Cybersecurity awareness: how to stay safe online

The COVID-19 pandemic has shown us the generosity, kindness and teamwork that can emerge when we all band together in a crisis. But we’re also seeing a few bad actors working to take advantage of the situation, particularly on the cybersecurity front as we spend more hours online for work or to pass the time—and high net-worth Canadians, who are often philanthropic and have a history of supporting multiple worthy causes, are particularly at risk.

From phishing attacks to coronavirus donation scams, hackers and other cyber criminals are quick to pounce on a vulnerable laptop or an accidentally clicked email link. Here’s the good news: with a bit of knowledge and a daily dose of cyber vigilance, staying safe online is a relatively simple process.

In fact, the Investment Industry Regulatory Organization of Canada (IIROC) recently issued an Education Notice of practical, easily implemented cybersecurity tips that we wanted to share as you shop, share or spend your time online. Embracing these simple habits could avoid the loss of data—or worse—in the months ahead. The bulletin is available here and some of the highlights we found useful are summarized below.

Identifying Common Attack Tactics

Phishing and malware links are the most common COVID-19 related threat – typically served up over email and text messages. IIROC reports there are two common types:

• “Suspicious/fake emails or text messages from individuals purporting to act for a government organization requesting banking information to deposit pandemic-related funds and assistance.
• Suspicious/fake emails or text messages from hospitals/governments/health organizations asking you to click on a link or call a number to obtain more information on the pandemic or treatment options.”

What To Do
When you receive a link, hover your cursor over it, but never click through—at least not right away. First, confirm it’s legitimate before clicking to visit the corresponding website. Be especially wary of any links that encourage you to click on a web link or to open an attachment (PDF files are especially problematic). As a best practice, if you have any doubt about the origins of an email, don’t click on the link. Instead, IIROC advises that you look up the contact information on the organization’s official website or call the number that sent you a text or voice message.

Social Engineering refers to the tactic of persuading users to share sensitive information or to transfer funds by masquerading as a trusted source (e.g. a help desk agent, health official, financial institution representative, etc.). It can involve email, phone calls or text messages. Egregiously, the COVID-19 pandemic has given way to schemes purporting that you or someone you know has been exposed to the virus. Scams by individuals claiming to be Canada Revenue Agency representatives have also increased.

What To Do
IIROC advises that you assess the validity of a digital communication by asking yourself a series of questions:

• Was this request initiated by you?
• Is this request a common business practice?
• Was the request or communication made through the proper channels?
• Does the communication feel suspicious in any way (e.g., typos, poor grammar, irregular formatting, wrong look and feel, threatening, cryptic, etc.)?

Keeping Your Devices Secure
IIROC offers additional common-sense tips and helpful reminders:

• Do not approve any prompts for authentication that you have not initiated
• Avoid using removable media such as USB cards, and never use any from an unknown source that you’re not expecting
• Remember to check for and apply updates and patches to your operating system and any applications
• Install and operate anti-virus and anti-malware software
• Do not download, save or screenshot any personal or sensitive information onto the computer or mobile device
• If you are using WiFi at home, be sure to employ a stringent security protocol and confirm that you have a strong WiFi password; Do not use public WiFi or insecure/open connections
• Ensure that video-conferencing and other communications applications are secure and accessed through secure means—this is particularly important with so many of us communicating over platforms such as Zoom, Microsoft Teams or Google Meet, among many others

What Newport is Doing to Keep Your Information Secure
At Newport, with the assistance of our external IT support provider, we have adopted and continually enhance our practises around security and data storage. We have made investments in hardware, cloud-based storage solutions and software and have developed monitoring and testing protocols. While the infrastructure is important, we know that technology alone cannot protect us completely—one of the most important elements of our strategy includes an investment in ensuring our team are educated, aware and trained on their role in protecting our systems and our data. We have developed a robust training program that is delivered throughout the year as new threats are identified. Staff are aware of what to look for and, equally important, what immediate steps need to be taken if they see suspicious activity. While no system is perfect, we are diligent, vigilant and nimble in our commitment to stay ahead of the very real threats these cyber criminals represent.