The digitization of our world comes with many benefits, especially for businesses. However, our acceleration in technological advancements has also increased the prevalence and impact of cybercrime. As our systems continue to become more intricate and powerful, so do the tools that cybercriminals develop. It is vital for business owners to adapt to this changing landscape and prioritize cybersecurity in the workplace.
Cybersecurity Statistics
The online network of cybercriminal groups is already widespread and interconnected. Cybercrime-as-a-Service (CaaS) refers to the illicit business model for cybercriminals to sell stolen data or tools and resources to other cybercriminals. As cybercrime continues to become more sophisticated and harmful technology becomes more advanced, the threat from fraud and scams is expected to continue growing. There is also mounting concern about the use of AI and machine learning in cybercriminal activities.
The financial losses from fraud from 2020-2021 in Canada totaled in $383 million Canadian dollars, while from 2022-2023, it jumped to $567 million. This number is even more alarming after considering that it only accounts for cases that were reported.
Phishing
You have likely heard the term “phishing” in reference to cybersecurity. This refers to the type of cyberattack that tries to manipulate victims into revealing personal information to steal money, critical information, or their identity. Phishing is one of the most widely reported types of cyber fraud in Canada. “Spear Phishing”, or phishing that targets a specific individual, has reportedly one of the highest financial impacts to Canadians. We like to believe that we would not fall for phishing attempts, but they are becoming increasingly clever and more difficult to spot.
Malware and Ransomware
Malware, short for Malicious Software, is a type of software created by cybercriminals to either steal information or cause damage to computer systems. Ransomware is a specific subtype of Malware that prevents the victim from accessing files or parts of your computer system while demanding a payment for its return. The use of ransomware has increased exponentially in the last few years. The National Cyber Threat Assessment noted that it will be, “the most impactful cyber threat facing Canadian organizations.”
Taking Action
With this cause for concern, it’s important to remember that Cyberattacks often require the accidental cooperation of their victims. In addition to educating ourselves about cybersecurity, there are steps we can take to help protect ourselves and our workplaces.
Use Multi-Factor Authentication.
Most online platforms these days offer this additional security step when logging in to send a code to your phone or through an authentication app. This can also involve the use of biometrics, such as the use of fingerprints or facial identification.
Update your devices.
We have all been guilty of putting off computer updates during busier days. However, some of the easiest targets are older devices that don’t have proper security updates applied. Keeping your devices up to date is an easy way to ensure there are less technological vulnerabilities.
Identify scamming behavior.
Some phishing attempts these days are sophisticated enough to look indistinguishable from genuine communication, but there are behavioral approaches we can use to stay vigilant. If you receive an email or text that makes you even a little bit suspicious, trust your gut and take an extra minute or two to investigate and ask the following questions:
- Is there a suspicious attachment or link? Before clicking on any attachments or links, even if they appear safe, it’s important to check through the email to ensure it is from a trustworthy source.
- Is it urgent? Oftentimes, scammers will use urgency to grab your attention and react without thinking.
- What information is it asking for? Be cautious of any correspondence that requests sensitive or confidential information, especially if it’s unexpected.
- Who is it from? For email phishing, it’s a common practice for bad actors to use an email address that’s almost correct, so much so that it goes unnoticed. Emails can also appear correct but have an altered domain name. Always double check the information about the sender.
- Are there inconsistencies? If the correspondence is posing as someone you know, does their writing align with how they would normally write? It can also be suspicious if the greeting is unusual or does not reference your name.
- Are there spelling errors? Some phishing attempts have typos that are easy to spot, especially if the message is supposed to come from a professional source, like a banking institution.
If you receive a suspicious email that you’re unsure of whether it is phishing, it’s good practice to contact the person or institution to verify if it’s legitimate. For example, if you receive an email from a business partner that asks urgently for financial information, call them directly and ask.
If you receive correspondence that you are certain is a scam or phishing attempt, alert your IT department and give them the details immediately.
Issue a cybersecurity policy and training.
It is good practice for business owners to help protect their organization from cyberthreats by developing a cybersecurity policy. This can include information such as:
- Procedures for how to handle sensitive or confidential information online
- How to identify potential threats
- How to respond to cyberattacks
- The proper use of workplace technology
- Requirements for setting up and maintaining passwords
- Requirement for multi-factor authentication
It is also beneficial for employees to routinely undergo cybersecurity training. These programs can help educate team members on what different cyberthreats may look like as well as simulate phishing attempts.
Resources
For more information about different types of threats and how to protect yourself from scams and fraud, see the resources below: