Stop, think and check to prevent cyberattacks

There is a major initiative to prevent cyberattacks at public institutions across Quebec.

“If I could only say one thing to colleagues, it would be: ‘don’t click on a link in an email before thinking,’” said François Paradis, Director of Information Systems and Technology at Dawson College.

Email is #1 entry point
Network Security Analyst Henry Yang says that email is the number-one entry point for cyberattacks. He recommends that employees adopt an approach of “stop, think and check” to prevent falling prey to attacks.

Popular tactics include making an email look like it is from a colleague or creating a sense of urgency, such as suggesting email access will be cut off unless the recipient click on a link to change a password. If you are unsure, you can contact the sender through an alternative form of communication, such as the phone.

Dawson has developed a 15-point plan to prevent cyberattacks and one of the priorities is to train employees to be more aware of the tactics used by cyber criminals.

Phishing test at Dawson last December
Individuals can play a central role in helping prevent cyberattacks, according to the firm Dawson has retained to provide training to employees. In December, the IST team ran a test for all employees to gauge the risk of cyberattacks at Dawson. About 17 per cent of Dawson employees responded to a fake phishing email. When they did, they were invited to watch a short training video.

Training for all employees this spring
In the coming weeks, all employees will be invited to take a short cyber awareness training through Omnivox. The hope is that after the training, more employees will be aware and less likely to fall prey to cyberattacks.

One of the most popular tactics is called phishing, the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other details by impersonating oneself as a trustworthy entity in a digital communication.

Phishing is widespread because it is easy to do and highly successful. Some of the consequences could include encryption of an individual’s or team’s data with ransomware and stolen credentials, which can be used to access other systems or lure more victims.

Further reading and resources on phishing
For more on phishing, François recommends reading this blog prepared by the ITS team, which includes some tests to determine your risk level: https://www.dawsoncollege.qc.ca/information-systems-and-technology/articles/phishing/

Henry recommends this article, published last month: https://www.cira.ca/blog/cybersecurity/what-is-phishing  One of the surprising facts in the article is that “one-third of Canadians experienced a phishing attack between March and September 2020, according to a Statistics Canada survey.”

This is the second article of a D News series about cyber security.