We all know that some New Year resolutions don’t even make it to the second week. Stuff like “no more chocolate – ever” gets filed under “Who am I kidding?” pretty quickly, right?

But after you’ve crossed off the unattainable things on your list, here’s one item you can and must achieve this year: improving your cybersecurity.

Canadians are under attack, and according to a 2024 report by the Auditor General of Canada, we’re not doing well against the growing volume and sophistication of cybercrime.

Cybercrime affects everybody, no matter their age and financial or social status. Anyone with an online presence is a target. Cybercrime has become a fully fledged worldwide industry, so even tech staff who are highly aware of the dangers of the internet can become victims. Often, the threats don’t come from lone hacker dudes in basements. Rather, it has become an ecosystem of professionally run, massively profitable organizations.

Fortunately, you can take a few simple cyber hygiene measures to reduce the risks of cyberattacks and improve online privacy at the same time.

(Phishing Attack) Plus (Human Error) Equals (Data Breaches)

Most data breaches start with phishing emails, text messages or social media content. Scammers design them using psychological techniques proven to lure people into clicking on links or opening harmful attachments. According to a 2023 Verizon Data Breach Investigation, human error plays a role in 74% of all data breaches.

We hear of massive data breaches all the time, and we’ve all been victims of data breach incidents. However, you might not realize that you could also be the cause of one. For example, if you accidentally click on the link in a phishing message, you could give a criminal access to your home or work network.

Once they’re in, they’ll have unauthorized access to workplace systems. And Voilà! You’ve just started a data breach. It may be small or insignificant, never leading to massive damage on the scale we read about in newspapers, but it is a data breach nevertheless.

How to Beat Phishing Attacks

Scammers use AI tools to make their social engineering campaigns look professional and attractive with dynamic and tailored content.

• Don’t open attachments without scanning them for malware. Don’t click on links without checking their safety. One (non-foolproof) way to check a link’s safety is to hover over the URL without clicking to reveal the full URL. Look for spelling errors in the URL, for example, Instagrm.com instead of Instagram.com. You can also use a search engine to look for the domain in the link. Alternatively, use a link checker from a reputable security player to see if the destination domain is safe.
• Legitimate-looking links in phishing messages can lead to bogus website login pages, malware-infected websites, or fake shopping sites to compromise your credit card and other private information.
• Other types of deceiving emails can trigger malware installation on your device. Malware (including viruses, trojans and the like) can give criminals full access to your device and home network. Some are designed to steal passwords, while others lock you out of your system. Ransomware is malware that encrypts the files on your device. The attacker typically demands ransom money to release the files.

The Under-Reported Risks From Unsecured Public Wi-Fi

Anyone can set up a guest network using the default settings on a cheap router. As a result, free Wi-Fi has become a standard offering at restaurants, coffee shops, shopping malls, hotels, and transport networks all over the world.

Unfortunately, these quick-setup networks usually lack essential security measures. Public Wi-Fi networks get infiltrated by hackers all the time, using existing security vulnerabilities or misconfigurations to become an administrator or infect the router with malware.

There’s also the “Evil twin” attack, where they create duplicate hotspots at popular free Wi-Fi areas. Like in the Man-in-the-middle attack (MitM), the Evil Twin attackers can eavesdrop on data as it travels between connected devices and the Wi-fi router. When unsuspecting people connect to the wifi to check a bank account balance or order a ride, the attackers own the traffic from your device.

How to Beat WiFi Attackers

Get a VPN that works reliably in Canada and abroad. Canada’s VPN servers will encrypt and render your data unreadable as it leaves your device to the destination website. VPNs make it much harder for cybercriminals (and your internet service provider or government) to track your internet activities.

A VPN assigns a temporary IP address to your device when you connect to a VPN server. That means better privacy, as snoopers will see the VPN’s IP address, not yours. With a VPN, you can stop ISP throttling and unblock geo-restricted streaming content in the US, Europe, and other parts of the world. It will work as well abroad as in Canada to keep you safe when travelling.

Everyday Cyber Tips

• Use multi-factor authentication (MFA) or two-factor authentication (2FA). MFA adds an extra step to your login process, which may be a little annoying but offers very strong extra security. Do not automatically approve an MFA request unless you’re trying to access an account.
• Use strong, unique passwords. It’s a great idea to pay a small subscription fee for a premium password manager. If you use a fully free password manager, you are entrusting your most sensitive data to a company whose business model is based on selling customers’ data.
• Install a reliable antivirus to check downloads and email attachments.
• Update promptly. Updates are a critical part of your device’s security. They contain patches for newly discovered vulnerabilities and cutting-edge attacks.
• Store a copy of your data in the cloud to beat ransomware attacks. You could also back up your device’s contents to an external hard drive.

Fighting Online Fraud in Canada

The Canadian Anti-Fraud Centre has reported that Canadians lost an estimated $230 million to fraud in 2021. More than $100 million could be linked to online fraud. Don’t become another statistic: use a VPN and antivirus, keep your devices updated, and handle passwords and information about your online accounts with care to avoid becoming a victim this year.