close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Can National Awareness Days Help Shift Attitudes To Internet Safety?

                                      Feb 07 2024

                                      February brings a flurry of cybersecurity awareness days. On February 1st, Change Your Password Day reminded us that using “Rover123!” for yet another online account is not an appropriate defence between ourselves and cyber criminals, while yesterday—Safer Internet Day—encouraged us to take positive steps toward protecting ourselves online.

                                      But how long do these positive reminders last? I made a guest appearance on this week’s episode of the Security Visionaries podcast, to argue that annual celebrations risk promoting a “do it today and forget it the next” approach to cyber hygiene. In reality, daily effort is required to produce a consistent and robust defence. So how can we promote a year-round cyber hygiene approach?

                                      Make it the culture

                                      Annual cybersecurity training is often used to comply with regulations and insurance requirements, but many employees mindlessly click through each screen without digesting information fully. The week after, we do see positive behaviour shoot up—less dodgy links are clicked, and even data loss protection (DLP) alerts quiet down. However, all too soon security teams return to the base level of data breach risk they were handling before the annual training.

                                      Cyber awareness is more effective when incorporated into daily company culture and treated like a business initiative, not just a security initiative. It may sound excessively basic and analogue but positioning useful information in the form of posters by the coffee maker, or even as desktop backgrounds can really help people see and recall security messages (make sure to change them regularly or they will become part of the background and no longer be noticed). Business leaders (not only security leaders) should be adding weight to the importance of good cyber hygiene; consider how you can make discussions around it part of your day to day business processes. Here at Netskope, we give out quarterly awards to individuals who have reported cyber concerns, something led by the CEO in partnership with the CISO to really drive home the strategic importance of this.

                                      Make it personalised

                                      To encourage lasting behavioural change, cyber awareness initiatives that are relevant to actual situations the company is facing, with real risk scenarios, are much easier to understand. On a similar level, implementing automatic real-time user coaching techniques to appear, for example, in the exact moment an employee triggers a DLP alert, helps put risks into context as they happen. This way, an employee can work with real-time guidance and develop better cyber understanding and safer behaviour long term.

                                      Training (and the examples used in training) usually focus on the benefits to the organisation. Think much more broadly to help play into the psyche of the human. Chances are, if a person learns how their own (and their family’s) data could be in jeopardy, there could be a greater training retention in the long term.

                                      Make it zero trust

                                      So far, so tactical, but day to day cyber hygiene is so much easier if you have built your security architectures using zero trust principles. Regardless of employee awareness, businesses should assume it is likely that a breach will occur.

                                      By following a zero trust approach when designing security processes, every employee should be operating with the least amount of access they need to complete their job. This means that even if an attacker does gain access to their digital identity (because they insisted on Rover123!), the adversary will be limited in what they can achieve. If an organisation limits the permission to pool and exfiltrate sensitive data to a strict handful of employees who require it in their role, the chances of an attacker carrying out a successful attack is greatly depreciated. 

                                      “Continually adaptive trust,” a model that bases access permissions on multiple streams of behavioural data that are continuously changing, ensures everyone can complete their work safely. Here, everything is taken into account; location, behavioural trends, data type, device, identity, activity, application and more, to ensure that permissions can adapt constantly to maintain the highest levels of security.

                                      Ultimately, we’re grateful for our yearly reminders to be more cyber aware but we’re also in need of a daily cultural shift toward greater online safety. Positive cyber hygiene should be both an objective in designing security architectures, and a daily habit, (and not just on Safer Internet Day). Only then can we live safer internet lives. 

                                      For more tips and tricks, tune into the latest episode of the Security Visionaries podcast.

                                      author image
                                      Richard Davis
                                      Richard Davis is Director, Solution Strategy at Netskope. Davis is a seasoned cybersecurity professional with over 20 years’ experience.
                                      Richard Davis is Director, Solution Strategy at Netskope. Davis is a seasoned cybersecurity professional with over 20 years’ experience.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog