What We Do
How we do it
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
Mar 15, 2023
CVE-2023-23397 - Microsoft Outlook Elevation of Privilege Zero-Day Vulnerability
THE THREAT On March 14th, as part of Microsoft’s monthly Patch Tuesday release, the company disclosed a critical, actively exploited vulnerability impacting Microsoft Office and Outlook. The…
Read More
View all Advisories →
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
Mar 20, 2023
Exertis and eSentire Partner to Deliver 24/7 Multi-Signal MDR, Digital Forensics & IR Services and Exposure Management to Organisations Across the UK, Ireland, and Europe
Basingstoke, UK– 20 March, 2023. Leading technology distributor, Exertis, announced today that it has bolstered its cybersecurity services, adding eSentire, the Authority in Managed Detection and Response (MDR), to its Enterprise portfolio of offerings. eSentire’s award-winning, 24/7 multi-signal MDR, Digital Forensics & Incident Response (IR), and Exposure Management services will be available…
Read More
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Blog — Oct 18, 2017

Digital literacy: why knowledge gaps are a growing cybersecurity concern

5 minutes read
Speak With A Security Expert Now

Digital literacy is an important term to understand for those who interact with the digital environment – aka, everyone. In this blog, we discuss digital literacy at a high-level, but will get into more specifics in this ongoing digital literacy series. Stay tuned!

What exactly is “digital literacy”?

Digital literacy is a trendy term in the technology sector. According to Wikipedia, it is “the set of competencies required for full participation in a knowledge society. It includes knowledge, skills, and behaviors involving the effective use of digital devices…for purposes of communication, expression, collaboration and advocacy.”[1]

More simply put, it’s the ability of an individual to engage with the digital environment. In terms of infosec, you can take it further to mean the ability to operate technologies safely – knowing what to do and what not to do and how to avoid taking unnecessary risks.

If you compare it to driving a car, we know that operating a vehicle requires a certain amount of practice and knowledge. It also requires you to pay attention to all that’s going on around you. The same is true with cybersecurity – in order to participate in a digital environment, you need to understand the rules. This is what makes you digitally literate.

Why is digital literacy important?

Digital literacy is an unavoidable part of everyday life that people tend to overlook. Almost our entire lives are online (whether you like it or not) and that’s only going to increase. Everyday users who don’t really “care much” about cybersecurity are the easiest and quickest targets for fraud and for access into an organization they work for. Pursuing digital literacy not only benefits you, but it also protects your friends, family and workplace.

At a high-level, what are some of the biggest gaps in digital literacy (within cybersecurity)?

There are a number of areas where people understand less than they should about online safety. For now though, I’ll highlight 5. These areas matter for every individual, whether in personal or professional environments.

  1. Monitor your behaviour on social networks

    There is a lot of misunderstanding around what people should and should not do/post on social networks. Before putting something online, you should ask yourself: Does this need to be public? Is it worth the risk? Not only is what you share online available to friends and family, but it’s also available to cybercriminals.

    These cybercriminals—or hackers—present both physical and virtual threats. The bad guys can use your social networks to gather user behaviour habits, like where you live and when you’re home. They can also access personally-identifiable information like birthdays, which can be used to facilitate fraud and identity-theft.

    Additionally, it’s important to remember that the information you provide on social channels can be used by cybercriminals as a way for them to understand your social networks and consequently gain access to business targets with confidential data they can exploit.

  2. Keep your devices safe

    Anti-virus software is great, but consumers tend to be overly reliant on it. There are additional measures you should take—like how you configure the settings on your devices. Each operating system you use has security settings that are often disabled by default. A good first step would be to learn what these settings are and to use them to your advantage. Also – be sure your patching is automatically triggered on your devices and you’re always taking the time to complete software updates whenever they’re available.

    At work, consider how this plays a role with bring-your-own-device (BYOD) programs. Because so many of us bring personal devices to the workplace and connect them to business networks, ensuring those devices are protected and used wisely puts significant responsibility on you as the employee.

  3. Understand how best to use passwords

    Passwords need to be complex and hard to guess, but not so much so that you can never remember them. One thing I like to recommend is “passphrases.” To make these, simply come up with a phrase you can remember and then make a password from the first letter of each word in the phrase. For example, if the phrase is “I love my red dog Pluto!”, the password would be “IlmrdP!”.

    Additionally, enable 2-factor-authentication whenever possible and don’t use the same password for all your accounts. You can use a password manager to help you keep track of all your passwords. I recommend an app called “keypass” – it’s free!

  4. Handle unsafe content

    It’s important everyone knows exactly how to respond or react in unsafe situations online. Here’s a few things to watch out for:

    1. Be wary of suspicious emails – if you think there’s some legitimacy to an otherwise suspicious email, get the phone number and follow up without giving any other information. Otherwise, just delete the email.
    2. Don’t fall for (or click on) popups claiming that your computer is infected.
    3. Avoid BitTorrent sites.

    Whatever you come across online, follow this simple rule: STOP and THINK. A few seconds of deliberation could save more than just your computer in the long-run.

  5. Safety considerations for the future

    When it comes to technology, the world is changing quicker than most people can keep up with. We’re entering an era in which more information is available than ever before, we’re increasingly reliant on technologies for even the most basic tasks, and technology is almost completely unavoidable. Although that may sound daunting, it doesn’t have to be.

    We need to be prepared. Our online presence has made us overly exposed—like being naked in a digital environment. The increasing interconnectedness between business and personal environments means we have to assume individual responsibility to make sure we’re using precautions on all our devices when online. It is not an impossible task, but it will require vigilance.

How can we start to bridge these gaps?

Education, education, education. Employers must take the time to train their employees on the importance of safe practices online. In our recent threat intelligence report from Q2 of 2017, we found that of 4 million cyberattacks, about 40,000 of them are phishing attacks. There are millions of stories online about people who have been hacked because of phishing – read these stories and learn from these mistakes!

The advance in technology is truly an exciting time. But like all progress, it will require some adjustments. If you’re an employer, consider how these knowledge gaps could compromise your business. If you’re an employee, take the time to educate yourself about online risks.

Learn more

eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. For information about our services, please visit www.esentire.com.

View Most Recent Blogs

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.