Are You Prepared for Cyber Attacks?

Unlike physical threats that prompt immediate action—like stopping, dropping and rolling if you catch on fire—cyber threats are often difficult to identify and understand. Cyber threats include dangers such as viruses erasing entire systems, intruders breaking into systems and altering files, intruders using your computer or device to attack others and intruders stealing confidential information. The spectrum of cyber risks is limitless; threats, some more serious and sophisticated than others, can have wide-ranging effects on the individual, community, organizational and national levels.

Before a Cyber Attack

You can increase your chances of avoiding cyber risks by setting up the proper controls. The following are things you can do to protect yourself, your family and your property before a cyber incident occurs.

  • Only connect to the Internet over secure, password-protected networks.
  • Do not click on links or pop-ups, open attachments or respond to emails from strangers.
  • Always enter a URL by hand instead of following links if you are unsure of the sender.
  • Do not respond to online requests for personally identifiable information (PII); most organizations—banks, universities, companies, etc.—will never ask for your personal information over the Internet.
  • Limit who you are sharing information with by reviewing the privacy settings on your social media accounts.
  • Trust your instincts; if you think an offer is too good to be true, it probably is.
  • Password-protect all devices that connect to the Internet and all user accounts.
  • Do not use the same password twice—choose a password that means something to you and you only.
  • Change your passwords on a regular basis (every 90 days or so).
  • If you see something suspicious, report it to the proper authorities.
  • The extent, nature and timing of cyber incidents are impossible to predict. There may or may not be any warning. Some cyber incidents take a long time (weeks, months or years) to be discovered and identified.

During a Cyber Attack

Immediate Actions

  • Check to make sure the software on all of your systems is up to date.
  • Run a scan to make sure your system is not infected or acting suspiciously.
  • If you find a problem, disconnect your device from the Internet and perform a full system restore.

At Home

  • Disconnect your device (computer, gaming system, tablet, etc.) from the Internet. By removing the Internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files or using your device to attack others.
  • If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. Install all of the appropriate patches to fix known vulnerabilities.

At Work

  • If you have access to an IT department, contact someone in it immediately. The sooner someone can investigate and clean your computer, the less damage to your computer and other computers on the network.
  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

In a Public Place (Library, School, etc.)

  • Immediately inform a librarian, teacher or manager in charge. If someone has access to an IT department, contact the department immediately.

After a Cyber Attack

  • File a report with the local police so there is an official record of the incident.
  • Report online crime or fraud to your region’s Canadian Security Intelligence Service (CSIS) or the Canadian Anti-Fraud Centre.
  • Report identity theft to the Canadian Trade Commissioner Service.
  • If your PII was compromised, consider other information that may be at risk. Depending what information was stolen, you may need to contact other agencies; for example, if someone has gained access to your Social Insurance number, contact the two national credit bureaus, Equifax and TransUnion. You should also contact your provincial or territorial ministry responsible for transportation if your driver’s licence or car registration has been stolen.


© Zywave, Inc. All rights reserved.


Cyber Extortion Hits Close to Home

“It took me 26 hours of work… without sleep… to get the network back online. Not fun…” says Richard Mash of Network Partners.  In his most recent encounter with hackers Mr. Mash was helping his client, a local small business, after the hackers stole and encrypted the client’s information, demanding a ransom.

Mr. Mash continues “The client’s network became infected with a really nasty virus called CryptoLocker. The virus was sent to them in an email with an attachment that was supposedly a resume from a job applicant. Not surprisingly, someone in the HR department opened the attachment and within minutes the network was infected with a virus and all their critical data files were encrypted… The authors of the virus demanded a significant amount of money in return for decrypting the files, effectively holding the company to ransom. Luckily, we had good backups of all their data and we were able to recover everything without paying the ransom request. The important thing to note is this company had 3 different levels of anti-virus protection, all of which allowed the virus to penetrate the network.

I’m sure all of you are aware that computer viruses can be spread by email. Even though many of us maintain excellent anti-virus products on our networks to help protect our data from viruses, these programs are not 100% foolproof.  We also need help from our employees to keep important data safe.”

Mr. Mash shared some very helpful tips with ABEX to help us protect our network so we don’t encounter a similar problem.  We thought these tips would be worth sharing with you so that you can protect your network from viruses.  The most important thing is to be vigilant about emails that you receive:

  • NEVER open an attachment in an email that comes from someone you do not know or do not trust.
  • A simple rule of thumb: NEVER click on a link in an e-mail and avoid opening attachments if at all possible (Especially ZIP archives). And, if a link must be clicked on in an e-mail, hover the mouse cursor over the link to see where it leads to. If it looks suspicious please ask!
  • These emails may seem to come from companies that you trust, like Canada Post or UPS. If you are not expecting a “delivery notification” from a courier, then don’t open it.
  • Banks or Credit Unions will not send you unsolicited emails with attachments… ever. Just delete them.

How can businesses protect themselves?

To manage and minimize the potential damage from a cyber attack, companies should employ a comprehensive cyber risk management strategy that along with a cyber insurance also includes appropriate loss control techniques, an assessment of company’s networks vulnerabilities, and employee security awareness training.

Businesses should make sure that their cyber insurance policy covers costs in case the company is unable to access its computer system, the system is infected by a virus, confidential information is compromised, or its brand and reputation is tarnished by posts on social media. In addition, the policy should cover the cost of independent computer security consultant to assess any threats, prevent immediate threats, offer reward to prevent perpetrators of the threat and reimbursement of any ransom the company is required to pay in the event above measures fail to mitigate the threat against them.


What Can Executives Learn from Dairy Queen Data Security Breach?


On October 9, 2014 John Gainor, the president of International Dairy Queen announced that 395 independently owned and operated Dairy Queen businesses were infected with the Backoff malware. This malware was reported by the United States Computer Emergency Readiness Team on July 31, 2014 when a warning was issued that it could affect point-of-sales systems through Internet remote access. A third party partner of Dairy Queen was revealed as the source of a compromised account that was used to compromise account credentials of customers. Dairy Queen has published this list showing 395 stores in 46 States that were affected. The personal information stolen included customer names, credit card account numbers and card expiry dates. Free identity repair services for one year are being offered by Dairy Queen.

Why is this important to business executives?

This breach and the list of retail stores that Dairy Queen has publicized on their web site is a clear reminder. It reveals how close to home data security incidents can be. Looking deeper, the headache for the retail client’s customers is significant. They are told to watch their account for suspicious activity, follow up with Dairy Queen under certain circumstances within a certain period of time, request a credit report, etc., etc. All of these are annoying and time consuming tasks.

Risk management questions business leaders should consider include:

  1. Are they collecting any of their client’s personally identifiable information?
  2. How much would it cost to provide credit monitoring and identity theft protection for all of their employees, clients, and/or business partner contacts?
  3. What is the long term cost of the damage to their brand image?

Astute business leaders ask their team the right risk management questions, because they know that cyber crime is their number one business risk.

Dairy Queen Cyber Breach -Letter to Clients

From the President and Chief Executive Officer

October 9, 2014 Dear DQ and Orange Julius Customers,

International Dairy Queen, Inc. recently learned of a possible malware intrusion that may have affected some payment cards at certain DQ® locations and one Orange Julius® location in the U.S.  Upon learning of the issue, we launched an extensive investigation and retained external forensic experts to help determine the facts.  Because nearly all DQ and Orange Julius locations are independently owned and operated, we worked closely with affected franchise owners, as well as law enforcement authorities and the payment card brands, to assess the nature and scope of the issue.  As a result of our investigation, we discovered evidence that the systems of some DQ locations and one Orange Julius location were infected with the widely-reported Backoff malware that is targeting retailers across the country.  The investigation revealed that a third-party vendor’s compromised account credentials were used to access systems at those locations.

Based on the investigation, we have established the following:

  • The Backoff malware was present on systems at a small percentage of locations in the U.S.
  • The time periods during which the Backoff malware was present on the affected systems vary by location.  A list of impacted DQ locations and the one Orange Julius location, as well as the relevant time periods, is available here.
  • The affected systems contained customers’ names, payment card numbers and expiration dates.  We have no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, were compromised as a result of this malware infection.
  • Based on our investigation, we are confident that this malware has been contained.

We deeply regret any inconvenience this incident may cause.  Our customers are our top priority and we are committed to working with our franchise owners to address the issue.

We are notifying DQ and Orange Julius customers about this incident so they can take steps to help protect their information.  You are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies.  We encourage you to remain vigilant by reviewing your account statements and monitoring your free credit reports.  If you believe your payment card may have been affected, contact your bank or payment card issuer immediately.  Additional information and security tips are available here.

We are offering free identity repair services for one year to customers in the U.S. who used their payment card at one of the impacted locations during the relevant time period.  Information on these services and eligibility can be found here.

If you have any questions about this issue, please call us tollfree at 1-855-865-4456, Monday through Saturday from 8 a.m. CT to 8 p.m. CT.

We sincerely apologize for any inconvenience this may have caused you.


John Gainor President and Chief Executive Officer