September 27, 2024

In a world where digital threats are constantly evolving, cybersecurity has become a top priority for both businesses and individuals. From sophisticated email scams to crippling ransomware attacks, the dangers are real and ever-present. David Lawton, IT Director at GGFL Chartered Professional Accountants, shares his insights on how to protect your sensitive information, whether you’re running a business or managing personal accounts.

Email: The Weak Link in Communication

Email remains one of the most commonly used communication tools, but as Lawton points out, it’s also one of the least secure. “Think of email as a postcard,” he says. “You wouldn’t write your social insurance number or banking information on a postcard, so why would you send it through email?”

Too often, sensitive information and financial data are exchanged via email, making it a prime target for cybercriminals. Lawton urges against using email for transmitting sensitive information and instead use secure platforms. “At GGFL, we use a secure client portal called Sharefile, which ensures that our clients’ data is protected during transmission.”

Identity Theft: A Risk for Everyone

One of the biggest risks of using email for sensitive information is identity theft. “If an attacker intercepts your email, they can use your personal details to open credit accounts or access your bank information,” Lawton warns. Lawton emphasizes that no email service is completely secure, so clients should always use ShareFile to share sensitive information.

Phishing Scams: A Growing Threat

Phishing scams are becoming increasingly sophisticated, often fooling even the most vigilant individuals and businesses. “These scams usually create a sense of urgency, urging you to click a link or provide sensitive information immediately,” Lawton explains. For businesses, falling victim to a phishing scam can lead to significant financial losses and damage to their reputation.

Lawton’s advice? “Always verify such requests by contacting the supposed sender directly through a trusted method, rather than replying to the suspicious email or using a phone number provided within it.”

Phone Scams: Another Common Threat

Phone scams are not just a problem for individuals; businesses are also frequently targeted. “If you receive an unsolicited call asking for payment or personal details, be suspicious,” Lawton says. “When in doubt, hang up the phone and call the organization directly using a number you know to be legitimate. For businesses, it’s crucial to train employees to recognize these scams and to have clear procedures in place for verifying requests.

Password Protection

When it comes to passwords, adopting best practices at three different levels can significantly enhance your security. “Your banking and email passwords should be completely unique and never reused,” advises David Lawton, IT Director at GGFL. For these most sensitive accounts, create strong, distinct passwords that avoid common words or easily guessable information like birthdays or names. At the second level, use different passwords for important accounts like social media and online shopping, ensuring they don’t overlap with your banking or email credentials. “Even for less critical accounts, it’s important to keep your passwords strong and varied,” Lawton adds. To manage these effectively, consider using a password manager to generate and securely store complex passwords, and always enable two-factor authentication (2FA) when available, providing an extra layer of protection by requiring a second form of verification, such as a code sent to your mobile device.

Online Shopping: Best Practices for Everyone

In today’s digital age, online transactions have become the norm. However, Lawton advises caution when storing payment details on websites. “It might be convenient to save your credit card information on frequently used sites, but it’s also risky,” he says. “If the site is compromised, your payment details could be exposed.”

For businesses, this advice extends to how they handle client payment information. “Businesses should never store client payment details on their systems unless absolutely necessary and should ensure that any stored data is encrypted and secure.”

Protecting Your Business from Financial Fraud

Small and medium-sized businesses are particularly vulnerable to financial fraud, especially when it comes to changing vendor banking details. “One common scam involves hackers convincing a company to change the banking details for a vendor, redirecting payments to a fraudulent account,” Lawton explains. He advises businesses to never accept banking information changes via email without first verifying them through a phone call or another secure method. “This simple step can prevent significant financial losses.”

Ransomware: A Business’s Worst Nightmare

Ransomware attacks can devastate a business by locking access to critical files. “These attacks often target small to mid-sized businesses with limited IT resources,” Lawton notes. “It’s essential to train your staff to recognize phishing attempts and to maintain up-to-date backups. Regularly test your backups to ensure they’re functioning correctly and that you can recover your data quickly if needed.”  He added “on the day of the emergency you don’t want to find out that the extinguisher doesn’t work when you need to put out a fire.”

For individuals, ransomware is less common but still a threat. Lawton advises keeping personal backups and being cautious about downloading attachments or clicking links from unknown sources.

The Importance of Regular Training

Ongoing training is crucial to stay aware of the latest threats. “Businesses should invest in annual refresher courses to keep cybersecurity top of mind,” Lawton recommends. “For individuals, staying informed about the latest scams and best practices can help you avoid becoming a victim.”

Cyber Insurance: An Essential Safety Net for Businesses

For businesses, cyber insurance is becoming increasingly important. “Cyber insurance can provide crucial support in the event of a data breach or other cyber incidents,” Lawton explains. “However, obtaining such insurance often requires technical expertise, so smaller businesses may need to seek assistance from managed service providers to navigate the process.”

Vigilance is Key

Whether you’re running a business or managing personal accounts, cybersecurity should be a top priority. “Cybersecurity is not just an IT issue; it’s a critical function for both businesses and individuals,” Lawton concludes. “By taking proactive measures, you can protect your sensitive information from the many threats that exist in today’s digital landscape. Remember, it’s always better to be safe than sorry.”

What to Do If You’re a Victim of Cyber Fraud

Discovering that you’ve been a victim of cyber fraud can be overwhelming, but taking immediate and decisive action can help mitigate the damage. Whether you’re an individual or a business, here’s a step-by-step guide on what to do if you suspect that your personal or financial information has been compromised.

Contact Your Bank Immediately

The first and most crucial step is to contact your bank as soon as you suspect any fraudulent activity. Explain the situation and provide as much detail as possible. Banks have fraud departments that are equipped to handle these types of situations. They may take the following actions:

• Freeze Your Accounts: The bank may temporarily freeze your accounts to prevent further unauthorized transactions.
• Issue New Cards: If your debit or credit card information has been compromised, the bank will likely cancel the affected cards and issue new ones.
• Change Your Online Banking Passwords: As an additional precaution, change your online banking passwords and any security questions associated with your accounts.

Notify Credit Bureaus

In Canada, the two main credit bureaus are Equifax and TransUnion. Contact them immediately to inform them of the fraud. You can request the following:

• Credit Report Monitoring: The credit bureaus can monitor your credit report for any suspicious activity, such as new accounts being opened in your name.
• Place a Fraud Alert: A fraud alert can be added to your credit report, warning lenders to take extra steps to verify your identity before granting credit in your name.
• Credit Freeze: You can also request a credit freeze, which restricts access to your credit report, making it harder for fraudsters to open new accounts under your name.

File a Police Report

For serious cases of fraud, especially those involving significant financial loss or identity theft, filing a police report is essential. Here’s how to proceed:

• Contact the Local Police: Call your local police department’s non-emergency number and ask to file a report with their fraud or cybercrime unit.
• Provide Documentation: Be prepared to provide documentation of the fraud, including bank statements, emails, or any other evidence of unauthorized activity.
• Obtain a Copy of the Report: Get a copy of the police report, as you may need it for insurance claims or further investigations.

Report the Fraud to the Canadian Anti-Fraud Centre

The Canadian Anti-Fraud Centre (CAFC) is the central agency in Canada that collects information on fraud and identity theft. Reporting the fraud to CAFC helps them track and investigate larger patterns of fraud and can assist in preventing further incidents. Here’s how to report:

• Online Reporting: You can report the fraud through the CAFC’s online reporting system.
• By Phone: Alternatively, you can call the CAFC to report the fraud directly. They will guide you through the process and advise on additional steps to take.

Contact Identity Theft Protection Services

If you’re not already subscribed to an identity theft protection service, now might be the time to consider it. These services can offer the following:

• Monitoring: Real-time monitoring of your credit, financial accounts, and personal information across various platforms.
• Alerts: Immediate alerts if any suspicious activity is detected.
• Restoration Assistance: Help in restoring your identity if it has been compromised, including assistance with legal processes and contacting necessary authorities.

Check and Monitor All Accounts

Beyond your bank accounts, review and monitor all other accounts that might be affected, including:

• Credit Cards: Even if a specific card wasn’t initially targeted, it’s wise to monitor all credit card accounts for unusual charges.
• Online Accounts: Change passwords for all online accounts, especially those that share the same password as the compromised accounts.
• Utility and Phone Bills: Fraudsters sometimes use stolen identities to open utility accounts or make phone purchases, so check these statements for unfamiliar charges.

Review and Update Your Cybersecurity Practices

Once you’ve taken the immediate steps to secure your finances and identity, it’s essential to review and strengthen your cybersecurity practices:

• Change Passwords: Update passwords for all your online accounts, and consider using a password manager to create and store strong, unique passwords.
• Enable Two-Factor Authentication: Wherever possible, enable two-factor authentication (2FA) for an added layer of security on your accounts.
• Educate Yourself and Your Team: If you’re a business, ensure that all employees are aware of the incident and are trained to recognize and prevent future threats. Regular cybersecurity training can help prevent further incidents.

Evaluate and Use Cyber Insurance

If you’re a business, cyber insurance can be a critical tool in recovering from a cyber fraud incident. Here’s what to do:

• Review Your Policy: Check your cyber insurance policy to understand what coverage is available for fraud incidents.
• File a Claim: Contact your insurance provider to report the incident and begin the claims process. Having documentation like police reports and evidence of fraud will be necessary.

Final Thoughts

Being a victim of cyber fraud can be a distressing experience, but acting quickly and following these steps can help minimize the damage and protect your personal or business finances. Remember, the key is to remain vigilant and proactive in your cybersecurity efforts to reduce the risk of future incidents.