Cyber attackers won’t go after us, we’re too small. Why would they attack us, we don’t have any confidential information. Have you said or heard either of these before? Cyber criminals love this attitude. It often means that your business is far from being as protected as it should be. Cyber attackers target many small to medium sized businesses who may not have the right measures in place to protect their data, software and hardware. This means that they purposely go after business’ they think or know might be vulnerable. There are many different ways that cyber criminals try to expose, harm and disrupt the normal business functions of an organization. One of these specific attacks is called a Phishing attack.
What is a Phishing Attack?
Phishing attacks occur when the hacker tries to lure the user, or company, while posing as a legitimate entity into revealing private information. The scammer convinces the victim to take a specific action, such as clicking a link, transferring funds or paying fake invoices. In doing so cyber criminals have the ability to shutdown an entire organization as they gain access to and lock a company out of their computer systems. Once they gain control they can have full access to company data including customer banking information, phone numbers, addresses, credit card details, passwords, and documents.
What are the other forms of Cyber attacks?
- Spear Phishing – a form of cyber attack using emails that are highly personalized towards a specific individual or organization. The hacker carefully crafts an email that seems to come from a known entity asking them to click a link or take a specific action. If the recipient does what the email is asking the hacker can download malware to their computer which would allow them to steal sensitive information or transfer funds. Because the attack is very personalized to the intended recipient it makes it that much harder to recognize these attacks.
- Vishing (or Voice Phishing) – a form of cyber attack where the criminal will call the victim directly posing as a legitimate business in order to convince you to give up personal or financial information. Cyber criminals often use Caller ID spoofing to make the phone number they are calling you from look like that of your bank or another important organizations such as Canada Revenue Agency.
- SMiShing (or SMS Phishing) – a form of cyber attack which uses a text message sent to your mobile phone.
- Virus – a form of cyber attack which reads E-Mails on an infected computer and then sends replies to a previous conversation threads to make them appear legitimate. A copy of the virus is attached to the message as a document, allowing it to infect the recipient’s computer if read. The hacker has control of all infected computers.
- Ransomware – a form of cyber attack that involves a hacker gaining access to an organization or individual’s data and then holding it for ransom. The cost to release or unlock the files can be anywhere from a couple of thousand to hundreds of thousands of dollars. Although this isn’t a specific type of phishing attack, phishing in many cases leads to ransomware which can be devastating to a business. Ransomware can spread indiscriminately, but often targets companies with sensitive information such as hospitals, lawyers & public offices.
How to recognize a cyber attack?
There are some common features that phishing scams all have in common, which can make them easier to identify and avoid.
- An offer that is too good to be true – eye catching offers and statements that seem to good to be true are likely just that
- Incorrect hyperlink destinations – by hovering over a link you can see whether a links destination matches with what is shown in the email
- Sense of urgency – When it comes to emails that ask you to act fast or else, it’s best to keep two things in mind.
- Limited time offers are best to ignore.
- Most reputable organizations will give you ample time to update an online account before it is closed.
- Un-Solicited Communications & Attachments – If an email arrives with an attachment that you were not expecting, it’s best to not download or open it until you are sure it is safe. Here are a couple of self checks to ensure documents are legitimate:
- Call the sender directly to confirm the nature of the email and ensure the attachment was sent from them and does not have a virus
- If you are using Gmail or Outlook you can preview the attachments contents without fully downloading it. (Gmail – hover over the attachment and click on it’s name, not the Download or Save to Drive buttons; Outlook – hit the down arrow to the right of the document name and click Preview in the dropdown menu)
Tips to Stay Safe Online
- Try to limit the amount of personal information you share online. The more information a hacker has on you, the more realistic they can make these emails and phone calls.
- Set up two-factor authentication
- Remain skeptical and keep an eye out for anything out of the ordinary
What to do if you’ve been the victim of a cyber attack?
Step 1: Gather all of the information that you can on the incident including photos, emails & phone numbers.
Step 2: Report the incident to the local police so that they are aware of current scams targeting people in your area.
Step 3: Report the incident to the Canadian Anti-Fraud Centre.
Step 4: Contact any organization with whom your information has been compromised (ie; customers, you bank if a financial issue, Service Canada if your SIN or passport is compromised) to report the scam and start an investigation into the incident.
How to Protect Yourself Against Cyber Attacks (Insurance Coverage)
There are two different types of coverage that Trillium Mutual Insurance offers to help protect your business and livelihood should you fall victim to one of these attacks.
CyberOne® coverage helps you recover expenses incurred and provide liability coverage in case of a security breach. This coverage includes data recovery costs including recreating and replacing the lost, stolen or corrupted data. Along with protection that helps with any lost income and other expenses incurred, the cost of restoring computer hardware and handling any external public relations costs that may arise.
Data Compromise coverage is the second coverage Trillium offers and has been created to cover your business in case your company’s data has been breached or leaked. This coverage includes help in hiring an external IT company to determine the extent of the breach, legal counsel and public relations costs. This coverage also helps with any costs associated with notifying affected customers.