Cybersecurity Risks and How Canadians Can Stay Protected
Image from Pixabay.com
Like other countries, Canada is seeing an upsurge in COVID-19 related phishing campaigns and malware scams. These scams either steal personal information or lock information after luring victims to click on malicious links and attachments. According to an online poll conducted by Ryerson University in May, nearly 60% of Canadians admitted they were cybercrime victims. The report found that 57% of respondents encountered at least one cybercrime. A further breakdown in figures revealed that 28% had their personal information exposed, while 22 % had their account attacked, and 13% were tricked by a deceptive email or website.
3 Types of cyberattacks Canadians are facing during the pandemic
1. Financial aid scam
One of the biggest cybersecurity threats Canadians have faced in the last couple of months is malicious websites masquerading as official government entities providing information about COVID-19 financial aid programs. These malicious websites prey on people’s fear and anxiety during the pandemic, tricking them into providing personal and financial information. Most of the fake pages claimed to be Canada Revenue Agency or related to the Canada Emergency Response Benefit (CERB).
2. Phishing scams
Phishing is information-stealing malware disguised as legitimate links and attachments that victims are lured to click. These phishing emails target organizations as well as individuals. They are cloaked as COVID-19 updates from health agencies, charities eliciting donations, or companies advertising personal protective equipment available for purchase. An example of one such phishing email occurred on March 10, masquerading as the Public Health Agency of Canada’s (PHAC) Medical Officer of Health. The email claimed to be an important COVID-19 update; instead, it was used to deliver malware through an attachment.
3. Fake COVID-19 contact-tracing app
Another cybersecurity threat Canadians are facing is malicious computer ransomware disguised as an official government of Canada COVID-19 contact-tracing app. Attackers took advantage of Prime Minister Justin Trudeau’s announcement in June about a nationwide contact-tracing app and unleashed a bogus app on fake government of Canada websites. Downloading the app releases a ransomware that locks the user’s data, and payment is demanded to regain access.
5 ways for organizations and individuals to avoid cyber threats
1. Be on guard when clicking on links and downloading apps
As phishing campaigns are on the rise during the pandemic, organizations and individuals must be on guard when opening email links or attachments and divulging personal and financial information on websites or via text. For example, government officials would never ask for your financial information through a text message. When you receive emails with links or attachments, always double-check with the sender by calling the official government website to verify the information and request is legitimate. The same goes when applying for financial aid on websites. Exercise prudence by double-checking to ensure the URL is spelled correctly.
When downloading apps, only download from reputable sources and always double check the app’s legitimacy before you click download. Read reviews to see what others are saying about the application. Being extra vigilant could save you from downloading a fake contact-tracing app.
2. Use a VPN
A VPN app can protect you from a data breach by encrypting your files, making it hard for hackers to detect your online activity. In other words, you are secured in your personal private tunnel that only you can access. Organizations that enforce work from home policies during the pandemic are susceptible to phishing scams and ransomware. They should ensure their employees access work-related documents with a VPN so that sensitive information is shielded from prying eyes.
3. Update your device software and other applications
Keeping your device software updated is crucial for your security. Organizations should ensure that regular antivirus and anti-malware updates are released to protect their system and files. From time to time devices may be exposed to new security vulnerabilities, so security updates or patches erase those weaknesses. Always apply updates as soon as they are available for device operating systems, antivirus programs, and mobile applications.
4. Back up your data and store them safely
For organizations, backing up and storing data safely is particularly important. Data can be stored using cloud services. That way, if a company falls victim to ransomware and their files are locked, the information can be retrieved from the cloud. Individuals should also consider storing sensitive information using a cloud service provider. It is a good idea to perform a test run to recover data, to be familiar with the steps if you become a ransomware victim.
5. Apply two-factor authentication
Strong and complex passwords must be used, especially when accessing sensitive or personal information such as banking information or your company’s email account. To amplify this security check, apply two-factor authentication (2FA). Organizations should be extra cautious and stay alert to avoid phishing campaigns by requiring remote workers to use 2FA to log in to their email.