caused by breaches, but they also risk reputational damage.
Facebook, for instance, has been criticised for taking a lacklustre approach to data privacy after it was discovered that that the social media site somehow let marketing firm Cambridge Analytica gain unauthorised access to an estimated 87 million user accounts.

With the compliance deadline for the EU’s General Data Protection Regulation (GDPR) on 25 May 2018, most firms should be considering what they can do to boost and improve their data protection procedures and prevent breaches.

Customer trust is paramount for small businesses

As the compliance deadline for the GDPR looms, firms have increasingly been exploring ways they can improve their security mechanisms. Businesses that fail to adhere to the law face having to pay up to €20m in fines.

Such a sum of money would be damaging for most firms, but reputational damage would be more catastrophic to companies. Consumers put their faith in firms that conduct good data practice.

Businesses must be more transparent at disclosing not only policies and terms and conditions, but exactly how the data will be used. They need to be more specific in terms of what data is being collected and detail the intended use. Many companies are asking customers for their permission to harvest data, but opt-in mechanisms are vague.

Consumers are becoming more aware about data privacy concerns, mainly because of news headlines. A key example is the Facebook and Cambridge Analytica debacle.

Data protection is a constant operation

Many businesses are failing to implement appropriate mechanisms to protect this information.

Personal data is considered to be one of the most sensitive categories of data an organisation has access to, and perhaps it is the most valuable. As the value of personal data increases, so should the controls needed to protect it.

Personal data should be processed only with clear consent given by the data owner, with a transparent agreement and an organisation-wide focus on preventing data theft or misuse.

To identify misuse, firms should constantly analyse their businesses procedures and operations to ensure they are compliant with the latest data protection safeguards. Firms should not assume that once they have installed or developed a system to protect customer data, they have nothing else to do.

With the GDPR compliance deadline looming, UK organisations should be in the final stages of educating their workforce and deploying the appropriate technology to manage the large swathes of information they hold.

As masses of devices continue to connect to the internet, it is clear companies will have access to an ever-growing amount of data. If they put the right data protection and management mechanisms in place, they can gain a lot of potential from customer information. But without sufficient safeguards, the risks will keep on growing and firms could find themselves in all sorts of trouble.

So if you want to save yourself stress, money and a damaged reputation from a phising data cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Most UK Britons concerned about personal data sharing

More than half of UK consumers (57%) are worried that about how much personal data they have shared online.

More than half of UK consumers (57%) are worried that about how much personal data they have shared online.

Britons also feel that the data they share is not being used to benefit them, with 48% saying businesses benefit the most and 63% saying the organisation holding the data should be responsible for protecting it, according to a poll of more than 2,000 UK consumers commissioned by identity management firm ForgeRock.

Only a third (36%) of consumers say they would be likely to share personal data to get a more personalised service, with over half (53%) saying they would not be comfortable for their personal information to be shared with a third party under any circumstances. Just 15% say they would be likely to sell personal data to an organisation or business.

At the same time, UK consumers underestimate how much personal information is available online, with 46% saying they do not feel they know how much data is available about them online, 19% saying they think Twitter has access to data on users’ political affiliations, 31% believing Instagram has access to location data on its users, 48% thinking Facebook holds information on whether they have children, and 20% believing Facebook does not have access to any personal data about its users, despite the fact that social networks have access to this data on a large number of their users.

One in three would take legal action and 24% would contact the police about their personal data being shared.

British consumers are also clear that there would be consequences for any company sharing their data without their consent, with 58% saying they would stop using a company’s services completely if it shared data without their permission, 49% would remove or delete all the data held on them by that company, 44% would advise their family and friends against using the company, and 30% would request financial compensation.

Growing concerns about data sharing

With the EU’s General Data Protection Regulation (GDPR) set to give consumers much more control over their personal data and how it is used, the survey report said it is crucial that members of the public understand their rights and how their data is being used and shared.

The ForgeRock survey suggests there are growing concerns about data sharing, which businesses and regulators should address. Some 63% of UK consumers say they know little or nothing about their rights regarding personal data and 64% have never heard of or know nothing about GDPR.

Banks and credit card companies are most likely to be seen as trusted holders of personal data, the survey shows, with 82% of consumers reporting that they trust these organisations to store and use personal data responsibly. Amazon also performed well, with over three-quarters (78%) of consumers saying they trust the ecommerce company to manage personal data.

Social media platforms performed less well, with 63% of Britons saying they trust social networks to treat personal data in a responsible manner.

There is a clear correlation between the organisations consumers trust with their data and how in control they feel, the report said, with Amazon (60%), banks and credit card companies (58%) and mobile phone operators (51%) ranked as the organisations that give users most control over their data. Just 51% of UK consumers said they feel in control of the data that is shared with social media platforms.

In contrast, social media companies offer consumers experiences without any financial payment – instead they pay in data. If companies were more transparent about how their business models rely on purchases, attention or data, consumers would have a much stronger understanding of what their privacy risks are and could tailor their behaviours and trust levels accordingly.

So if you want to save yourself stress, money and a damaged reputation from a data incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

Small businesses face unprecedented volume of cyber attacks

Small businesses are facing the highest levels of cyber attacks in both number and sophistication as automated swarm attacks increase.

Small businesses are facing the highest levels of cyber attacks in both number and sophistication as automated swarm attacks increase.

A cyber threat report reveals an average of 274 exploit detections per firm were recorded in the last quarter of 2017, up 82% from the previous quarter, according to Fortinet’s latest global threat landscape report.

The Fortinet report shows that the number of malware families also increased by 25% and unique variants grew by 19%, indicating not only growth in volume, but also an evolution of the malware.

Also, automated and sophisticated “swarm attacks” are accelerating, the report said, making it increasingly difficult for organisations to protect users, applications and devices.

As small businesses become more digital, the report warned that cyber criminals are taking advantage of the expanding attack surface to carry out new disruptive attacks, including swarm-like assaults that target multiple vulnerabilities, devices and access points simultaneously.

The combination of rapid threat development and the increased propagation of new variants is increasingly difficult for many organisations to counter, the report said.

The researchers found that encrypted traffic using HTTPS and SSL (secure sockets layer) grew to a high of 60% of total network traffic, but the report noted that although encryption can help protect data in motion as it moves between core, cloud and endpoint environments, it also represents a real challenge for traditional security technology that has no way of filtering encrypted traffic.

Three of the top 20 attacks identified in the quarter targeted internet of things (IoT) devices and exploit activity quadrupled against devices such as Wi-Fi cameras. None of these detections was associated with a known or named vulnerability, which the report said is one of the troubling aspects of vulnerable IoT devices.

Unlike previous IoT-related attacks, which focused on exploiting a single vulnerability, the report said new IoT botnets such as Reaper and Hajime can target multiple vulnerabilities simultaneously, which is much harder to combat.

The data shows ransomware is still prevalent, with several strains topping the list of malware variants. Locky was the most widespread malware variant and GlobeImposter was second.

The report highlighted an increase in sophisticated industrial malware, with the data showing an uptick in exploit activity against industrial control systems (ICS) and safety instrumental systems (SIS). This suggests these under-the-radar attacks might be climbing higher on attackers’ radar, the report said, citing an attack dubbed Triton, which has the ability to cover its tracks by overwriting the malware itself with garbage data to thwart forensic analysis.

Because these platforms affect vital critical infrastructures, they are enticing for threat actors, the report said, adding that successful attacks can cause significant damage with far-reaching impact.

The report also pointed out that steganography, which embeds malicious code in images, also appears to be resurgent.

The Sundown exploit kit, the report said, uses steganography to steal information, and although it has been around for some time, it was reported by more organisations than any other exploit kit, and was found dropping multiple ransomware variants.

The threat data in the quarter’s report reinforces many of the predictions made by the Fortinet FortiGuard Labs global research team for 2018, which forecast the rise of self-learning hivenets and swarmbots.

The report predicted that the attack surface will continue to expand, while visibility and control over today’s infrastructures diminish. To address the problems of speed and scale by adversaries, the report said organisations need to adopt strategies based on automation and integration.

“Security should operate at digital speeds by automating responses as well as applying intelligence and self-learning so that networks can make effective and autonomous decisions,” the report said.

So if you want to save yourself stress, money and a damaged reputation from a data incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOWContact Cyber 139

 

Cyber139 supports Safer Internet Day

Cyber 139 is backing Safer Internet Day which is building online safety practices with young people.

Cyber 139 is backing Safer Internet Day which is building online safety practices with young people.

Many organisations including Cyber139 around the UK are contributing to the important work on making the internet a safer place for everyone

Tuesday 6 February marks Safer Internet Day 2018. Using the hashtag #SID2018, organisations globally will celebrate the safe and positive use of technology.

In Britain, the UK Safer Internet Centre, will be coordinating the activities of over 100 countries to “unite for a better internet”.

Last year’s #SID2017 initiative saw its highest engagement with 1,645 UK organisations supporting the event. Some 42% of children aged 8-17 and 23% of parents heard about the day in 2017, and this year we hope to see more people aware and presented with the online resources to help young people navigate the web effectively and safely.

To achieve this, tech businesses can easily support the initiative by promoting and raising awareness through social media and using #SID2018. Some organisations will be going the extra mile by running events and creating resources that will be getting updated on an ongoing basis.

For example, the South West Grid for Learning run sessions for children, staff and parents throughout the year. Activities such as this mean a lot more schools directly working to involve parents actively, including online safety in the curriculum, and even empowering students in peer-to-peer activities to help each other stay safe.

Safe and secure environment

The idea of supporting #SID2018 is that we work throughout the year to ensure the internet is a safe, secure environment for young people at all times. This is not to negate the ongoing challenge that new technologies emerge every year, which adds complexity to this issue. Nonetheless, we need to understand that this evolving environment is one that our young children must move with, as it is likely to be them who will be using these technologies most in their future jobs, lives and relationships.

In a time where the UK must fill a digital skills gap, an acute understanding and practice of online safety education must evolve in parallel with the innovation of new products and services. This will enable individuals now and in the future to be safe, active digital citizens.

A number of organisations working in partnership with UK industry to tackle illegal content issues, such as WePROTECT, Global Alliance and the Internet Watch Foundation (IWF), are excellent sources of information. The Royal Foundation’s Cyberbullying Taskforce has also set up a new code for children which offers simple steps to help tackle cyber bullying – Stop, speak, support.

There are also technical solutions provided by online services such as Google’s Safe Search function and YouTube Kids, as well as Instagram’s keyword moderation tool which allows parents and users to block comments that contain inappropriate language.

12