February 6th, 2019
“Treat your password like your toothbrush. Don’t let anybody else use it and get a new one every six months.” – Clifford Stoll
It’s hard to imagine a time when cybersecurity wasn’t a concern. Doing so is like trying to explain to millennials a rotary-dial was phone physically wired to the wall, and that email was only possible through 300 baud modems that caused busy signals for extended periods of time. In fact, cybersecurity is so important that yesterday’s Safer Internet Day comes on the heels of last week’s Data Privacy Day, and during DND’s National Security Awareness Week.
Cybersecurity involves tools and practices for ensuring the confidentiality, integrity and accessibility of the computers, data, networks, and software we rely upon every day.
The most significant challenges impacting cybersecurity come from the evolution of security risks.
So how do you keep yourself safe while online? We recently asked some of our industry experts to offer insight into where Canadians are most vulnerable online and what steps we can take to protect ourselves.
As Vice-President of Information Technology and Counselling Services with our Quebec Division, Benoit Gagnon leads a cybersecurity practice of seasoned experts. He warns that Canadians are most vulnerable in their emails. He explains “Even though the Internet is full of risks, most cyber-attacks happen through email. For example, ransomware is notable for luring users to open an attachment within an email. The consequences can be nefarious for a user who could lose control of their entire digital life.” This can happen just as easily on a corporate email system as it can through a personal email service.
Benoit offers the following advice to help you protect yourself from a cyber-attack.
1. Be careful what you click, especially in an email: “There are plenty of traps, and email is a place where people tend to lower their guards.” This is particularly true since many email-based attacks play on trust, spoofing the appearance of coming from people we know and legitimate organizations with which we do business.
2. Ensure you are use two-factor authentication (a user is granted access only after successfully presenting two pieces of evidence as part of an authentication process) on your web services like Facebook and Gmail. This helps mitigate the risks of having your accounts falling into the wrong hands.
3. Use a password manager. These tools are immensely helpful for managing your digital life by giving you the opportunity to use a different, complex password for each web service. “I have been using a password manager for over 10 years now, and I would never go back,” Benoit said.
As Internet-based services and technologies grow, so too does the scope of cybersecurity. And each time, the public learns more about the how expansive the issues have become.
Password protection and business continuity came under the spotlight again, this week on news that QuadrigaCX founder and CEO Gerald Cotten’s sudden death last year, at the age of 30, has crippled his company and may have resulted in the loss of CAD$250 million. At the time of his death, Cotten was the only person who knew the passwords and recovery keys to QuadrigaCX computers and the virtual wallet.
Jean-Phillipe Décarie-Mathieu a cybersecurity specialist with Benoit’s team was interviewed on Radio-Canada’s Isabelle Richer Show about the impacts of this news on one of the largest cryptocurrency exchanges. “There are two types of cryptocurrency storage: the hot wallet and the cold storage,” he said. “In the first case, current cash can be withdrawn from the online platform. This is the equivalent of an ATM for conventional currency.” The second type of storage “is the equivalent of a safety deposit box at the bank. While you need a key to open the box at the bank, you need a password this time to get access to your money.”
This QuadrigaCX debacle is the latest to hit the speculative cryptocurrency sector, which has had many issues including exchange scandals, thefts, and data breaches during its 10-year existence. This is not likely to be the last since there is no legislation governing or monitoring this emerging industry.
Our QC Division’s cybersecurity team’s full range of cyber services meets most modern needs. Security Operations Centre-as-a-Service (SOCaaS), mobile forensics, mass surveillance, open source intelligence (OSINT) investigation, penetration testing, network- and host-based monitoring, Cyber Threat Intelligence (CTI), malware analysis, best practices training and IT security conferences are all part of our next-generation business line.