You may have heard last month about a series of cyber-attacks on the Canadian Revenue Agency. They were just the latest in a long list of similar incidents that have left many people feeling vulnerable to having their identity stolen by fraudsters.
We thought this would be a good time to look at some best practices for protecting yourself from cyber-attacks, and what you should do if you fall victim to one.
In the CRA case, the agency was forced to temporarily shut down its online services last month after hackers used stolen usernames and passwords to compromise the personal information of thousands of Canadians in three separate breaches.
A proposed class-action lawsuit says hackers were able to steal social insurance numbers, home addresses, bank account details and tax information and use them to file fraudulent claims for the Canada Emergency Response Benefit (CERB) or the Canadian Emergency Student Benefit (CESB).
Those attacks followed numerous other data breaches in recent years. For example, a massive data theft at the Desjardins Group last year affected all of its 4.2 million customers.
How to protect yourself
While you sometimes can’t avoid being victimized, there are some easy steps you can take to make your data more secure.
- Use good password practices—The fraudsters who hacked into CRA accounts used usernames and passwords stolen in previous breaches. This technique played on the habit of many people who use the same log-in credentials for several different sites and applications. You should always choose a different password for each site or app that you use and ensure your passwords are strong and can’t be easily guessed by a hacker.
- Beware of phishing attacks—According to the Canadian Centre for Cyber Security, a phishing attack is when a fraudster calls, emails, texts or uses social media to trick you into clicking on a malicious link, download malware or share sensitive information. You should always be suspicious of unsolicited emails, texts and calls and be extremely careful about verifying links before clicking on them. Scammers are sophisticated and can create authentic looking emails and fake websites. They can also be very persuasive and urgent when they contact you. For more advice on phishing, visit the Centre of Cyber Security’s anti-phishing site.
- Secure your computer—Especially with more people working from home and other remote locations, it’s important to make sure your computer is protected from hackers. The centre recommends, among other things, that you secure your home wireless router with a strong password/passphrase, turn off Wi-Fi, Bluetooth and GPS when not in use and use trusted anti-malware software.
- Keep an eye on your financial records—Make sure to regularly check your bank, credit card and investment accounts for transactions you don’t recognize. You should also check your file at the credit rating bureaus regularly to ensure no one has used your credit fraudulently and that there are no errors. (See the next section for references.)
What you should do if you’ve been a victim of a cyber incident
The Centre for Cyber Security offers the following tips if you’ve been involved in an incident where your personal or financial information may have gotten into the wrong hands.
- Call your financial institution if your banking information or credit cards are involved. It’s important to report an incident immediately and cancel your cards to avoid liability for losses.
- Call the police and keep note of the report number for reference.
- Contact the credit rating bureaus and put a fraud alert on your credit report. If you have been given free access to credit monitoring and identity theft insurance after an incident be sure to use it.
- Contact Service Canada if any of your federally-issued ID has been compromised (for example your social insurance number or passport).
- Call companies where your identity was used. They will tell you what information they need, whether an investigation has been started and how you can recover stolen money.
- Contact the Canadian Anti-Fraud Centre (CAFC) (1-888-495-8501) to report any incidents of fraud or cyber-related fraud. CAFC’s website also has a wealth of information on avoiding scams of all kinds.
Finally, I want to assure you that at PWL we take protecting your personal and financial information very seriously. We invest and focus on IT security, and every request and financial transaction is reviewed by a human being and verified by telephone when necessary.
Your security is important to us and our relationship with you is a critical part of how we protect it.