Cybersecurity: It starts with you

Hacker Hacking a Company

Did you know that cyber-attacks are one of the fastest-growing crimes in Canada? In the past few years, there have been many significant data and security breaches globally that have affected millions of users and some of the largest companies in the world.

Some of the most notable breaches in the past few years are:

  • The largest data breach ever — suffered by Yahoo in 2013 which reportedly affected 3 billion user accounts (up from an earlier estimate of 1 billion)
  • Equifax breach in 2017 where 145.5 million customers were affected, which was the largest data breach at the time.
  • The second-largest data breach ever (at the time) — suffered by Marriott and disclosed near the end of 2018, was estimated to have exposed 500 million user accounts.
  • In June 2019, the Desjardins Group suffered a massive data breach which affected 4.2 million “individual members” in Quebec and Ontario.
  • On Aug. 14, about 5,500 CRA accounts had been affected by several cyber attacks. Additionally, of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services.

These are just some of the largest breaches, the list of breaches worldwide is not only a lot more extensive but is growing at tremendous speeds. According to Robert Herjavec, Founder & CEO at Herjavec Group, this “Dramatic rise (in damage costs) only reinforces the sharp increase in the number of organizations unprepared for a cyber attack.” Unfortunately, so many individuals and companies alike are not prepared for this storm which is projected to only get worse as the time goes on and the world’s population increases.

It is clear that protecting your privacy online is of utmost importance. As a company, it is imperative to ensure that your internal network is secure and your employees and clients are protected. While the industry behemoths mentioned above have resources to pay for the damages and fight the public scrutiny caused by these data breaches, many smaller companies simply cannot suffer such terrible attacks and often don’t recover from them.

While companies around the world are improving their cybersecurity measures, it is important to note that it is also up to every individual employee to ensure that they are keeping themselves secure. Opening a simple phishing email that looks like it came from a boss or employee could result in you jeopardizing the entire company and every client and employee within your organization. Downloading a file from the internet that may look reliable could shut down the entire company you work for, causing it to go bankrupt.

How Firms Can Increase Cybersecurity

One of the largest challenges that companies face and often underestimate is ensuring that not only their infrastructure is secure, but that they implement proper training and a process that ensures every employee and associate of that company is aware of the steps and rules they need to follow to keep their company secure. If an employee clicks on a defective link or responds to a fraudulent email, then no amount of technological infrastructure will be enough to protect your company.

Yet so many companies are not providing proper training for their employees. According to a study conducted by the FPA (Financial Planning Association’s Research and Practice Institute) about one-third of employees aren’t receiving any cybersecurity training.

Companies Providing Cyber Security Training Courtesy of Financial Planning Association

Another crucial security measure to implement is to ensure that all systems stay up to date. Dan Skiles, a past national board member of the FPA says that “advisors should use outside consultants and technology companies to ensure they have the best systems installed”. Cybersecurity is an ongoing battle, with the enemy constantly improving their technology and methodology at lighting speeds, so no matter how well prepared you were last year, today it simply may not be enough.

Think this can’t happen to you? According to a Forbes article by Stu Sjouwerman, CEO of Security Awareness Training and Simulated Phishing platform, these attacks have become so innovative that their own team of cybersecurity experts has even seen instances of what appears like a digitized human hair follicle — or flea or dust particle — on a screen; once it gets swiped away, malware is downloaded unwittingly.

According to the Ninth Annual Cost of Cybercrime Study released by Accenture and the Ponemon Institute, data is not the only target. While data remains a key target, theft is not always the outcome of an attack. A new wave of cyberattacks sees data no longer just being copied but being destroyed or changed, in attempts to breed distrust.

The battle against cybercrime is an ongoing battle, and this battle will keep evolving as the enemy evolves its weapons arsenal. Getting stuck with sticks and stones against an army of tanks is a sure way to lose this battle. It is imperative that you don’t delay and begin securing your infrastructure, updating your systems, and implement correct procedures to ensure all your employees are aware of the procedures they should follow to keep your company protected.

Common Forms of Attack

Cybercrime is a multi-trillion dollar industry that takes on a variety of different forms. Some specific examples of cyber attacks include:

  • Email and internet fraud.
  • Identity fraud (personal information being stolen resulting in identity theft).
  • Theft of financial or card payment data.
  • Theft and sale of corporate data.
  • Cyberextortion (demanding money to prevent a threatened attack).
  • Ransomware attacks (a type of cyber extortion).
  • Cryptojacking (mining cryptocurrency using resources they do not own).
  • Cyberespionage (accessing government or company data).

While some of these intersect in nature they can be summed up into two main categories:

  • Cybercrime that may infect computers with viruses and malware to damage devices or stop them working. These hackers may often steal your data before shutting down your computers completely. Cybercrime that stops users from using a machine or network, or prevents a business from providing a software service to its customers, often takes the form of a Denial-of-Service (DoS) attack.
  • Cybercrime that uses computers to commit other crimes and may involve using computers or networks to spread malware, illegal information, or illegal images. In many cases, these crimes often happen in the background, and you may not even realize your computer is being used at all, although sometimes it may result in your computer working slower than usual or behaving in an abnormal fashion.

Computer Virus

As of July 2015, Canada, 47 US States and all other G-7 countries had ratified or acceded to the Budapest Convention. The Budapest Convention is an international treaty that provides signatory states with legal tools to help in the investigation and prosecution of computer crime, including Internet-based crime, and crime involving electronic evidence.

Canada’s Protecting Canadians from Online Crime Act provides police with the necessary means to investigate crime in today’s high-tech environment; the act put Canada in a position to ratify the Budapest Convention.

“Cyber-tools are increasingly used by criminals in foreign jurisdictions to target Canadians. By ratifying the Budapest Convention and thus facilitating international cooperation on cybercrime, our government is demonstrating its commitment to keeping Canadians safe in cyberspace.” – The Honourable Rob Nicholson, Minister of Foreign Affairs

“Just as cyberspace is constantly evolving, so too are the cyberthreats to our security, prosperity, and quality of life. Our government is committed to protecting Canadians from the threat of cybercrime. Canada’s ratification of the Budapest Convention will improve international cooperation when cybercrime crosses international borders.” – The Honourable Peter MacKay, Minister of Justice and Attorney General of Canada

How To Protect Yourself As An Individual

So now that you realize the gravity of the situation and the threats that it presents, let’s explore some ways of how you can protect yourself on an individual level. Here are some of the ways which you can use to protect your computer from malicious attacks:

Keep your software and computer updated
Keeping your software and operating system up to date ensures that you benefit from the latest security patches to protect your computer.

Use anti-virus software and keep it updated
Anti-virus software allows you to scan, detect, and remove threats before they become a problem. Having this protection in place helps to protect your computer and your data from cybercrime, giving you peace of mind. It imperative to keep your anti-virus software up-to-date to get the best level of protection

Use strong passwords
Be sure to use strong passwords that people will not guess and do not record them anywhere. Also, make sure that you don’t re-use your passwords since that increases both the risk and danger of these attacks. 1Password is a great example of a password manager that can generate strong passwords while helping you manage your password, ensuring that they are unique.

Never open attachments or click on links in spam emails
A classic way that computers get infected by malware attacks and other forms of cybercrime is via email attachments and harmful links in spam emails. Never open an attachment from a sender you do not know and don’t click a link unless you are positive that it came from a trusted source.

Do not give out personal information unless secure
Never give out personal data over the phone or via email unless you are completely sure the line or email is secure. Make certain that you are speaking to the person you think you are.

Contact companies directly about suspicious requests
If you get asked for data from a company that has called you, hang up. Call them back using the number on their official website to ensure you are speaking to them and not a cybercriminal. Cybercriminals can spoof their phone number and make it look like they are calling from a legitimate agency, such as the CRA and Bell Canada for example.

Be mindful of which websites you visit
Keep an eye on the URLs you are clicking on. Do they look legitimate? Avoid clicking on links with unfamiliar or spammy looking URLs. This includes links that appear on Google search, in fact, one of the common ways for cybercriminals to target individuals is to buy ads and improve their search engine rankings so that they appear in the top results of your search.

Keep an eye on your bank statements
These tips should help you avoid falling foul of cybercrime. However, if all else fails, spotting that you have become a victim of cybercrime quickly is important. Keep an eye on your bank statements and any unfamiliar transactions with the bank.

Conclusion

Hopefully, this has given the necessary information to be aware of the dangers of cybercrime that infect our world today and helped you stay protected. If you are a business owner, we would recommend that you implement the measures noted above right away. Every minute you delay implementing proper measures for your company means that you are jeopardizing the well-being of your company and are playing a game of Russian roulette with your clients’ data.

Need assistance with training your employees and securing your internal networks? Dunham Connect is a trusted cybersecurity expert with decades of experience. Contact us today to see how we can help protect your company, employees, and clients and prevent these devastating attacks from harming you and your company.

Leave a Comment