Cybersecurity Awareness Week 3: Prevention

 October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes:

• Week 1:  You Got Phished
• Week 2:  Where, Why and How It Happens
• Week 3:  Prevention
• Week 4:  Putting It All Together

This week’s theme, “Prevention” focuses on 5 actionable steps to prevent becoming a victim of cybercrime.

Tip #1: Use Strong and Unique Passphrases and Passwords

Did you know that at least 65%  use the same password across multiple sites? Although this makes remembering your credentials easier to do, this also makes your accounts vulnerable to cyberattacks.

By creating complex passphrases and unique passwords for each site you use, you instantly tighten up your security, making your accounts less attractive to hackers. Some best practices for creating complex passphrases include:

• Avoiding family, pet, company, and familiar names that can be easily guessed by others
• Using unique combinations of letters, numbers, symbols, and cases for each site you use
• Creating passwords with at least 4 words and 15 characters long

Tip #2: Use A Password Manager

Our passwords protect the things that are important to us, such as our financial information, our social media accounts, and more. But with all the platforms and websites we actively use, it can be difficult to keep track of unique and complex passwords for each platform.

Password managers such as Google Password Manager help you create complex passphrases and store them so that you never forget a password again.

Tip #3: Enable Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is an added layer of security that is catered to you so that only you can access your accounts and private information. This dual layer of security is simple to implement and consists of two or more independent credentials to verify you are who you claim to be. Three of the most common credentials consist of what the user knows (password), what the user has (security token) and what the user is (biometric verification).

Some common forms of MFA include:

• Fingerprint scanners
• Voice verification
• Facial recognition
• Security questions
• PIN numbers
• SMS authentication
• App-based authenticators
• Hardware tokens

Implementing MFA is an excellent way to add an extra security layer to your system. Did you know that by adding something as simple as MFA to your accounts, you can protect yourself from automated bots, phishing attacks and targeted attacks?

In short, MFA works to prevent malicious activity on your network, keeping your sensitive data safe and secure. We suggest you allow MFA everywhere it can be used and if you don’t have the capabilities perhaps it’s time to invest in a little extra digital security.

Tip #4: Regularly Backing Up Your Important Data

Your important data is important! Be sure to keep it safe on your devices so that it does not get lost, corrupted, or fall into the wrong hands. One of the best ways to keep your data safe is to regularly back up your important data.

There are many benefits to taking the time to back up your data, including:

• Ensuring you always have a backup in case of a disaster such as a cyberattack or breaking your device
• Freeing up storage space on your device
• Protecting your special moments from accidental corruption

Backing up files is easy to do! You can back up your data physically and/or digitally. To back up your files physically, you’ll need an external device such as a USB stick or an external hard drive. Once your files are backed up physically, you’ll want to ensure that you keep your external device stored in a safe location.

To back up your data digitally, you can use a reputable online cloud server. There are many great options to choose from! Some online cloud servers offer free storage up until a certain amount, while others have subscription fees.

Whether you decide to back up physically or digitally, choose what works best for you.

Tip #5: Protecting Your Small Business Against Phishing Attacks

No business is too small to become a victim of a phishing attack. More than half of email scams and phishing attempts target small businesses.

Phishing is a common method that hackers will use to steal valuable information from both individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

It’s important for small businesses to take steps to protect their private and important information. The following are simple tips for small businesses to follow:

• Only visit legitimate and trusted websites while working from a business computer or device used for business operations
• Verify that you are only providing personal and business information to trusted sources
• Always question why your personal information is required when asked for it
• Do not remove or disable any security safeguards on your business network and devices such as anti-virus software

Always

Stay Cyber Safe

Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe. 

Cybersecurity Awareness Week 2: Phishing - Where, Why and How It Happens

October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber-safe by equipping them with knowledge through the following four themes

• Week 1:  You Got Phished
• Week 2: Where, Why and How It Happens
• Week 3: Prevention
• Week 4: Putting It All Together

This week’s theme, “Where, Why and How It Happens”, focuses on what phishing is, where it happens, the motivation behind cyber threats and how it works.

What is Phishing?

Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

What are the different types of phishing?

Phishing can take on many different forms, as well as come from a variety of mediums including email, phone, online shopping, gaming, social media, and direct messages. The following is a quick overview of the most common types of phishing campaigns that cybercriminals use to steal your information.

Smishing

Smishing is a phishing attempt that occurs through text message (SMS) and involves a cybercriminal impersonating someone to steal information from you. In many cases, smishing messages contain a link they are trying to get you to click on.

To protect yourself against smishing attacks, always be cautious about the messages you receive from people you do not recognize. If you are unsure, try to verify the information and confirm if the identity they are taking on is legitimate. For example, if you receive a message claiming to be your school, call your school using the contact information available on their official website and verify whether the request is real or smishing.

Spear Phishing

Spear phishing is a message that is tailored to the target's potential line of work, interests, and/or personal characteristics. To do this, cybercriminals conduct research about their victims and use their findings to make their messages seem authentic. They then send these spear phishing attempts disguised as a credible source, with the subject being something relevant to their victims in hopes to increase the success rate of their attempts. When successful, victims hand over their personal information, such as a credit card number, to the cybercriminal.

Whaling

Whaling attacks are sophisticated messages that target high-profile victims who have the authority to issue large payments. Whaling attempts are designed to trick these victims into thinking they must make a payment to another organization, but in reality, the payment is directed to the pockets of the cybercriminal.

Phishing Trends

Now that you know the various types of phishing, it’s important to be aware of phishing trends so that you can spot any potential attempts.

Banking Scams

Cybercriminals will pose as your financial institution and send urgent, or too good to be true messages in hopes of their victims taking action. If you receive a phone call, email, or message that asks you to claim the money in exchange for verifying your credit card number or asking you to pay for outstanding banking fees, be wary and do not give over your information. Always verify with your banking institution by visiting in person, or calling the phone number listed on their official website to verify if the request is legitimate.

Romance Scams

There is plenty of phish in the sea! Looking for companionship online has been made easy with the help of dating websites and apps, but sometimes profiles are too good to be true. Romance scams happen often when a cybercriminal creates a fake profile with the goal of taking advantage of someone looking for romance.

To avoid becoming a victim of a romance scam, always be cautious about what information you share on dating websites and apps. Never give your personal information such as your SIN number, banking information, or even the answers to security questions such as your mother’s maiden name.

Event-Based Scams

Event-based scams happen when cyber criminals take advantage of events, such as a concert or sports games, to steal information and money from their victims. When it comes to phishing, cyber criminals will typically send out messages posing as event organizers and include a link. When the link is clicked, you are likely to be prompted to enter sensitive data such as a credit card number or credentials to your financial institution.

Spoofing is a tactic that is often used with event-based scams, which is when a cybercriminal will create a fake look-alike website or app to trick users into making fake purchases. Be sure to guard your personal information and always verify that the websites you are using to purchase event tickets are legitimate.

Malware and Ransomware

Malware is one of the most common ways people experience a cyber attack. Malware is software  specifically designed to interfere with, damage, or gain unauthorized access to a computer system. If your device is infected, it can cause freezing and crashing, poor performance, unwanted pop-ups, and toolbars, and even send out unwanted emails.

Malware presents itself in many forms, including viruses, worms, trojan horses, spyware and adware, and ransomware.

With a ransomware attack, access to your computer or electronic device is blocked until a ransom is paid to the cybercriminal. These common forms of malware are sometimes difficult to recognize. The following best practices can help you protect your computer system against malware:

• Install and use anti-virus software
• Avoid suspicious links and email attachments
• Download only from trusted sources
• Use a VPN on unsecured networks like public Wi-Fi

Beware of Social Engineering

A social engineering attack is a web user is tricked into doing something dangerous online. There are various types of social engineering attacks, with a prominent form of it being phishing.  Always think twice before you share your information online and take actionable steps to protect your devices against phishing, malware, and ransomware.

Stay Cyber Safe

Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe. 

October is Cyber Security Awareness Month

 October is Cyber Security Awareness Month (CSAM). The goal of CSAM is to help Canadians stay cyber safe by equipping them with knowledge through the following four themes:  

• Week 1:  You Got Phished
• Week 2: Where, Why and How It Happens
• Week 3: Prevention
• Week 4: Putting It All Together

This week’s theme, “You Got Phished”, focuses on actionable steps to take to recover from a phishing attack.

Before we get started, it’s important to understand what Phishing is. Phishing is a common method that hackers will use to steal valuable information from individuals and organizations. Phishing scams are often disguised as messages from people and organizations that you trust, making them easier to fall victim to.

How to tell if you have been phished or hacked

The most evident sign that you have been phished or hacked is when you notice changes to your accounts. This might look like not being able to access your email accounts, noticing suspicious charges to your bank or credit card accounts, or even receiving notifications on social media from friends alerting you that your accounts have been compromised.

Before you notice these clear signs of unusual behaviour, there may also be notifications from your accounts alerting you of changes. For example, if a malicious actor is attempting to sign into your email account, you may receive notifications asking you to confirm that “you” are trying to sign in from a certain location. In some cases, these alerts may also come after a successful sign-in attempt from a malicious actor. Banks may also block purchases from being made on your card until you confirm whether the transaction is coming from you.

To help keep you safe from phishing, we’re sharing 4 easy tips, as well as what to do if you have been phished.

Tip #1: Change passwords and upgrade passwords to passphrases

Did you know that at least 65% of people reuse the same passwords across multiple sites? Although this makes remembering your credentials easier to do, this also makes your accounts vulnerable to cyberattacks.

By creating complex passphrases and unique passwords for each site you use, you instantly tighten up your security, making your accounts less attractive to hackers. Password managers such as Google Password Manager and LastPass can easily help you create complex passphrases and store them so that you never forget a password again.

Some best practices for creating complex passphrases include:

• Avoiding family, pet, company, and familiar names that can be easily guessed by others
• Using unique combinations of letters, numbers, symbols, and cases for each site you use
• Creating passwords with at least 4 words and 15 characters long

Tip #2: Enable anti-Malware and anti-virus software

Malware is one of the most common ways people experience a cyberattack. Did you know the majority of Canadians have had malware on their computer?  Malware is software specifically designed to interfere with, damage, or gain unauthorized access to a computer system. If your device is infected, it can cause freezing and crashing, poor performance, unwanted pop-ups, and toolbars, and even send out unwanted emails.

Malware presents itself in many forms, including viruses, worms, trojan horses, spyware and adware, and ransomware. These common forms of malware are sometimes difficult to recognize. The following best practices can help you protect your computer system against malware:

• Install and use anti-virus software
• Avoid suspicious links and email attachments
• Download only from trusted sources
• Use a VPN on unsecured networks like public Wi-Fi

Tip #3: Enable automatic software updates

Updating your programs and operating systems regularly ensures that you are benefiting from the latest security patches and bug fixes, making it harder for cybercriminals to exploit your data with malware. Keep your systems, programs, and applications updated. Most programs and operating systems do a great job at reminding their users when an update is available. Enabling automatic updates on your devices will help ensure that you don’t miss an update!

Tip #4: Back up your data

Backing up files is easy to do! You can back up your data physically and/or digitally. To back up your files physically, you’ll need an external device such as a USB stick or an external hard drive. Once your files are backed up physically, you’ll want to ensure that you keep your external device stored in a safe location.

To back up your data digitally, you can use a reputable online cloud server. There are many great options to choose from! Some online cloud servers offer free storage up to a certain amount, while others have subscription fees.

Whether you decide to back up physically or digitally, choose what works best for you.

Keep Others Safe and Report The Scam

If you have been targeted by a phishing scam in Canada, you can help keep others safe by reporting the scam. You can report the scam by contacting:

• Your local police: file a report about the phishing scam or fraud. Remember to get a report number for your reference.
• Regulatory bodies: if the scam involves someone from a regulated profession, regulatory bodies may have the ability to take disciplinary action to prevent further incidents.

Stay Cyber Safe

Whether it’s Cyber Security Awareness Month or any other day, always keep cybersecurity practices in mind to keep your cyber safe.