October is Cyber Security Month across Canada and this year’s theme is Get cyber safe – for future you.
The federal government’s campaign aims to set Canadians up for a safer and easier future by shedding light on the practical benefits of cybersecurity that can prevent people from becoming victims.
Carmi Levy is a leading IT expert and said setting aside 30 days to highlight safety in the cyber world is great, but it isn’t enough.
“What do we do for the other 11? The reality is cybersecurity awareness needs to become not just something we do once a year, but something we incorporate into our habits every single day of the year. We have to shift from awareness to accountability.”
He added accountability means people being responsible for their own digital security 365 days a year.
“Once you do that, make it part of your daily routine, and it becomes a lot easier to ensure those lessons from Cyber Security Month aren’t forgotten.”
Those lessons include securing online accounts, educating yourself about current cyber threats, and ensuring your devices have the latest security and software updates. Levy explained human error is almost always involved in successful attacks.
“We’re not going to solve this by installing new technology. We are going to fix this by changing behaviours, and we do that by exposing people to resources, raising their training level. The Canadian Anti-Fraud Centre, for example, is great for learning how to recognize threats when we see them in our inbox or when we are online.”
It can be overwhelming for the general public to decide what supports to purchase. There are VPNs and anti-virus and security platforms. Levy said they do serve a purpose but added everyone needs to do more.
“We can reduce the risk by going into our settings and turning on features that aren’t normally activated by default. Things like dual-factor or two-factor authentication, sometimes known as multi-factor authentication. That adds an additional lock on the door in addition to your password. You can use a fingerprint, voice authentication or a PIN, so even if your password is compromised, the bad guys aren’t getting into your account.”
The Canadian Anti-Fraud Centre advises people to implement strong passwords that don’t come from a pet or family member’s name. Levy said the best course of action is to have different passwords or passphrases unique to each system and changed at least once every three months.
“Ideally, once a month. If that’s too difficult, use a password management app like One Password to manage those passwords in one central place.”
Levy added it’s also a good idea to share less personal information on social media as it is harvested by criminals and used against people in targeted attacks.
“Look at your online activity and ask yourself if you are oversharing. If the answer is yes, you are putting ammunition into the hands of cybercriminals to use against you.”
Municipalities also need to be prepared for attacks as they are constantly targeted by cybercriminals. Experts like Levy say it isn’t a matter of if, but when.
“It has taken these institutions months, if not years, to recover from and in many cases, they may never recover and the cost to taxpayers is significant. We are already seeing the victim’s list pile up, and no one wants to be the next one.”
Stratford and St. Marys have both been victims of ransomware attacks in recent years. The Festival City was attacked in April of 2019 when several of its servers became unresponsive and unavailable. The city shut down its servers’ internet connections and disconnected computers, laptops, and printers from the network to contain the damage.
The attacker demanded 10 Bitcoins as ransom. At that time, each Bitcoin was worth about $7,500 Canadian, making the demand total roughly $75,000. The city complied and paid the ransom in exchange for decryption keys.
