CALGARY (660 NEWS) Cybersecurity made headlines this month after a major online security breach shut down the Colonial pipeline. The CEO of the United States company ended up paying off hackers in cryptocurrency after they got into their computer system.
Though the breach was multifaceted, Brennen Schmidt, cybersecurity author and speaker says threats like this happen due to security barriers not being there in the first place.
“I think what’s unfortunate is that it took an event like this for cybersecurity to come to the forefront,” Schmidt said. “We are witnessing what the end results are when a security system is ultimately not put in place and followed. With this case, unfortunately, we’re seeing the end results of something that could have been addressed in a way that wouldn’t have affected so many people in such a negative way.”
With a good chunk of people working from home during the pandemic, he adds there are a lot more vulnerabilities when it comes to a cyber attack and that it’s not uncommon for businesses to have potential phishing scams hit their inboxes — or even worse — their customers’ inboxes.
One thing he finds businesses easily disclose is their branding guides or colour schemes, which he says is a pot of gold for cybercriminals looking to create emails with potential viruses.
Whether the business is big or small, Schmidt says there needs to be barriers in place to stop a potential security hack and though there’s no silver bullet solution, a good first step is what he calls, ‘password hygiene.’
“To start off smart and to start off simple … just trying to make sure that there are passwords that are rotated, that are robust, that are different for different applications, and so that if somebody was to get in, that it wouldn’t be compromised as easily.”
Being over vigilant and not oversharing your password is also something Schmidt recommends especially when it comes to recovery questions. This means avoiding those long questionnaires posted on various social media sites like Facebook where they ask you about your pet’s name, where your mom was born etc.
2-step authentication, password managers can be a life saver
Though it may be annoying to enter a secondary code or to sign in to your application via a different email, Schmidt adds, multi-factor authentication can heavily reduce your chances of having a cyber breach. If done properly, it can effectively stop the cybercriminal in their tracks.
“To put it in simple terms, let’s think of banking … If somebody had your credit card, and if you had a post-it note attached to the credit card with your pin — you know that it would probably spell bad news for the person who has the credit card,” Schmidt explained.
“So if we were to think in terms of what that looks like, with multi-factor authentication, what you’re doing is you’re breaking these two things up so that there’s two different pieces of information that you would need to know, even if you had access to that credit card. The same rings true with a password if you know somebody’s password, but if there is that second authentication method in place — with the code changing on a random basis — then that makes it a lot more difficult to extract that information.”
Schmidt adds if passwords are hard to remember, something such as a password manager could help. In that, a person would make one, very long, very hard password in order to enter the manager hub, to then have the system create multiple passwords for all of your accounts. He added some managers can even be set up to change your account passwords on a set schedule, and some can tell you if certain accounts have been compromised by a data share.
The conversation around cybersecurity needs to stay top of mind
Even though cybersecurity breaches like the Colonial one won’t be the last, Schmidt says it’s important to report anything and everything to not only your employer but also the Canadian Centre for Cyber Security.
Currently, the RCMP’s National Cybercrime Coordination Unit is in the testing stages of a new reporting system to make it easier for Canadians to report cybercrime. The pilot project is expected to be complete by sometime next year.
“We need to really keep the conversation going on cybersecurity, and we need to think of it less as something that is not a matter of if, but a matter of when.”