For Internet Safety Day, Digital IT News would like to know how IT leaders and Tech Vendors are focusing on internet safety.

For Internet Safety Day, here's what worked for us at Performance One. We started doing simple security role-plays and quick tests, which helped our team notice suspicious emails faster. Multi-factor authentication made the biggest difference once everyone got why it mattered. It stopped several phishing scams. My advice? Keep security practical and talk openly about it. People actually follow the rules when they understand the reasons behind them. If you have any questions, feel free to reach out to my personal email

I've been in cybersecurity since 2008, spoken at West Point and the Nasdaq podium, and here's what we're actually doing differently this year: we're shifting from "employee training" to what I call crisis-ready infrastructure. Most companies still treat internet safety like it's about preventing breaches. That's backwards. We tell our Central New Jersey clients upfront: it's not *if* you'll be compromised, it's *when*. Last year ransomware attacks jumped 37% with average demands hitting $5.3 million. So instead of just teaching people to spot phishing emails, we implement the T.I.M.E. method--Train staff, Invest in monitoring software, Make sure access to sensitive data is limited, and Enforce multi-factor authentication. The "limit access" piece is critical because even when someone clicks a bad link, the damage stays contained. The second shift is IoT lockdown. Your employees might secure their laptops, but their smart coffee maker in the break room? That's 100+ new entry points hackers are exploiting. We had one client get breached through a connected thermostat. Now we segment IoT devices onto separate networks so they can't become backdoors to your actual business systems. The legal pressure is real too. The FTC is actively fining companies for "unreasonable security," and California's CCPA hits you with $100-$750 per person affected in a breach. We're seeing business owners finally treat cybersecurity like liability insurance--because legally, that's exactly what it is now.

I run a business technology firm across Dallas, Tampa, and Orlando, and the biggest internet safety shift I've made is treating communications infrastructure like a physical security layer. When we deployed unified communications and security cameras for that nationwide preschool chain last year, we put every device--IP phones, access points, cameras--on isolated network segments with their own firewall rules. If someone compromises a camera, they can't pivot to payroll data. The part nobody talks about enough is vendor sprawl. Most SMBs we work with have five different vendors managing phones, internet, cameras, IT support, and cloud services. Each one is a separate attack surface with different password policies and security standards. We've seen actual breaches start because a camera vendor's technician still had remote access three years after installation. Consolidating to one vendor with unified credential management cuts your exposure dramatically. What actually moves the needle is making security invisible to end users. We default every phone system deployment to encrypted calls and auto-provision devices so employees can't skip MFA setup. When security requires extra steps, people find workarounds that create bigger holes. The preschool project succeeded because teachers never noticed the security--they just picked up phones that worked, while we locked down the backend with certificate-based device authentication and automated patch management.

I've been building IT systems for over 15 years, and one thing's become crystal clear: internet safety isn't just about buying better tools--it's about measuring what actually matters. At Cyber Command, we shifted from treating security as a checkbox to tracking real KPIs that show whether defenses are actually working. The biggest change we made was implementing mandatory MFA coverage tracking across every client environment. We don't just turn it on--we measure adoption rates monthly and publish them to leadership. One manufacturing client went from 34% MFA coverage to 98% in four months once they could see the gap in black and white. That single change blocked over 99% of credential-based attacks during their last attempted breach. The second game-changer is measuring phishing test results alongside actual incident rates. We run quarterly simulated phishing campaigns and correlate click rates with real-world security events. When one healthcare client's click rate dropped from 18% to 3% after targeted training, their helpdesk tickets for suspicious emails went up 240%--meaning staff were finally reporting threats instead of falling for them. That behavioral shift matters more than any firewall upgrade. For Internet Safety Day specifically, I'd tell any IT leader to pick three metrics you can actually influence: MFA coverage percentage, phishing simulation click rates, and time-to-patch for critical vulnerabilities. Publish them monthly where your executive team can see them. What gets measured gets managed, and internet safety is no exception.

We tried a bunch of approaches to security, but what really worked was putting automated checks right into our development process. We catch vulnerabilities before our code goes live now. My advice is to start small. Focus on automating one area at a time, so nothing gets missed as your operations grow. If you have any questions, feel free to reach out to my personal email

"One that's gaining traction is DATA TOKENIZATION, and it's about to be huge. Rather than placing data behind stronger barriers, tokenization substitutes sensitive information with nonsensical stand-ins so that, even if data is breached, it holds no value. From a marketing leadership perspective, this can be extremely powerful as teams are still able to understand their people's behavior and performance without the need to touch raw personal data. What's overlooked is how tokenization alters internal behavior, not just security posture. When teams realize they are working with tokens rather than actual IDs, they design cleaner workflows and, by default, reduce unnecessary data access. That alone can reduce risk more than adding yet another monitoring tool. One practical step is to put together a map showing where in the sphere of marketing, analytics, and vendors sensitive data intersects at all, then tokenize as early as you can. This preserves momentum in the campaigns and mitigates future liabilities. Internet safety today is less about control after the fact and more about smart design decisions made early."

Shadow AI is rapidly becoming a bigger issue than shadow IT - particularly for companies that value trust and reputation. Even now, workers leveraging public AI tools to summarize emails, draft responses, or categorize data, frequently without realizing what they are giving up. From a brand perspective, one prompt with client or internal data can be a risk that does NOT appear as an issue in the security dashboard. What we are seeing is that "blanket bans" do NOT work. People use AI because it saves time, so the smarter takeaway is to provide teams with approved tools and CLEAR GUARDRAILS. Training is key here, and short sessions on what data is OK to share can dramatically decrease the risk of accidental exposure and brand embarrassment. One of the realizations is that shadow AI often arrives first in customer-facing teams. Marketing, support and PR all race to keep up - and face pressure to respond fast, which makes them more likely to experiment quietly. This is where reputational harm can occur before an organization even realizes a tool is in use. The best move we've seen is treating AI use the way you would with media training. Teams learn what's appropriate, what doesn't leave the internal network and how cues reflect a brand voice, as well as its values. And this is the real reason companies should view AI as a shared responsibility rather than an illicit shortcut - they end up with much better results and far less risk.

At LAXcar, we use specialized multi-factor authentication (MFA), high-grade encryption, and segmented access systems, as most systems breaches primarily stem from credential breaches. Microsoft has shown that MFA can prevent 99.9% of account breaches (source: https://www.microsoft.com/en-us/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/). We have also implemented policies for shorter data retention periods, and have further limited access based on data visibility. In response to tightening measures, internal security notifications decreased by 30%, and employees stopped forgetting to change passwords, which in turn decreased help desk password resets. IT teams have been partially automated to continuously scan their infrastructure, which in conjunction with rapid patching, has been shown to avoid costly breaches. In 2023, IBM reported that the costs associated with an average breach are $4.45 million (source: https://newsroom.ibm.com/2023-07-24-IBM-Report-Half-of-Breached-Organizations-Unwilling-to-Increase-Security-Spend-Despite-Soaring-Breach-Costs). Current assault and IT defense systems have evolved to an offensive approach. We no longer aim to block known risks but instead assume the worst and focus on building resilient systems.

The way that we approach Internet safety needs to move beyond what firewalls or policies can accomplish. The new risks on the Internet are misinformation and children growing up in an online world without a written playbook to guide them—these are larger threats than hackers could ever be. IT Professionals still approach safety from a defensive posture; blocking, filtering, and restricting access to the Internet are the primary methods used today. The future must be about design; designing products that give the user the 'Safe' option by default instead of as an additional step. Legacy focuses as much on teaching Digital Literacy as it does on teaching Cyber Security. Building resilience through teaching students to evaluate links, manage their Online Identity, and understand their Data Footprint is something that can't be accomplished with any one piece of Software. I am most excited about the possibility of Artificial Intelligence one day being able to assist users by identifying Risky Behavior in Real Time and providing them with guidance similar to having someone riding shotgun with them before they get themselves into trouble. This technology will provide users with guidance, but not surveillance. Internet Safety should be more about Coaching rather than Policing. The moment that both Education and Protection occur together in a seamless way is the moment that the Internet truly becomes a Safe Place.

In the 6 years I've been running my own business, most security breaches happened because of human errors. To make internet safer for our team, we have coaching on phishing and how to avoid it once every quarter. Most employees hate mandatory training, so we make sure to get someone who's an expert and that the program is different every time. In the past two years, the only safety issues we had were hacking attempts and phishing is no longer a threat.

Major tech companies are taking action on Internet Safety Day and embedding Zero-Trust architectures directly into their digital infrastructure. This is about protecting asynchronous AI agents—or "agentic identities"—and the workflows associated with those autonomous agents throughout enterprise organizations. Instead of relying solely on MFA, there has been a shift toward continuous behavioral-based identity verification as the primary means to verify an identity. The ability to build self-healing systems capable of detecting anomalies in real time allows us to be technically agile while maintaining robust security. The end goal is to create a safety-first digital toolchain that does not carry a retrofit cost that would impede innovation.

There has been a recent change in discussion within the IT industry, moving from perimeter security to what IT leaders have labeled as 'identity-first' integrity. As generative AI has made it easier for malicious actors to create realistic phishing emails and other types of social engineering attacks within seconds, traditional security models that included quarterly employee security training and basic firewalls are no longer adequate for protecting sensitive information. There has been a significant movement toward Zero Trust architectures, where identity will serve as the new perimeter, providing protection by limiting the damage done even if an employee's credentials are compromised. Software vendors are beginning to adopt a 'Secure by Design' philosophy, with enterprise clients demanding radically transparent solutions, including a Software Bill of Materials (SBOM) that outlines exactly what components have been used in the development of their products. As we look to 2026 and beyond, the investment in developing resilient systems that do not rely on the perfection of humans will be paramount. We need to develop automated guardrails to protect against the potential impact of AI-driven threats. Ultimately, the safety of the internet will once again be a human-centric problem. Although we may have more sophisticated tools than ever before, the degree of psychological stress on employees will be higher than ever before. The leaders who will succeed will be those who simplify their security processes with the intention of minimizing friction during the workday.

This perspective is really a unique one. I'm a nurse practitioner with 16 years of clinical experience in hospital setting. I decided to open my own mobile IV therapy clinic in NYC called VIP's IV (vipsiv.com). I am literally doing everything myself. I literally had to learn how to set up a domain, DNS, hosting, and use WordPress and learn how to build websites. To integrate security into building the business website I got hosting from AWS which comes with built-in AES-256 encryption for data at rest and also in transit via KMS. Also AWS integrates granular access control through Identity and Access Management (IAM) and AWS Shield for DDoS mitigation. I also have Cloudflare which has its own set of security features that are super helpful. I am also using Wordfence Security. I changed my login link, created a very long username and password with random letters, numbers, and characters (which I had to memorize). I think doing these basic things is super important and hopefully will go a long way. Aleksey Aronov AGPCNP-BC Adult Geriatric Primary Care Nurse Practitioner - Board Certified VIPs IV https://vipsiv.com New York, NY

In web hosting, security has to be simple. At CLDY, when we spot suspicious logins, we offer one-click password resets and explain why in plain language. Incidents dropped once we stopped using the tech talk. People feel safer and our job got easier. The best security isn't the most complex, it's the clearest. Make it easy for people to do the right thing. If you have any questions, feel free to reach out to my personal email

I build privacy and security into every no-code and AI workflow. After going through a few app rollouts, I've learned you need automated checks to catch data leaks or suspicious behavior before they hit users. It's way easier to adapt your products for new threats down the road if you think about security from the very beginning. If you have any questions, feel free to reach out to my personal email

At Superpower, we protect health data because biomarker analytics are so personal. We use AI security checks with secure cloud storage, so only verified users can see sensitive information. We're also direct with users about what happens with their data and bring in outside auditors for regular check-ins. It's the only way to handle information this private. If you have any questions, feel free to reach out to my personal email

Don't wait to think about internet safety when you're building AI tools. It needs to be part of the foundation. I've learned this the hard way after seeing what bad user input can do. At AthenaHQ, we validate everything and keep a close watch on activity. My advice? Teach your users to be smart online. Technical fixes only go so far without good user habits. If you have any questions, feel free to reach out to my personal email