The COVID-19 pandemic proved to be fertile soil for cybercrime, which caused record damage worldwide due largely to the rise of ransomware. Cybercriminals took advantage of the digital weaknesses created by the shift in work patterns, when millions of employees set up home offices, logging into company websites and accessing sensitive organizational data through mobile phones and personal computers.

Phishing is the most common cyber-attack, when careless or untrained staff inadvertently allow a data leak. Electronic communications such as emails create openings for sophisticated cybercriminals to worm their way in through vulnerable entry points. Ransomware is when cybercrooks encrypt files, leaking information online and destroying data, thus affecting an organization’s image, profits, productivity, and operations.

IBC Security reported that the average cost of a data breach in 2021 in Canada was $6.75 million per incident, up from $6.35 million the previous year. Canada trails only the United States and Middle East, which had breaches of US$9.05 million and US$6.93 million respectively.

Critical infrastructure is especially at risk, as a breach can affect enormous numbers of people. In the United States, the Department of Home Security imposed new cybersecurity standards for federally designated critical pipelines following an ambush of Colonial Pipelines that shut down gas lines in the southeast. Russian hacker DarkSide demanded US$4.4 million in bitcoin ransom in return for an IT tool to get the pipeline system running again. Other companies infected with ransomware have reported operational outages lasting anywhere from two days to two weeks.  Cybersecurity Ventures estimates that ransomware costs will reach US$265 billion by 2031, with an expected 30% year-over-year growth in damage costs over the next 10 years.

It is imperative that businesses don’t allow security to lag. With phishing and ransomware attacks on the rise, it’s not a matter of if but when an attack will affect you.

CREDIT UNION PROTECTION

• North Peace Savings & Credit Union has created increased authentication for members with our 2-Step Verification. This extra layer of security is required for online banking.  It replaces the security Q&A process one-time verification codes that are sent to you via text message (SMS) or email to confirm your identity during high-risk logins, such as a login from a new device or location.

PROTECT YOURSELF PERSONALLY

• Create passwords and PINs that are complex and change them often. Never use sequential forward, alternating or backward numbers (such as 1234, 1212, or 4321), your address, date of birth or phone number.
• In place of letters, include a mix of numbers and special characters.
• Never click on links or reply to any message requesting personal information unless you are very comfortable that you know who the requester is and that the email in indeed from them.
• Review your financial accounts regularly and contact North Peace Savings & Credit Union if you detect anything out of the ordinary.
• Use current firewall and anti-virus programs and install all updates.
• Crack down on social media and switch all accounts to private. Don’t accept follow requests from strangers on social media platforms like Facebook or LinkedIn.

PROTECT YOUR BUSINESS

• Use a longer passphrase with a variety of characters, numbers and letters rather than just a password.
• Budget for cyber awareness training of staff as well as encryption and AI technologies.
• Create and test an incident response plan that includes “zero trust architecture,” a framework for securing infrastructure and data.
• Back up your data, which will ensure you recover key information in the event of a cyber-attack.
• Ensure all users have only as much access to the company’s larger network as needed, and only for the time necessary to complete a task.
• Ensure that your company’s cloud infrastructure is configured correctly by using proper foundations and support.
• Ensure operating systems and security software are updated automatically.
• Establish firewalls that act as a gatekeeper for in and outgoing information.
• Turn on spam filters.
• Limit staff access to the web or certain unsecure areas of the web.
• Activate data encryption, which converts data into a secret code before sending it over the Internet.
• Use multi-factor authentication, which requires users to provide additional proof of identity to access their account.
• Keep up to date with evolving cyber themes through updates from NPSCU and or local business support groups i.e. Chamber of Commerce etc.