Many people think of Russia or Egypt when asked about where cybercrimes originate. As Canadians, we think we have a safe and clean image in the digital world.
However, Websense Inc.’s May 2012 report on Canada’s cybersecurity risk profile shows a highly disturbing trend: Canada now ranks No. 2 in the world, after the U.S., for number of hosted phishing sites, with a jump of 170% over the past year. And Canadian small businesses are a target because most don’t have the technical expertise or budget to fully protect themselves.
The first step to safeguard your company is to be aware of how it might be vulnerable. Below are some common threats and ways to protect your business from cybercrime.
Malicious software, such as computer viruses or spyware, helps hackers corrupt or collect sensitive company or customer data.
- Implement and maintain security best practices, such as keeping system software and applications fully patched and up to date. Use a firewall, anti-virus and anti-spyware software and spam filter. Make sure your company has the latest versions of the software.
- Implement a security policy and train all your staff to avoid clicking on links or opening attachments from suspect sources.
Scammers use this tactic to obtain user names, passwords or credit card and other sensitive data from individuals and businesses. Phishing sites are getting more sophisticated. Not only do some look identical to the websites of real companies, but the scammers also register slight misspellings of a company’s name like “Facemail” instead of “Facebook” or use a sub-domain like facebook.example.ca. And spear phishing uses emails disguised as coming from an employer or technical department of a company asking for an employee to confirm his or her password for the systems administrator.
- Be suspicious of any email that asks you to enter your username, password or sensitive information—even if it comes from within your company.
- Before clicking on any link, double-check the URL to make sure it’s the correct company you want to be dealing with.
- Never click on suspiciou links on Twitter, Facebook or other social-media sites. Examples include those that tell you to look at the funny picture of you or what horrible things someone is saying about you or your company.
- Register misspellings of your company name to ensure that those domains can’t be used in phishing scams.
This is a scam in which a domain registrar sends a transfer request masquerading as a renewal notice to trick customers of another registrar into switching away. A related scam, mainly coming from China, involves sending domain owners an email claiming that another company has just attempted to register a number of domains that contain the targeted company’s trademarks.
- The public Whois is a goldmine for spammers. When you register a domain name, your business contact information is published for all to see. Use a domain privacy service that hides your email and contact information.
- When your company receives these notices, check the Whois to find out who your real registrar of record is if you can’t remember, and deal with your own registrar.
There are numerous ways in which your company is vulnerable online. Having a comprehensive security policy is important no matter how big your company is. The policy should include ensuring that all company computers and social-media sites have passwords that can’t easily be guessed and are changed regularly, including each time an employee leaves.
This column is reposted with the permission of Business in Vancouver, which posted it originally on www.biv.com.
Cybele Negris is president and co-founder of Vancouver-based Webnames.ca Inc., Canada’s original .ca registrar and one of the country’s leading providers of web hosting and other internet solutions. She has been on the PROFIT/Chatelaine W100 ranking of Canada’s Top Female Entrepreneurs for the past nine years.
More columns by Cybele Negris