Tag Archives: Cyber liability

Scammers More Sophisticated, Warns Competition Bureau

Posted on July 31, 2014 by Marijana Dabic

The Competition Bureau reports that phishing is one of the growing scamming techniques, and users of social networking sites are especially vulnerable. Almost 95 per cent of fraud-related crimes in Canada go unreported, according to an estimate by the Canadian Anti-Fraud Centre. One glaring reason for this is because people are usually too embarrassed to admit that they fell for a fraud scam, especially one that happened on a social networking site.

A phishing scam is a phony email or pop-up message used to lure unsuspecting Internet users into divulging personal information, such as credit card numbers and account passwords, that will later be used by hackers for identity theft. A phisher’s email can be very persuasive and believable if he or she is impersonating a well-known organization or individual.

Keep employees safe from phishing scams by teaching them to:

Be extremely wary of urgent email requests for any personal or financial information (their information or a client’s).
Call the company or individual in question with the number listed on the corporate website or in the phone book. Avoid using phone numbers provided in the email, as they could be phony too.
Do not use the links included in the email unless you are certain that the email is legitimate.
Do not divulge personal or financial information on the Internet unless the site is secure (sites that start with “https”).
Never disable anti-virus software.

The only way that the authorities can keep tabs on new scams that pop up is if individuals report crimes when they happen. When these crimes go unreported, the public can’t be alerted to watch out for scams, which can in turn affect many more people.

A computer intrusion could cripple your company, costing you thousands or millions of dollars in lost sales and/or damages. Make sure your employees are alerting you when they encounter suspicious emails or websites.

Facebook Bullying Grounds for Dismissal

Posted on July 9, 2014 by Marijana Dabic

A postal clerk in Canada was dismissed from her job in May after her employer discovered Facebook posts she had written that were described as contemptuous, undermining managerial authority, and so harmful to her managers that they needed to take time off work to seek medical care and ease their emotional distress.

The employee stated that she had believed her posts were private and that her toxic work environment was the reason she needed to vent on Facebook. The arbitrator of the case ruled that due to the content of the posts and the effect they had on her managers, the termination of the employee was justified.

This case brought to life an interesting dynamic of the modern workplace: Because of social media, workplace relationships, and sometimes workplace bullying, don’t solely occur at work anymore. After work, employees can still log on to social media sites and harass co-workers or managers, or post hostile things about them.

At a minimum, workplace bullying affects safety, productivity, trust and the workplace culture. Being bullied not only puts a huge emotional strain on someone, but in turn could put a financial strain on the company due to unhappy or less-productive employees.

There has been an increase in court cases pertaining to social media and its influence on the workplace, and the number is projected to get higher. This case demonstrates how an employee can be justly terminated for posting offensive content—more serious than just a normal negative critique—about his or her company, manager or co-workers on social media sites.

Cyber Extortion Requires its Own Insurance Solution

Posted on June 4, 2014 by Marijana Dabic

Cyber extortion is an increasingly popular form of cyber attack that requires its own insurance solution.

The digital world we live in and ever-increasing number of companies that rely on the Internet for their business have created a highly fertile ground for cyber crime. According to Norton’s Cybercrime 2012 report, 70% of online adults in Canada have been the victim of cybercrime at some point in their life. Cybercrime costs Canadians $1.4 billion per year and the average cost per crime victim is over $160.

What is Cyber Extortion?

Businesses are increasingly being attacked by cyber criminals, and new forms of cyber crime emerge rapidly, leaving us often one step behind. One example of cyber attacks becoming increasingly popular involves cyber threats and extortion. Cyber threats and extortion is a type of online crime involving an attack or threat of attack against a company to damage, expose, or shut down information belonging to the company unless a ransom is paid to avoid or stop the attack.

How does it work?

In these types of attacks cyber extortionists steal information from businesses and encrypt it so that it can’t be read. The latest backup of data can also be snatched and the original data deleted from the owner’s servers. Cyber extortionists thus take the company data hostage and demand ransom in exchange for the decryption key that would allow the victims to access their own information. However, the criminals won’t necessarily decrypt the files even after the ransom had been paid. Further attacks are possible, either by the same group or another. The type of malware used in these cyber attacks is called ransomware and it is easily spread through spam, phishing emails and malvertising. The ease of spreading the malware, combined with little or no repercussions for criminals, who are hard to track down or prosecute, makes cyber extortion a very lucrative undertaking. Often, cyber extortionists’ worst case scenario is not getting a payment from the victim. In many cases, amount of money asked for ransom is significantly lower than the potential financial loss for the company, so that it is easier for the company to pay the ransom and move on. These types of attacks, unless they happened at a large public company or a government entity, often don’t get reported to authorities and never reach the public. The victims often don’t want to risk their reputation or destroy consumer confidence.

How can businesses protect themselves?

To manage and minimize the potential damage from a cyber attack, companies should employ a comprehensive cyber risk management strategy that along with a cyber insurance also includes appropriate loss control techniques, an assessment of company’s networks vulnerabilities, and employee security awareness training. There are many different cyber insurance policies out there providing various coverages. Businesses should make sure that their cyber insurance policy coveres costs in case the company is unable to access its computer system, the system is infected by a virus, confidential information is compromised, or its brand and reputation is tarnished by posts on social media. In addition, the policy should cover the cost of independent computer security consultant to assess any threats, prevent immediate threats, offer reward to prevent perpetrators of the threat and reimbursement of any ransom the company is required to pay in the event above measures fail to mitigate the threat against them.

Heartbleed bug: What’s affected and what passwords you need to change

Posted on April 17, 2014 by Marijana Dabic

Source: globalnews.ca Published: 04/11/14

An encryption flaw now known as the Heartbleed bug has made a major impact on online security. The flaw has affected many online services and websites that Canadians access every day.

Security experts have gone as far to call it one of the biggest security threats the Internet has ever faced.

The flaw affects OpenSSL – a widely used open-source set of libraries for encrypting online services.

Heartbleed creates an opening in SSL/TLS, an encryption technology marked by the small, closed padlock and “https:” on Web browsers to show that traffic is secure. The flaw makes it possible to snoop on Internet traffic even if the padlock is closed, leaving users’ information vulnerable.

For now, the best you can do to protect yourself is change the password to any accounts associated with websites affected by the bug once the website confirms it’s deployed a fix.

Global News has created a list of some of the most popular services to let you know what’s affected and what passwords you need to change:

ONLINE BANKING

Were Canadian banks affected? No. Do you need to change your password? No – but this is a good reminder that yourInternet banking password should be very secure.

“The online banking applications of Canadian banks have not been affected by the Heartbleed bug,” the Canadian Bankers Association said in statement issued Wednesday afternoon. “Canadians can continue to bank [online] with confidence.”

CANADA REVENUE AGENCY

Was it affected? Yes Do you need to change your password? Yes

As of Friday the CRA’s online services were still offline due to the security concern. But according to a statement issued Friday, the websites will be back online by the weekend. Those with accounts should update their passwords once the site comes back online to be safe.

SOCIAL MEDIA

Facebook

Was it affected? Unclear Do you need to change your password? Yes

“We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to […] set up a unique password,” Facebook said in a statement.

LinkedIn

Was it affected? No Do you need to change your password? No

Instagram

Was it affected? Yes Do you need to change your password? Yes

“Our security teams worked quickly on a fix and we have no evidence of any accounts being harmed,” the company said.

Twitter

Was it affected? No Do you need to change your password? No

“We were able to determine that twitter.com and api.twitter.com servers were not affected by this vulnerability. We are continuing to monitor the situation,” Twitter said on its website Wednesday.

Tumblr

Was it affected? Yes Do you need to change your password? Yes

“We have no evidence of any breach and, like most networks, our team took immediate action to fix the issue. This might be a good day to call in sick and take some time to change your passwords everywhere,” Tumblr said in a statement on Tuesday.

Pinterest

Was it affected? Yes Do you need to change your password? Yes

TECH COMPANIES

Google

Was it affected? Yes Do you need to change your password? Probably.

According to a statement from Google, the company proactively looks for vulnerabilities in order to fix them before they are exploited and therefore fixed this bug “early.” Google said users do not need to change their passwords because of this – but better safe than sorry in this case.

“We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine. Google Chrome and Chrome OS are not affected,” a post on Google’s security blog published Wednesday said.

Microsoft

Was it affected? No Do you need to change your password? No

Apple

Was it affected? No Do you need to change your password? No

Yahoo

Was it affected? Yes Do you need to change your password? Yes

“Our team has fixed the Heartbleed vulnerability across our main properties & is implementing the fix across our entire platform now,” the company tweeted Tuesday.

Yahoo is also the email provider for Rogers customers.

According to a statement issued to Global News, “Rogers. com doesn’t use the impacted versions of the SSL software, so was not impacted by the bug.” But a spokesperson added that the company recommends customers update their passwords frequently as best practice.

ONLINE SHOPPING

Amazon

Was it affected? No* Do you need to change your password? No

*Amazon said with the exception of some services – Elastic Load Balancing, Amazon EC2, Amazon CloudFront, AWS OpsWorks and AWS Elastic Beanstalk – its services were unaffected. If you use these, you should probably change your password.

eBay

Was it affected? No Do you need to change your password? No

Etsy

Was it affected? Yes Do you need to change your password? Yes

“As of right now, we have no indication that an attack has been conducted against Etsy beyond testing the vulnerability, but this type of issue makes it very difficult to detect, so we’re proceeding with a high degree of caution,” read a security update on Etsy’s website Tuesday.

Paypal

Was it affected? No Do you need to change your password? No

OTHER ONLINE SERVICES

Dropbox

Was it affected? Yes Do you need to change your password? Yes

“We’ve patched all of our user-facing services & will continue to work to make sure your stuff is always safe,” the company tweeted Tuesday.

OKCupid

Was it affected? Yes Do you need to change your password? Yes

Evernote

Was it affected? No Do you need to change your password? No

“Evernote does not use, and has not used, OpenSSL, so we were not vulnerable to this bug. As an Evernote user, you don’t need to take any action,” read the company’s blog.

The Internet of Things – Looming Security Nightmare?

Posted on March 14, 2014 by Doug Blakey

The Internet of Things (IoT) is a term that describes a new paradigm emerging in our cyber world. It has been described as “uniquely identifiable objects and their virtual representations in an Internet-like structure”.1 Essentially this means an interconnected network of pretty much anything we can think of (refrigerators, televisions, highway sensors, tracking personal activity, monitoring groundwater runoff, etc.). If you haven’t heard of IoT before, you will hear a lot about it from now on. Our global world is shrinking, and an inherently human trait is finding ways of doing things smarter, faster, and more efficiently.

What does this have to do with Cyber Risk?

There are two sides to the coin. As we strive to do things smarter, there are always unintended consequences. Bringing a smart TV into our homes means having it automatically connect to our home network so we can enjoy movies when we want. But that also means cybersecurity becomes an issue. For example, if someone manages to get inside of our network, finds all of the devices connected to that network, and starts using that computer power as part of their BotNet, then society at large has a big problem. And that is exactly what is happening.

What is the solution?

The Internet of Things, just like the public Internet, is now growing extremely fast. It is estimated that in just six years (2020), there will be more than 30 billion things interconnected via the Internet.2 Being aware of the growing cyber security problem, and learning what it means to each of us, is a critical first step. And as we develop these new things, and decide to connect them to our networks, we must keep the risk in mind. When deciding to use technology in our lives we must always consider, Is the risk worth the benefit?

Is the risk worth the benefit?

In our highly interconnected global village of people and things, our interdependencies with each other is undeniable. Like it or not, the IoT will continue to grow and affect our lives. It is up to each of us to make sure we understand and manage the risks, so that we realize a net benefit in this new world, the world of IoT.

1 http://en.wikipedia.org/wiki/Internet_of_Things

2 https://www.abiresearch.com/press/more-than-30-billion-devices-will-wirelessly-conne