To illustrate the importance of proper cybersecurity and cyber hygiene practices, I will provide a brief example of a common cyber threat known as Business Email Compromise (BEC). Then, I will present actionable steps that you can take today to enhance the protection of your business.
Business Email Compromise
Business Email Compromise is a financially damaging online crime. In this scam, cybercriminals intercept communications and redirect payments to their own bank accounts. To illustrate, let’s consider a scenario where one of your customers owes you $10,000 for a product you supplied last week.
Unfortunately, unbeknownst to you, your email was hacked a few months ago when your password was obtained from the dark web. The hacker has been monitoring your emails and has gained insights into your communication patterns. Capitalizing on this information, the hacker sends an email to your client, posing as you and providing a new bank account number. Due to the hacker’s familiarity with your email style, your client doesn’t suspect anything and proceeds to deposit the $10,000 into the fraudulent account.
Several days pass, and when you contact your client regarding payment, you’re informed that the payment has already been made. At this point, you realize that you have fallen victim to a scam.
Ensuring privacy and cybersecurity: Practical steps to protect your business
Regrettably, business email compromise is a prevalent occurrence in Canada, affecting businesses of all sizes. So, what can you do today to safeguard your business?
- Ensure you change your password at least every 90 days. By doing so, you render any old passwords that may be circulating on the dark web obsolete.
- Ensure that each of your passwords is unique. This way, if one password is compromised, your other accounts remain secure.
- Enable two-factor authentication (2FA). Two-factor authentication adds an additional layer of verification before granting access to an application. Even if a malicious actor gains access to your password, they will still require your phone or another device for authentication.
- Keep your computers up to date. Software updates often address known security vulnerabilities, making it crucial to regularly update your systems.
Lastly, it is vital for you and your entire staff to adhere to these steps. Proper training and implementation are essential in maintaining security.
Should you have any questions about protecting your business or would like to learn more about this area of law, please reach out to Michael Weinberger or any lawyer in Siskinds’ Privacy, Cyber & Data Governance Team. Read Michael’s previous cybersecurity and privacy blog post titled “Data breach — Frequently asked questions.“