3 Network Security Threats to Watch Out for in 2019

Cyber security attacks continue to increase in both size and severity. In order to truly protect themselves, businesses must remain informed on the latest cyber security trends. While it can be difficult to predict the emergence of new risks, the following is a list of major threats experts have identified for 2019 and ways to protect your business:

  1. Viruses and worms—Computer viruses and worms are malicious programs designed to infect core systems and destroy essential data. What’s more, viruses and worms can replicate themselves, infecting an entire network quickly. To protect your system, install anti-malware on all network devices.
  2. Drive-by download attacks—Drive-by download attacks generally refer to the unintentional download of malicious code from an app, operating system or browser, which, in turn, opens you up for an attack. What’s most concerning about these attacks is users don’t have to click, download or open anything to become infected. The best way to avoid these types of attacks is to keep your web browsers updated and ensure users don’t navigate to potentially dangerous sites.
  3. Phishing attacks—Phishing scams are a common strategy for hackers—one that requires minimal technical know-how and can be deployed via email. With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. Successful phishing attacks oftentimes go unnoticed, which increases the risk of large and continued losses, particularly for businesses. To avoid becoming the victim of an attack, organizations need to train users on how to identify and avoid common phishing scams.

For more information on network security threats and prevention strategies, contact your insurance broker today.

© Zywave, Inc. All rights reserved

5 Tips to Make Your Passwords More Secure

Because identity theft and data breaches are becoming an ever-growing problem, it’s important to not only have a different password for each account, but to make those passwords easy to remember and hard to guess. The following are tips you can use to make your password harder to crack:

  1. Change your passwords every 90 days. This might seem like a hassle at first, but hackers have a better chance at cracking your passwords if they never change. It’s also a good idea to avoid reusing passwords.
  2. Make your passwords at least eight characters long.Generally, the longer a password is, the harder it is to guess.
  3. Don’t use the same password for each account.Hackers target lower security websites and then test cracked passwords on higher security sites. Make sure each account has a different password.
  4. Include uppercase letters and special characters in your password. Special characters include symbols like “#,” “*,” “+” and “>.” These symbols can make your password more complex and harder to guess.
  5. Avoid using the names of spouses, kids or pets in your password. All it takes for a hacker to crack passwords that include these things is a little research on social media sites like Facebook and Twitter.

© Zywave, Inc. All rights reserved

What Comes Next in Facebook’s Major Data Breach

Source: Insurance Journal

For users, Facebook’s revelation of a data breach that gave attackers access to 50 million accounts raises an important question: What happens next?

For the owners of the affected accounts, and of another 40 million that Facebook considered at risk, the first order of business may be a simple one: sign back into the app. Facebook logged everyone out of all 90 million accounts in order to reset digital keys the hackers had stolen – keys normally used to keep users logged in, but which could also give outsiders full control of the compromised accounts.

Next up is the waiting game, as Facebook continues its investigation and users scan for notifications that their accounts were targeted by the hackers.

What Facebook knows so far is that hackers got access to the 50 million accounts by exploiting three distinct bugs in Facebook’s code that allowed them to steal those digital keys, technically known as “access tokens.” The company says it has fixed the bugs.

Users don’t need to change their Facebook passwords, it said, although security experts say it couldn’t hurt to do so.

Facebook, however, doesn’t know who was behind the attacks or where they’re based. In a call with reporters on Friday, CEO Mark Zuckerberg – whose own account was compromised – said that attackers would have had the ability to view private messages or post on someone’s account, but there’s no sign that they did.

“We do not yet know if any of the accounts were actually misused,” Zuckerberg said.

The hack is the latest setback for Facebook during a tumultuous year of security problems and privacy issues . So far, though, none of these issues have significantly shaken the confidence of the company’s 2 billion global users.

This latest hack involved bugs in Facebook’s “View As” feature, which lets people see how their profiles appear to others. The attackers used that vulnerability to steal access tokens from the accounts of people whose profiles came up in searches using the “View As” feature. The attack then moved along from one user’s Facebook friend to another. Possession of those tokens would allow attackers to control those accounts.

One of the bugs was more than a year old and affected how the “View As” feature interacted with Facebook’s video uploading feature for posting “happy birthday” messages, said Guy Rosen, Facebook’s vice president of product management. But it wasn’t until mid-September that Facebook noticed an uptick in unusual activity, and not until this week that it learned of the attack, Rosen said.

“We haven’t yet been able to determine if there was specific targeting” of particular accounts, Rosen said in a call with reporters. “It does seem broad. And we don’t yet know who was behind these attacks and where they might be based.”

Neither passwords nor credit card data was stolen, Rosen said. He said the company has alerted the FBI and regulators in the United States and Europe.

Jake Williams, a security expert at Rendition Infosec, said he is concerned that the hack could have affected third party applications.

Williams noted that the company’s “Facebook Login” feature lets users log into other apps and websites with their Facebook credentials. “These access tokens that were stolen show when a user is logged into Facebook and that may be enough to access a user’s account on a third party site,” he said.

Facebook confirmed late Friday that third party apps, including its own Instagram app, could have been affected.

“The vulnerability was on Facebook, but these access tokens enabled someone to use the account as if they were the account-holder themselves,” Rosen said.

News broke early this year that a data analytics firm once employed by the Trump campaign, Cambridge Analytica, had improperly gained access to personal data from millions of user profiles. Then a congressional investigation found that agents from Russia and other countries have been posting fake political ads since at least 2016. In April, Zuckerberg appeared at a congressional hearing focused on Facebook’s privacy practices.

The Facebook bug is reminiscent of a much larger attack on Yahoo in which attackers compromised 3 billion accounts – enough for half of the world’s entire population. In the case of Yahoo, information stolen included names, email addresses, phone numbers, birthdates and security questions and answers. It was among a series of Yahoo hacks over several years.

U.S. prosecutors later blamed Russian agents for using the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses.

In Facebook’s case, it may be too early to know how sophisticated the attackers were and if they were connected to a nation state, said Thomas Rid, a professor at the Johns Hopkins University. Rid said it could also be spammers or criminals.

“Nothing we’ve seen here is so sophisticated that it requires a state actor,” Rid said. “Fifty million random Facebook accounts are not interesting for any intelligence agency.”

Canada Ranks Third Among Countries Most Vulnerable to Cyber Attacks

According to The National Exposure Index, a report released by cyber security vendor Rapid7 Labs, Canada ranks third on a list of countries most vulnerable to cyber attacks. The goal of the report was to determine which countries are most at risk for deliberate, wide-scale breaches.

Countries were ranked based on their unencrypted services on the public internet, services on the internet that are unsuitable for public access and services that are subject to abuse. Notably, researchers found that countries with the most risk have a significant investment in, and reliance on, a safe and stable internet.

Other interesting findings include the following:

  • The top five countries in the 2018 exposure ranking were the United States, China, Canada, South Korea and the United Kingdom. Together, these countries control over 61 million servers on at least one of the ports surveyed.
  • There are 13 million exposed endpoints associated with direct database access.
  • There are about 40,000 unpatched, out-of-date servers. These servers are at risk of being targeted in future, large-scale disrupted denial-of-service attacks.
  • Mature and traditionally profitable countries are not the only ones that rely on a healthy internet. As of 2018, more than half of the entire world maintains an active internet presence.

Rapid7 Labs hopes internet service providers can use these findings, with the help of policy-makers, to create a more secure global internet. To read the full report, click here.

© Zywave, Inc. All rights reserved

Cyber Liability: Employee Management to Reduce Occupational Fraud

Some of the most damaging cyber-attacks can come from within the business, in ways that many employers overlook when it comes to their cyber security. Occupational fraud is one of these ways. It’s an employer’s worst nightmare—an employee is dissatisfied with his or her job and decides to defraud or steal from the company. Employees can cause enormous damage by committing these crimes. By recognizing signs of occupational fraud and implementing practises to prevent it, you can lead a happy and productive workforce.

Occupational Fraud Facts

Types of occupational fraud include embezzling, insider trading, forging checks, expense reports and vendor invoices, and any other type of internal fraud.

According to an occupational fraud report by the Association of Certified Fraud Examiners (ACFE), the typical organization loses 5 per cent of its annual revenue to fraud. The median loss caused by fraud was $160,000. For a small company, this could mean the end of the business. Small businesses are more at risk because owners inherently treat their employees like family, leading to complacency and lax security measures. Small businesses also tend not to have anti-fraud measures in place as many lack the knowhow and enforcement capabilities of larger businesses. Nearly half of victim organizations do not recover any losses that they suffer due to fraud. 

The Fraud Triangle

Certain conditions must be met for an employee to commit occupational fraud—these three conditions are known as the “fraud triangle.”

  1. Motive: The defrauder must have a motive to commit fraud, and this motive is often pressure. This can come from feeling too much stress at work to meet deadlines or trying to live a lifestyle that is above his or her means. Outside problems can exist as well, such as a gambling addiction. Monetary gain is often the motive behind occupational fraud.
  2. Opportunity. If anti-fraud measures are too lax, the opportunity can be there for fraud to occur. Even if the perpetrator is financially stable, the opportunity to commit fraud for financial gain might be too much to pass up. Being employed in a high-level, trustworthy position can also lead to opportunity.
  3. Rationalization. The perpetrator must be able to justify his or her actions. If employees sense some sort of wrongdoing from the company, they might be able to justify the fraud. They may also tell themselves they are just “borrowing” money from the company with no intention to pay it back, or they might feel entitled to a raise and will commit fraud to give themselves that “raise.”

Understanding these conditions can be the key to recognizing occupational fraud at your business.

 Recognizing Occupational Fraud

It is often difficult to know when occupational fraud has occurred. Frauds last a median of 18 months before being detected, according to the ACFE study. Occupational frauds are much more likely to be detected by tip than by any other means. Because of this, many companies have set up employee tip lines to catch the person(s) responsible for wrongdoing.

While detecting occupational fraud may be a difficult task, there are a variety of warning signs that an employee might be defrauding your business, including the following:

  • Invoices from fake vendor – an employee can create a fictitious vendor, mail a cheque to the fake vendor with your business’ name on it and then cash the cheque for themselves.
  • Missing property – laptops or other computing equipment can be an easy target for employees.
  • Fraudulent expense reports – some company reports are merely skimmed over for approval, offering an employee an easy way to fake expenses.
  • Forged cheques – if an employee consistently works around a high-level executive, it becomes easy for the employee to forge signatures.
  • Employee lives beyond his or her means – if an employee is living a lavish lifestyle on a modest salary, he or she could be defrauding the business. Alternatively, an employee who is having financial troubles yet seems to be living within his or her means may indicate fraud.
  • Unusually close association with a competitor – if an employee seems to have a close relationship with a direct competitor, he or she could be sharing your trade secrets in return for money.

Preventing Occupational Fraud

  • If you run a small business, chances are you have a few employees who are in charge of several different areas of the organization. Split up the duties among a larger pool of employees to decrease the likelihood of fraud.
  • Perform a pre-employment screening on all potential employees. A resume might not tell the entire story about a prospective employee’s past.
  • Let employees know there are policies on employee theft in place. Don’t assume they are already aware of the policies and the consequences of fraud.
  • According to ACFE’s study, more than 80 per cent of the frauds in the report came from employees in one of six departments: accounting, operations, sales, executive/upper management, customer service and purchasing. Recognize these high-risk departments as potential sources of fraud and implement the proper policies to prevent it.
  • Establish an anonymous tip line that employees, clients or vendors can use to report cases of occupational fraud.
  • Don’t get complacent. Any employee can commit fraud at any time. While most fraud is committed for monetary gain, that doesn’t mean an employee won’t commit fraud if the opportunity is there.
  • Conduct random audits. Work with a CPA to set up and maintain effective internal financial controls to ensure you’re not losing money as a result of fraud.

Proper Employee Management

One of the best ways to prevent occupational fraud at your company is to ensure all your employees are satisfied with their work and the company as a whole. Lead by example—if you and your high-level management team conduct business properly and ethically, your employees will likely do the same. Good ethics also carry over into the market, where your company will be looked on favourably, which can lead to higher revenue and greater goodwill from the community.

Reward employees for doing well. Let them know how important they are to the success of the business. Don’t emphasize only the things that haven’t been achieved—focus on the positive things employees have done, too.

Insuring Against Occupational Fraud

Recognizing and preventing occupational fraud can be a daunting task. Contact your insurance broker today to ensure you have the proper coverage to protect your company against losses from occupational fraud and maintain a productive workforce.

© Zywave, Inc. All rights reserved

Keeping Your Data Secure

Data security is crucial for all businesses. Customer and client information, payment information, personal files, bank account details—this information is often impossible to replace if lost and is extremely dangerous in the hands of criminals. Data lost due to disasters such as a flood or fire is devastating, but losing it to hackers or a malware infection can have far greater consequences. How you handle and protect your data is central to the security of your business and the privacy expectations of customers, employees and partners.

What kind of data do you have?

Your business data may include customer data such as account records, transaction accountability and financial information, contact and address information, purchasing history, and buying habits and preferences as well as employee information such as payroll files, direct payroll account bank information, Social Insurance numbers, home addresses and phone numbers, and work and personal email addresses. It can also include sensitive business information such as financial records, marketing plans, product designs and tax information.

Complete a data inventory to identify and classify all of your potential areas of vulnerability. Common data classifications include the following:

  • Highly confidential: This classification applies to the most sensitive business information that is intended strictly for use within your company. Its unauthorized disclosure could seriously and adversely impact your company, business partners, vendors and/or customers in the short and long term. It could include credit card transaction data, customer names and addresses, card magnetic strip contents, passwords and PINs, employee payroll files, Social Insurance numbers and patient information (if you’re a health care business). If you collect personal information such as this, make sure you have a privacy policy that explains how the information will be used and what individuals’ rights are regarding the data.
  • Sensitive: This classification applies to sensitive business information that is intended for use within your company; information that you would consider to be private should be included in this classification. Examples include employee performance evaluations, internal audit reports, various financial reports, product designs, partnership agreements, marketing plans and email marketing lists.
  • Internal use only: This classification applies to sensitive information that is generally accessible by a wide audience and is intended for use only within your company. While its unauthorized disclosure to outsiders should be against policy and may be harmful, the unlawful disclosure of the information is not expected to negatively impact your company, employees, business partners or vendors.

Classifying your data allows your company to set parameters for how the data is accessed, transported, shared and ultimately kept secure.

Where is your data stored?

Data is most at risk when it’s on the move. If all your business-related data resided on a single computer or server that is not connected to the Internet, and never left that computer, it would be very easy to protect. But to be meaningful, data must be accessed and used by employees, analyzed and researched for marketing purposes, used to contact customers and even shared with key partners. Every time data moves or changes hands, it can be exposed to different dangers.

It’s important to create a company policy that dictates safe data transfer and storage. The policy should include information on how to back up, transport and safely store physical and virtual data.

  • Physical data: Keep in mind that physical media, such as a disc or drive used to store data or a data backup, is vulnerable no matter where it is located, so make sure you guard any physical data stored in your office or off-site, and make sure that your physical data storage systems are encrypted. As much as possible, try to avoid data transport on physical media such as flash drives or CDs. These media can easily end up in the wrong hands.
  • Website data: Your website can be a great place to collect information, from transactions and payments to purchasing and browsing history, and even newsletter sign-ups, online inquiries and customer requests. This data must be protected, whether you host your own website and manage your own servers or whether your website and databases are hosted by a third party. If a third party hosts your website, be sure to discuss systems it has in place to protect your data from hackers and outsiders as well as employees of the hosting company.
  • Virtual data: Storing data virtually is a very common practice, but it has certain risks you need to consider. If your company contracts with a third party to house data virtually, be sure to keep an updated, thorough contract that outlines who accesses your data, how it is encrypted and how it is backed up. And make sure you know the location of the company you are trusting with your data. Different rules about data sharing and security apply in different Canadian jurisdictions and in the United States.

Who accesses your data?

Once you have identified, classified and located your data, you must control access to it. The more sensitive the data, the more restrictive the access should be. As a general rule, access to data should be on a need-to-know basis. Only individuals who have a specific need to access certain data should be allowed to do so.

Not every employee needs access to all of your information. For example, your marketing staff shouldn’t need or be allowed to view employee payroll data, and your administrative staff may not need access to all of your customer information.

The first step in controlling access to your data is assigning rights to that data. Doing so simply means creating a list of the specific employees, partners or contractors who have access to specific data, under what circumstances, and how those access privileges will be managed and tracked. As part of this process, you should consider developing a straightforward plan and policy—a set of guidelines—about how each type of data should be handled and protected based on who needs access to it and the level of classification.

How do you protect your data?

Once you understand the type of data your company makes use of, where it is located and who accesses it, you can begin planning how you will protect it. Protecting data, like any other security challenge, is about creating layers of protection. The idea of layering security is simple: You cannot and should not rely on just one security mechanism—such as a password—to protect something sensitive. If that security mechanism fails, you have nothing left to protect you.

Businesses have many affordable backup options, whether it’s backing up to an external drive in the office or backing up online so that all data is stored at a remote and secure data centre.

Are you planning for the future?

Every business has to plan for the unexpected, and that includes the loss or theft of data from your business. Not only can data loss or theft hurt your business, brand and customer confidence, it can also expose you to significant legal actions.

That’s why it’s critical to understand exactly which data or security breach regulations affect your business and how prepared you are to respond to them. At the very least, all employees and contractors should understand that they must immediately report any loss or theft of information to the appropriate company officer.

Identifying your exposures will help determine how to protect your data. In addition to data security measures, insuring your data is crucial.

© Zywave, Inc. All rights reserved

Precautions for Better Cyber Security

Many business operations revolve around the functionality of computers, network connections and the Internet. It’s no secret that with computer use there are many risks, including damaging viruses, hackers, use of your system to attack others or use of sensitive data to steal identities or other illegal actions. As a result, companies must respond by preventing, detecting and responding to cyber attacks through a well-orchestrated cyber security program.

Get Familiar with Risks

The first step in protecting your business is to take notice of the multitude of cyber risks.

Hackers, Attackers and Intruders

These people seek to exploit weaknesses in software and computer systems for their personal gain. Although their intentions are sometimes benign, their actions are typically in violation of the intended use of the systems that they are exploiting. The results of this cyber risk can range from minimal mischief (creating a virus with no negative impact) to malicious activity (stealing or altering data).

Malicious Code (viruses, worms and Trojan horses)

  • Viruses: This malicious code requires a user to take action to let into the system, such as open an email attachment, download a file or visit a webpage.
  • Worms: Once released, this code reproduces and spreads through systems on its own. They usually start by exploiting a software flaw. Then, once the victim’s computer is infected, the worm will attempt to find and infect other computers through a network.
  • Trojan horses: This disguised code claims to do one thing while actually doing something else (a program that claims to speed up your computer system but is actually sending confidential information to a remote intruder).

Risk Management Planning

To reduce your cyber risks, it is wise to develop an IT Risk Management Plan at your organization. Risk management solutions utilize industry standards and best practices to assess hazards from unauthorized access, use, disclosure, disruption, modification or destruction of your organization’s information systems. Consider the following when implementing risk management strategies at your organization:

  • Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their function, the data stored and processed, and importance to the organization.
  • Review the cyber risk plan on an annual basis and update it whenever there are significant changes to your information systems, the facilities where systems are stored or other conditions that may affect the impact of risk to the organization.

In addition, your organization should take precautionary measures when selecting your Internet service provider (ISP) for use for company business.

ISP Considerations

Almost all ISPs offer Web browsing capabilities with a varying degree of user support and Web hosting capabilities. Your company should determine what ISP to use, along with a plan for backing up emails and files and what firewalls to implement.

To select an ISP that will reduce your cyber risks, consider the following:

  • Security – How concerned with security is the ISP provider? Does it use encryption and SSL to protect any information that you submit?
  • Privacy – Does the ISP have a published privacy policy? Are you comfortable with who has access to your information, and how it is handled and used?
  • Services – Does your ISP offer the services that you want and does it meet your organization’s needs? Is there adequate support for the services provided?
  • Cost – Are the ISP’s costs affordable and are they reasonable for the number of services that you receive? Are you sacrificing quality and security to get a lower price?
  • Reliability – Are the services provided by the ISP reliable, or are they frequently unavailable due to maintenance, security problems and a high volume of users? If the ISP knows that its services will be unavailable, does it adequately communicate that information to its customers?
  • User Supports – Are there any published methods for contacting customer service, and do you receive prompt and friendly service? Does its hours of availability accommodate your company’s needs?
  • Speed – How fast is your ISP’s connection, and is it sufficient for accessing your email or navigating the Web?
  • Recommendations – What have you heard from industry peers about the ISP? Were they trusted sources? Does the ISP serve your geographic area?

Cyber security is a serious concern for your business. Contact your insurance broker to learn about our risk management resources and insurance solutions for emerging technology exposures.

© Zywave, Inc. All rights reserved

Basic Cyber Loss Control Techniques

Protecting your business from cyber risks can be an overwhelming venture. With each passing month, new and more sophisticated viruses are being discovered, more spam is reaching your inbox and yet another well-known company becomes the victim of a data breach.

The world will never be free of cyber risks, but there are many loss control techniques you can implement to help protect your business from exposures.

Install a firewall for your network.

Operating systems often come with pre-installed firewalls, but they are generally designed to protect just one computer. Examine the firewall’s options and select the best configuration to keep the computer safe.

If your business has a network of five or more computers, consider buying a network firewall. They can be pricey but network firewalls provide a fine level of coverage for an entire network.

Install anti-virus, anti-malware and anti-spyware software.

This loss control technique is the easiest and most effective way to increase security at your business. Make sure to install the software on each computer in your network—computers that don’t include these types of software are much more likely to be exposed and can possibly spread malware to other computers in the network. There are a host of viable options for each type of software, ranging in price from free to an annual subscription. Be sure to keep the software as up-to-date as possible.

Encrypt data.

No firewall is perfect. If a hacker manages to get through your firewall and into your network, your data could be a sitting duck. Encryption will make the data unreadable to a hacker. Consider using an encryption program to keep computer drives, files and even email messages safe from hackers.

Use a Virtual Private Network (VPN).

A VPN allows employees to connect to your company’s network remotely. VPNs eliminate the need for a remote-access server, saving companies lots of money in remote server costs. In addition to these savings, VPNs also provide a high level of security by using advanced encryption and authentication protocols that protect sensitive data from unauthorized access. If your company has salespeople in the field or employs workers who work from home or away from the office, a VPN is an effective way to minimize cyber risks.

Implement an employee password policy.

One of the most overlooked ways to keep your business safe is instituting a password policy. Essentially, a password policy should force employees to change work-related passwords every 90 days. The policy should encourage the creation of easy-to-remember, hard-to-guess passwords that include letters, numbers and special characters. For example, an easy-to-remember, hard-to-guess password could be “M1dwbo1025.” (My first daughter was born on Oct. 25th.)

Passwords that contain words from the dictionary or contain sensible combinations (abc123, qwerty, etc.) should never be allowed. Let employees know that they should not write passwords down and leave them in a desk or out in the open. If they are having trouble remembering passwords, there are password-keeping programs available for download.

Back up data regularly.

Important data should be backed up daily and in multiple locations, one being off-site. In addition to being safe from cyber risks, off-site data would not be exposed from physical attacks, like a fire or tornado.

Restrict access to backed up data. The public should never have access to it. If the data is tangible, keep it in locked filing cabinets in a locked room, and only issue keys to those who absolutely need them.

Develop a business continuity plan.

If the worst should happen and your company suffers a data breach or similar attack, you should have a business continuity plan in place. A business continuity plan helps:

  • Facilitate timely recovery of core business functions
  • Protect the well-being of employees, their families and your customers
  • Minimize loss of revenue/customers
  • Maintain public image and reputation
  • Minimize loss of data
  • Minimize the critical decisions to be made in a time of crisis

The plan should identify potential cyber risks, along with the recovery team at your company assigned to protect personnel and property in the event of an attack. The recovery team should conduct a damage assessment of the attack and guide the company toward resuming operations.

Contact Your Loss Control Expert

Keeping your data safe from cyber risks requires constant attention to ensure an attack never happens. Your insurance broker can help you identify potential risks and keep your business running smoothly in the event of an attack.

© Zywave, Inc. All rights reserved

Federal Budget Details $600 Million Investment in Cyber Security

The federal government recently released its 2018-19 budget. Among other important allocations, the government announced an investment of more than $600 million in data privacy. Specifically, the budget calls for $507.7 million over the next five years and $108.8 million each year thereafter for a new national cyber security strategy to help protect Canadians and their sensitive personal information.

A portion of the funds—$155.2 million during the next five years and $44.5 million per year thereafter—will go toward establishing a new Canadian Centre for Cybersecurity. This centre will allow the government to consolidate its cyber expertise under one roof as well as establish a single source of advice, guidance, services and support on cyber security-related matters.

In addition to funding the creation of the Canadian Centre for Cybersecurity, the government will provide $236.5 million over the next five years and $41.2 million per year thereafter to support the national cyber security strategy. This strategy is designed to do the following:

  • Enhance the government’s ability to investigate, prepare for and respond to cyber crime.
  • Create a voluntary cyber-certification program to help students and businesses improve their cyber security.
  • Improve cyber security on a national level by working alongside provincial, territorial, private-sector and international partners.

To learn more about these and other investments, review the government’s website on the 2018-19 federal budget.

© Zywave, Inc. All rights reserved

Avoid Costly Phishing Scams

Phishing, a type of cyber attack in which hackers disguise themselves as a trusted source online in order to acquire sensitive information, is a common scam that can put your employees and business at risk. The Canadian Internet Registry Authority recently published a survey of businesses who use the .ca domain and found that 32 per cent of firms had unwittingly divulged sensitive information after falling for phishing tactics.

Falling for a spear phishing attack can give a hacker access to personal and financial information across an entire network. What’s more, successful spear phishing attacks oftentimes go unnoticed, which increases the risk of large and continued losses.

Though it is difficult to completely avoid the risks of spear phishing attacks, there are ways to prevent further damage to your business. Make sure that your employees are aware of these simple techniques:

  • Never send financial or personal information electronically, even if you know the recipient well.
  • Be cautious when you are asked to divulge personal or sensitive business information in an email. Even if it appears to be from a trusted source, it could be a hacker impersonating another person or group.
  • Only share personal information on secure websites or over the phone.
  • Never click on links or open attachments from unknown sources. In addition, encourage employees to think twice about what they post online.
  • Ensure that your company’s security software is up to date. Firewalls and antivirus software can help protect against spear phishing attacks.

It’s important to encourage employees to be overly cautious when it comes to preventing phishing scams. Together, these strategies can go a long way toward keeping your business safe.

© Zywave, Inc. All rights reserved