Information Technology

Facebook founder and CEO Mark Zuckerberg has publicly addressed claims that the social media giant prioritises profit over safety and wellbeing is “just not true”. “We care deeply about issues like safety, wellbeing, and mental health. It’s difficult to see coverage that misrepresents our work and our motives. At the most basic level, I think most of us just don’t recognize the false picture of the company that is being painted,” Zuckerberg wrote in note to Facebook employees that he publicly posted on his Facebook page. “The argument that we deliberately push content that makes people angry for profit is deeply illogical,” he continued. “We make money from ads, and advertisers consistently tell us they don’t want their ads next to harmful or angry content. And I don’t know any tech company that sets out to build products that make people angry or depressed. The moral, business and product incentives all point in the opposite direction.”The response comes after Facebook whistleblower Frances Haugen fronted the US Senate as part of its inquiry into Facebook’s operations, declaring the company as “morally bankrupt” and casting “the choices being made inside of Facebook” as “disastrous for our children, our privacy, and our democracy”. Haugen, who used to work as the lead product manager for Facebook’s civic misinformation team, told the Senate that Facebook “is choosing to grow at all costs” — which means that profits are being “bought with our safety.” This, in turn, is encouraging “more division, more harm, more lies, more threats, [and] more combat” online. Haugen added that Zuckerberg “has built an organisation that is very metrics-driven — the metrics make the decision,” and, therefore, the buck stops with him.

The allegations stem from The Facebook Files, a series of investigations posted by The Wall Street Journal. The articles are based on internal files, draft presentations, research, and internal staff communication leaked by the whistleblower. The Wall Street Journal published six of the internal documents which were the basis of its investigation. Facebook then published two of them, complete with annotations last week.  Zuckerberg said many of the claims “don’t make any sense”. “If we wanted to ignore research, why would we create an industry-leading research program to understand these important issues in the first place? If we didn’t care about fighting harmful content, then why would we employ so many more people dedicated to this than any other company in our space — even ones larger than us?” he wrote. “If we wanted to hide our results, why would we have established an industry-leading standard for transparency and reporting on what we’re doing?”He also took the opportunity to address claims that raised questions about the impact Facebook has in relation to the safety and wellbeing of children specifically. Haugen told Senate members that “Facebook knows that its amplification algorithms can lead children from innocuous topics — such as healthy food recipes — to anorexia-promoting content over a short period of time”. “When it comes to young people’s health or wellbeing, every negative experience matters … we have worked for years on industry-leading efforts to help people in these moments and I’m proud of the work we’ve done. We constantly use our research to improve this work further,” Zuckerberg said. Facebook announced last week it was hitting pause on plans to develop a version of Instagram for kids, citing the need for more time to work more closely with “parents, experts, policymakers, and regulators.”  RELATED COVERAGE More

Image: Mozilla
Version 93 of Mozilla’s Firefox browser has arrived, and chief among its new features is tab unloading. Available at the moment only on Windows, with macOS and Linux to follow, the feature kicks in when the browser believes an out-of-memory crash is imminent, and it will unload tabs with the least recently used ones unloaded first. Tabs that are in the foreground are never unloaded with tabs that are pinned, using picture-in-picture, or playing sound are less likely to be unloaded. On Windows, the threshold is around the 6% mark, Mozilla engineer Haik Aftandilian wrote in a blog post. “We have experimented with tab unloading on Windows in the past, but a problem we could not get past was that finding a balance between decreasing the browser’s memory usage and annoying the user because there’s a slight delay as the tab gets reloaded, is a rather difficult exercise, and we never got satisfactory results,” Aftandilian said. “We have now approached the problem again by refining our low-memory detection and tab selection algorithm and narrowing the action to the case where we are sure we’re providing a user benefit: if the browser is about to crash.” A month of testing in Firefox’s Nightly channel found a decrease in browser and content process-related crashes, but also an increase in out of memory crashes, as well as an increase in average memory usage. “The latter may seem very counter-intuitive, but is easily explained by survivorship bias … browser sessions that had such high memory usage would have crashed and burned in the past, but are now able to survive by unloading tabs just before hitting the critical threshold,” the engineer said.

“The increase in OOM crashes, also very counter-intuitive, is harder to explain. “We’re working on improving our understanding of this problem and the relevant heuristics. But given the clearly improved outcomes for users, we felt there was no point in holding back the feature.” In the next release of Firefox, an about:unloads page will be added to provide diagnostics on tab unloading. Also coming in Firefox 93 is functionality to block HTTP downloads from HTTPS pages, followed by showing a dialog to users warning it is a potential security risk and asking if they wish to continue as well as blocking downloads from sandboxed iframes, unless they have the allow-downloads attribute. The browser has also ended by default support for 3DES encryption but it will still be available when sites use deprecated TLS versions. “Recent measurements indicate that Firefox encounters servers that choose to use 3DES about as often as servers that use deprecated versions of TLS,” Mozilla said. “As long as 3DES remains an option that Firefox provides, it poses a security and privacy risk. Because it is no longer necessary or prudent to use this encryption algorithm, it is disabled by default in Firefox 93.” Firefox 93 is also packing the third version of its SmartBlock technology, which can replace Google Analytics, Optimizely, Criteo, Amazon TAM, and various Google advertising javascript with local versions that behave close enough like the originals to prevent sites from breaking. The browser is changing its referrer policy to ensure sites cannot overwrite the default trimming that Firefox applies to cross site URLs. Same site requests will continue to pass the full referring URL. Related Coverage More

The Australian government has updated the Consumer Data Right (CDR) rules, with accredited CDR participants now able to sponsor other parties to become accredited or allow them to operate as their representative.Parties that are representatives of accredited data recipients (ADRs) will be able to access and use CDR data without accreditation so long as they offer CDR-related services, which the government hopes will increase industry participation in the CDR.Previously, only ADRs have been able to receive consumers’ data from a data holder and make use of it in their own products or services.The CDR is a government initiative aimed at allowing individuals to “own” their data by granting them open access to their banking, energy, phone, and internet transactions, as well as the right to control who can have it and who can use it. The Federal Treasury, the lead agency in rolling out the initiative, envisions the CDR as being a tool that will help individuals to monitor finances, utilities, and other services, and compare and switch between different offerings more easily. The first tranche of Australia’s CDR was officially launched on July 1, requiring financial services providers to share a customers’ data when requested by the customer. While the first tranche only applies to the financial services industry, energy and telecommunications will soon join the regime.In addition to giving more functions to accredited CDR participants, the third version of the CDR rules also expands consumers’ rights, where they are now able to nominate trusted advisers to access CDR data. Trusted advisers include accountants, tax agents, financial counsellors, financial advisers, and mortgage brokers.

The updated rules also mean consumers will now be able to disclose limited data insights outside the CDR for a specific purpose such as for verifying identity and confirming bank account balances.Data sharing processes for consumers with joint accounts will also be simplified, with each account holder in a joint account to be able to consent to data being shared on the account from July next year.Minister for Superannuation, Financial Services and the Digital Economy Senator Jane Hume labelled the updated rules as a “game change for digital innovation”.”The rules made today are an important step in supporting the development of a vibrant data economy that provides benefits to business and consumers. The government is committed to supporting businesses and consumers to participate in the Consumer Data Right and will continue to ensure that the rules support that objective,” Hume said.In the previous set of amendments, made in December, the government permitted ADRs to offer CDR consumers the ability to amend an existing consent, which included the ability to add or remove uses, data types, accounts or data holders, or to amend the duration of the consent. It also provides for separate consent types, including consents for collection, use, disclosure, direct marketing, and research. Related coverage More

Google announced on Tuesday that it will be auto-enrolling 150 million of their users in two-step verification by the end of 2021. The platform will also force two million YouTube creators to turn on two-step verification by the end of the year as well.In a blog post, Google Chrome product Manager AbdelKarim Mardini and Google account security and safety director Guemmy Kim said the best way to keep users safe is to turn on security protections by default. “For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both ‘something you know’ (like a password) and ‘something you have’ (like your phone or a security key),” the two explained. “2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state.”In addition to requiring 2SV — also known as two-factor authentication — Google said it checks the security of 1 billion passwords and works to protect Google’s Password Manager, which is built directly into Chrome, Android and the Google App.Even iOS users can use Chrome to autofill saved passwords and soon Apple users will have access to Chrome’s strong password generation — a feature Apple has been rolling out over the last year on its own devices and platforms. Google is also planning to add a feature that gives users access to all of the passwords saved in the Password Manager directly from the Google app menu.

In addition to its work for regular users, Google will be providing additional protection for “over 10,000 high risk users this year” through a partnership with organizations that will see them provide free security keys. “We recently launched One Tap and a new family of Identity APIs called Google Identity Services, which uses secure tokens, rather than passwords, to sign users into partner websites and apps, like Reddit and Pinterest. With the new Google Identity Services, we’ve combined Google’s advanced security with easy sign in to deliver a convenient experience that also keeps users safe,” Mardini and Kim wrote. “These new services represent the future of authentication and protect against vulnerabilities like click-jacking, pixel tracking, and other web and app-based threats. Ultimately, we want all of our users to have an easy, seamless sign-in experience that includes the best security protections across all of their devices and accounts.” More

Hong Kong marketing firm Fimmick has been hit with a ransomware attack, according to a British cybersecurity firm monitoring the situation.Fimmick has offices in Hong Kong and across China, serving several high-profile clients like McDonalds, Coca-Cola, Shell, Asus and others. Their website is currently down and there was no response to ZDNet requests for comment. Matt Lane, CEO of UK-based cybersecurity firm X Cyber Group, said his team routinely “scrutinizes the activities of cybercriminals for evidence of their behaviors,” as a way to protect clients and customers. On Tuesday, they discovered that REvil had breached Fimmick’s databases and claimed to have data from a number of global brands. Lane shared screenshots showing REvil’s threatening posts toward Fimmick that included information stolen from the company’s website”We discovered this intelligence as part of those routine activities. We noted, with interest, that the attacker’s ‘Happy Blog’ also appears to be temporarily unavailable but have no further information as to why that might be,” Lane said, adding that the criminal group also shared a directory structure of the stolen data.”You can see Cetaphil, Coca-Cola, Hana-Musubi and Kate Spade are listed.”

Ransomware gangs have targeted marketing firms multiple times over the last few years because of their ties to larger companies with more valuable data. 

John Hammond, senior security researcher at Huntress, said that for ransomware operators, the most attractive targets are the ones that lead to even more targets. “In the same vein that cybercriminals prefer a spray-and-pray approach—always opting for the easiest targets and the low-hanging fruit — ransomware gangs love a one-to-many approach, which requires less effort to bring greater results,” Hammond said. “Marketing firms, PR firms, and organizations that integrate closely with other businesses could have a plethora of data and information that make targeting the next victim even easier. Much like service providers, attacking one could start a domino effect to target others that the original victim worked with. Attacking a marketing firm or PR firm allows ransomware gangs to get a bigger bang for their buck.”Allan Liska, a ransomware expert with cybersecurity company Recorded Future, said there have been at least three other marketing firms hit with ransomware over the last year. Wieden+Kennedy was attacked in November 2020 but was forced to notify Oregon Department of Justice officials in April after employees’ personal information was exposed during the incident. MBA Group was hit in March and Empirical Research Partners in September. “I don’t know if they are particularly ripe compared to other industries but I could see marketing firms being more vulnerable to attack, especially phishing attacks as they are used to dealing with a diverse client base and likely receive a lot of emails with attachments, which is a favorite initial access vector for many ransomware groups,” Liska said. “The actual number of marketing firms hit is likely much higher, but unlike hospitals or schools, when a marketing firm gets hit with ransomware, it doesn’t make the news.” More

A researcher with cybersecurity firm Tripwire has discovered a vulnerability in parental control app Canopy that allows attackers to plant JavaScript into the parent portal and gain access to all the features a parent would have with their child’s device.Tripwire principal security researcher Craig Young told ZDNet that Canopy had been advertised to him through his child’s school, prompting him to look through the app’s cybersecurity features. “I had an interest in learning more about how parental control software is implemented and what, if any, risks it may introduce to families. I discovered these vulnerabilities by intentionally examining how the system processes special characters in parental control requests,” Young said. “My kids’ school sent home advertisements for Canopy and so I thought it would be a good service to learn more about. After signing up for a free trial to see what the service has to offer, I tested what would happen if the parent of a kid had special characters in their request message. It was obvious that Canopy is not filtering the user-input.” From there, he investigated further and realized that the URL in a parental control request was also not being filtered properly. He found that a completely external user can inject this XSS with only a single unknown numeric ID value, allowing an attacker to add JavaScript code to the parent portal for each and every Canopy account.The JavaScript could then be used to do anything from cryptocurrency mining to browser exploits targeting parents. The JavaScript could also be used to export data about the customer accounts including location data from monitored devices. The data dump could be sold for a variety of unwelcome purposes, Young added. An attacker would have full access to the parent portal and all features a parent has for monitoring and controlling child devices, and Young said it looks like an attacker would be able to do this en masse to all customers of Canopy.

Young contacted Canopy but said they have been “minimally responsive,” claiming to have a fix in place. But Young said the fix does not address the full issue and only makes it so a theoretical child is no longer able to attack their parent with the explanation text. But the child can still attack the parent account using the address of a blocked website as the cross site scripting vector and a third party could also do this, Young said. They have not responded to his latest outreach letting them know this. Canopy also did not respond to requests for comment from ZDNet. Canopy offers a multitude of services, including a multi-platform parental control app that allows parents to monitor and limit how their children use a device. Canopy operates as a subscription services, requiring monthly payments. Many of the features offered by the service imply the app is given privileged access to the protected device and is intercepting TLS connections to filter content. Young explained that this privileged access can introduce considerable risk to the security of protected devices and the privacy of the children using those devices.He noted that Canopy implements a VPN connection and uses some form of AI on the device for privacy functions. Through examining how the app functions, Young discovered that the Canopy system is failing to sanitize user-inputs leading to cross-site scripting, which allows attackers to embed an attack payload within an exception request.”Although there may be a wide range of ways a clever kid could abuse this vulnerability, the most obvious would be to automatically approve a request. The input field did not seem to have any sanitization and allowed 50 characters which was plenty to source an external script,” Young explained in his report. “My first test was a payload to automatically click to approve the incoming request. This worked well and I quickly got another payload working to automatically pause monitoring protection. At this point, the child using the protected device could inject arbitrary JavaScript into an authenticated parent session. This could be useful for a variety of child-to-parent attacks including making a self-approving exception request or a request which automatically disables the monitoring software when viewed. This is bad, but it could be worse.” Young did note that this kind of exploitation is “noisy,” meaning a parent needs to interact with the malicious request and may recognize the attack in progress. 

Further examination of the Canopy app showed that the system could be tricked by combining double and single quotes. With that, someone could submit an exception request which takes control of the Canopy app when the parent simply logs in to check on the monitored devices.”This situation does not bode well for the Canopy parental control system but at the same time, you may be wondering if this is really a big deal. After all, most kids who are being monitored with this system aren’t going to have a clue about XSS or have access to a parent console to develop an exploit payload,” Young wrote. “Unfortunately, the attack surface for this vulnerability is quite a bit more substantial than what was discussed earlier with request explanation text. Because this attack involves a crafted URL being blocked, it becomes possible for attacks to come from completely external third-party sources. Anyone who can get a child using the protected device to click a link can now potentially attack the parent’s monitoring this account.” A child only needs to be convinced to click on a request access button once the URL has been loaded, but Young said the scariest part is that the Canopy API design will “even allow the external attacker to directly plant a cross-site scripting payload on a parent account by guessing the parent account ID.”Due to the relatively short length of account IDs, attackers could theoretically seed the attack payload on every single parent account by simply issuing a block exception request for each ID value in sequence, according to Young. “The external attacker may use this to redirect the parent to advertisements, exploits or other malicious content. Alternatively, an attacker could plant a payload to hijack access to the parental control app and pull GPS coordinates from protected devices on the account,” Young said. “From my perspective, this is a pretty fundamental failure for an app advertising it can keep kids safe online.”A number of cybersecurity experts told ZDNet that these types of flaws are present on a large number of services.Oliver Tavakoli, CTO at Vectra, said the developers of the Canopy service seem to lack an understanding of how to secure a service against malicious actors, adding that by not cleansing input fields or data (such as URLs) received from the internet “is to fail Security 101.” Tavakoli did say that this particular flaw is somewhat harder to exploit because it requires coaxing a child to click on a link in order to deliver a payload to a parent system.Others said the vulnerability was another example of why “Injection” flaws have been in the OWASP Top 10 for more than a decade.Ray Kelly, principal security engineer at NTT Application Security, said developers are still being careless when accepting untrusted and unfiltered input from users.  “Accepting unfiltered input can lead to a cross-site scripting vulnerability which can create a wide range of issues. This includes stealing a user session cookies, redirecting to a malicious website or embedding a keylogger,” Kelly said.  “This also demonstrates why security testing of all inputs in a web application is so important and how it can reach to mobile devices, drastically increasing your attack surface.”When asked how Canopy can fix the issue, Young said Canopy needs to sanitize all user-input values. “I would also recommend that Canopy establish a security reporting policy and guidelines for how researchers can responsibly probe their systems and share technical feedback,” Young added.  More

Nozomi Networks Labs unveiled three different vulnerabilities in video recording device software from Axis. Axis has already released firmware updates addressing each issue after being notified about the vulnerabilities in June. The issues affected Axis OS Active track 10.7, Axis OS 2016 LTS track 6.50.5.5, Axis OS 2018 LTS track 8.40.4.3, Axis OS 2020 LTS track 9.80.3.5, Axis OS Active track 10.8, Axis OS 2016 LTS track 6.50.5.5, Axis OS 2018 LTS track 8.40.4.3 and Axis OS 2020 LTS track 9.80.3.5.Axis is a billion-dollar company with offices in more than 50 countries and systems in iconic locations like the White House, Sydney Airport, the Moscow Metro, the Madrid bus system and the City of Houston. Researchers with Nozomi Networks Labs bought an Axis Companion Recorder and sought to investigate the cybersecurity features of the equipment. They discovered a heap-based buffer overflow (CVE-2021-31986, CVSSv3 6.7), improper recipient validation in network test functionalities (CVE-2021-31987, CVSSv3 4.1) and SMTP header injection in email test functionality (CVE-2021-31988, CVSSv3 5.5).The researchers found the heap-based buffer overflow vulnerability in the read callback function, which “failed to verify that no more than ‘size’ multiplied with ‘items’ number of bytes are copied in the libcurl destination buffer.”They found that the parameters provided are “externally controllable and were insufficiently validated by the server-side code prior to reaching the read callback function.”

CVE-2021-31987 is related to the test functions of HTTP, email and TCP recipients, which have blocklist-based security checks to impede interactions with localhost-exposed network services. Nozomi Networks Labs researchers found that this could be circumvented with known bypasses or were incomplete.”By convincing a victim user into visiting a specifically crafted webpage while logged-in to the Companion Recorder web application, an external remote attacker can interact with internal-only services running on the device, obtaining access to restricted information,” the security company wrote. “The third vulnerability is due to an SMTP header injection, located in the SMTP test function. By convincing a victim user into visiting a specifically crafted webpage while logged-in to the Companion Recorder web application, an external remote attacker can trick the device into sending malicious emails to other users with arbitrary SMTP header values. This can be abused to perform phishing attacks, spread malware via emails, or disclose internal information.”CVE-2021-31986 and CVE-2021-31988 affect Axis OS Active track 10.7, Axis OS 2016 LTS track 6.50.5.5, Axis OS 2018 LTS track 8.40.4.3, Axis OS 2020 LTS track 9.80.3.5. CVE-2021-31987 is found in Axis OS Active track 10.8, Axis OS 2016 LTS track 6.50.5.5, Axis OS 2018 LTS track 8.40.4.3 and Axis OS 2020 LTS track 9.80.3.5.After Nozomi Networks Labs contacted Axis with the issues in June, the company confirmed them in July and worked with the researchers to verify the firmware updates. Nozomi Networks Labs said some devices are not included and will “receive a patch according to their planned maintenance & release schedule.” More

Cybersecurity focuses on protecting electronic information on websites, networks, or devices from hackers. Through advanced technology and sophisticated processes, cybersecurity professionals help keep data safe and accessible.Individuals and businesses alike face cybersecurity threats. In addition, businesses need protection from unauthorized data access — both from inside and outside the organization. Strong cybersecurity reduces the chances that a cyber attack will affect business operations.Cybersecurity also has political implications. The US Department of Homeland Security designated election infrastructure as “critical” in 2017. This infrastructure includes voter registration databases and the digital technologies used to count, display, and confirm voting results — some of America’s most sensitive data. 
And cybersecurity can also affect public safety and health. In one case, hackers attempted to poison the municipal water supplies of cities in Florida and California. The hackers gained access to the technology platforms controlling the water systems. Luckily, officials caught the hacks before anyone got sick. Individuals can take simple steps to maintain their cybersecurity, like using a password manager app. But businesses typically require more sophisticated, proactive cybersecurity strategies. As a result, the number of people responsible for handling a company’s cybersecurity depends on an organization’s resources and operational needs. A company might have a large cybersecurity team, or just one person with multiple digital duties.Is cybersecurity considered an IT job?People who work in cybersecurity often work closely with other IT professionals, like network administrators or in various roles. For this reason, experts and those within the industry often group cybersecurity jobs within the broader sector of IT.

Despite the need to work together with other technology professionals, cybersecurity employees tend to focus on different issues than IT workers. These issues include preventing and analyzing data security incidents and developing and enforcing security standards to protect digital information.In most cases, cybersecurity is considered an IT job. However, cybersecurity jobs usually focus on protecting digital information. Some organizations may title these individuals “cybersecurity specialist” or “cybersecurity manager.” Related cybersecurity job titles include cybersecurity engineer or cybersecurity administrator. 
5 reasons why cybersecurity is importantMillions of Americans share personal information on the internet every day — whether while working remotely, making online purchases, or completing financial transactions. That makes cybersecurity more important than ever. 1. Cybercrimes are risingIn an increasingly digitized and connected world, cybercrime can cause major disruptions. As more workplaces moved to remote work in 2020, the number of cyberattacks skyrocketed. One study found a 400% increase in cybercrime in 2019-2020. In addition to a growing number of cybercrimes, the types of attacks have grown. Malware, phishing, and DDoS attacks can take down major corporations and risk the private data of millions of people. 2. Your data is valuableCyberattacks target both individuals and systems. These cybercriminals seek out private data, including financial information. That data is valuable. Stealing someone’s Social Security number, for example, makes it easy to take out credit cards in their name and run up debt. So does targeting dates of birth, credit card information, and addresses.3. Cybercrimes result in economic costsThe economic cost of cybercrimes runs into the trillions. According to one estimate, cyberattacks cost the global economy $1 trillion every year. Ransomware attacks can bankrupt companies, disrupt financial markets, and tank people’s personal finances. The cost of cybercrimes makes it even more important to implement security systems and increase internet safety.4. Your devices could be exploitedEvery day, hackers come up with new ways to break into systems and exploit devices. Take cryptojacking, for example. Hackers use a target’s devices to mine cryptocurrency for the hacker. Add that to a long list of cybercrimes like proxy phishing, password attacks, and malware.5. Cyberattacks pose real-life threatsCybercrime might seem like a distant problem that only affects a small number of people. But cyberattacks don’t only target information security. They can also compromise infrastructure, which threatens health and safety. In late 2020, for example, ransomware attacks targeted U.S. hospitals. These attacks tried to steal data to force hospitals to pay a ransom. And hospitals aren’t the only target. Schools, law enforcement agencies, and governments have all been the victims of cyberattacks.How to protect yourself against hackers and cyberattacksYou can take several simple steps right now to protect your data from hackers and prevent cyberattacks. Here are the best ways to make your data safer. Follow password best practicesA strong password keeps hackers from breaching your accounts. Instead of reusing the same password on multiple platforms, create unique, complex passwords, particularly for sites that store private data or credit card information. Worried about keeping all those passwords straight? Consider getting a password manager so you’ll never forget your password again.Change your password after a breachTake a look at current events and there’s a good chance you’ll hear about a data breach. After a breach, you should change your password — but recent research shows that few people actually update their passwords. That leaves your data vulnerable to a cyberattack. The site Have I Been Pwned lets users check whether their accounts may have been compromised.Learn to spot phishing attemptsEvery email inbox receives spam emails. Most of us know not to open emails from Nigerian princes. But every day, people click on phishing emails claiming to offer prizes or asking customers to “verify” details. These phishing attempts trick people into giving up their own personal info. Make sure you understand common phishing red flags to dodge cyberattacks. Install antivirus softwareInstalling antivirus software on your devices — including cell phones — helps protect your data against malware, viruses and other cyberattacks.These software programs secure your passwords, block malware, and protect financial data during online transactions. Major providers include Norton Antivirus, McAfee Total Protection, and Kaspersky Total Security. Before installing or downloading antivirus software, consider your needs and find the right provider to protect your internet safety. In conclusionCybersecurity matters for everyone, even people who don’t think they use technology directly. Nearly every aspect of modern life involves sharing digital information. That’s why, no matter the industry, cybersecurity is essential. Cybersecurity professionals work to keep personal and business information safe from current — and future — threats.
What is cybersecurity?

Cybersecurity is the profession of protecting digital information, devices, and networks from unauthorized users. People in this profession also ensure the integrity, security, and accessibility of information for authorized users.

How does cybersecurity protect us?

Cybersecurity protects digital information — and the people who use networks, computers, and devices — from unauthorized access or data loss.

How can we prevent cybercrimes?

Information security specialists help prevent cybercrimes by protecting personal data, implementing security systems, and investigating cybercrimes. People can also spot scams and use antivirus software to prevent cybercrimes.

Why is cybersecurity important for students?

Like everyone else, students need to protect their private data. Students can also study cybersecurity to launch careers in a growing tech specialty. 

ZDNet Recommends More