Many people think Russia or Egypt when asked about where cyber-crimes originate.
As Canadians, we think we have a safe and clean image in the digital world. However, Websense Inc.’s recently published report on Canada’s cyber security risk profile shows a highly disturbing trend: Canada now ranks No. 2 in the world after the United States for number of hosted phishing sites, jumping 170% in the last year.
Canadian small businesses are a target because they typically don’t have the technical expertise or budget to fully protect themselves.
The first step for a business is being aware of how it might be vulnerable. Below are some common threats and ways to protect your business from cyber-crime.
Malware (malicious software) such as computer viruses or spyware help hackers corrupt or collect sensitive company or customer data.
•Implement and maintain security best practices such as keeping system software and applications fully patched and up to date. Use a firewall, anti-virus and anti-spyware software and spam filter. Make sure your company has the latest versions of the software.
•Implement a security policy and train all staff to avoid clicking on links or opening attachments from suspect sources.
Phishing is used by scammers to get user names, passwords or credit card and other sensitive data from individuals and businesses. Phishing sites are getting more sophisticated. Not only do some look identical to the websites of real companies but the scammers also register slight misspellings of a company’s name like “facemail” instead of “facebook” or use a sub-domain like facebook.example.ca.
Spear phishing uses emails disguised as coming from an employer or technical department of a company asking for an employee to confirm his or her password for the systems administrator.
•Be suspicious of any email that asks you to enter your username, password or sensitive information even if it comes from within your company.
•Before clicking on any link, double-check the URL to make sure it’s the correct company you want to be dealing with.
•Never click on links on Twitter, Facebook or social media sites that are suspicious. Examples include those that tell you to look at the funny picture of you or what horrible things someone is saying about you or your company.
•Register misspellings of your company name to ensure those domains can’t be used in phishing scams.
Domain slamming is a scam where a domain registrar sends a transfer request masquerading as a renewal notice to trick customers of another registrar into switching away.
A related domain name scam, mainly coming from China, involves sending domain owners an email claiming that another company has just attempted to register a number of domains that contain the targeted company’s trademarks.
•The public WHOIS is a goldmine for spammers. When you register a domain name, your business contact information is published for all to see. Use a domain privacy service that hides your email and contact information.
•When your company receives these notices, check the WHOIS to find out who your real registrar of record is if you can’t remember and deal with your own registrar.
There are numerous ways your company is vulnerable online. Having a comprehensive security policy is important no matter how big your company is. The policy should include ensuring that all company computers and social media sites have passwords that can’t easily be guessed and are changed regularly, including each time an employee leaves. •