Skip To Content
Image: CSAM.

Cyber hygiene and a few other simple tips for Cyber Security Awareness Month

By Kenneth Ingram on October 30, 2020

Cyber security is a complex, overwhelming topic for many Canadians. But let’s not focus solely on the tech. Toothbrushes, zombie attacks, and a current hack spreading on Facebook offer alternative ways to spark awareness and safer online habits.

Upfront and honest, I’m an ’80s baby, which probably explains why Janet Jackson’s 1996 hit song “What Have You Done for Me Lately?” came to mind when I first glanced at the online material for this year’s Cyber Security Awareness Month (CSAM). The focus of CSAM this year is “device appreciation” and the overall campaign, a Government of Canada initiative through the Communications and Security Establishment, encourages us to give a bit more consideration to the electronic devices we’re using — and what we’ve been doing for them, lately.

“They’re a lot of fun and they give us a lot of attention,” says Christine Menard, director of marketing for the 2020 CSAM campaign. She cites the abundance of online resources this year, including colourful infographics and videos. According to one campaign poster, almost 75% of Canadians are online for an average of three to four hours each day. That’s a significant chunk of time. It’s also certain to expand in 2020–21 as a result of COVID-19, with more Canadians working and studying from home. The global pandemic is also accelerating our reliance on electronic devices to access the internet for things we used to do in person, like banking, shopping, seeking government and other essential services, staying in touch, and making new connections.

Image: Cyber Security Awareness Month, CSE.

One of CSAM’s weekly themes, Taking Stock, takes a closer look at the devices we use to connect to the internet. A quick 10-question quiz challenges traditional thinking about information security by examining it from the perspective of our electronic devices — illuminating how we might be mistreating them (and our data) by using insufficient passwords, poor privacy settings, and outdated software (including apps), and ignoring other basic security features.

This month also sees similar awareness campaigns in the USA and New Zealand. The websites for these yearly initiatives employ different approaches to cover similar, basic cyber security information.

“There is a strategic reason for that,” says Menard, who adds the average Canadian finds cyber security and cyber-related threats overwhelming. “That’s why we try to keep the advice and guidance as simple and straightforward as possible in the basics.” Cyber security basics should be welcome news for anyone who tends to shy away from information that is too technical, complicated, or fear-mongering. There are also more resources than ever before from the private sector and educational institutions. Menard is also responsible for GetCyberSafe, an all-year-long resource to help Canadians learn about cyber security.

A few highlights from CSAM and other sources:

1. Cyber hygiene

Passwords, like toothbrushes, don’t last forever and should be changed regularly. Keep your passwords to yourself and don’t spread them across multiple accounts or platforms. (Note: some readers are probably thinking about the time they shared their toothbrush. You lived to tell about it, but deep down, you know it was wrong!)

Passwords remain a persistent problem that is no joking matter, except for this video from Jimmy Kimmel Live a few years ago that stands the test of time.

2. Do the dishes (kinda)

Clocks are about to go back by an hour, but invest some time this month to look at your operating system and software updates that may be piling up like dirty dishes in the sink. Less than half of Canadians are using automatic updates. Let the technology work for you by setting a convenient time, such as when you’re sleeping, for software patches and critical updates that are pending.

3. Trust is an inherent part of cyberspace – choose who you trust carefully

If you haven’t heard of smishing, it refers to those unwelcome text messages. Be cautious of any unsolicited message you receive via phone, email, and on social media.

One scam that is currently exploiting Facebook users across Canada (and abroad) offers a good example for what to look for. It starts with an unsolicited message that looks like a video sent from one of your contacts. If you click on the video preview (which we encourage you not to do), it redirects your device to a fake login page for Facebook that looks legitimate. Users who enter their login and password on the fake webpage inadvertently provide that information – including access to their account – to unauthorized persons.

Example (portions redacted) of a scam currently spreading via Facebook that baits victims into clicking on an unsolicited video (top), sent via Messenger. When ‘clicked’, the message re-directs victims to a fake login page (bottom) for Facebook. Photo: Ken Ingram.

4. Keep the zombies away

Every day, computers and devices are being infected by malicious software that renders them “zombies” – often without the owner’s awareness. These compromised machines are often vulnerable due to unpatched software and offer low-hanging fruit for cyber actors, who leverage them remotely in what are known as botnets (armies of zombie computers).

5. What to do and who to call?

Much like fire prevention (also an awareness campaign every October!), continue to educate yourself and family on the basic steps to prevent cyber-related theft and have a plan in case things go wrong. What to do will vary depending on the nature of the incident. If you feel that you’re in imminent danger, call 9-1-1, although the majority of cyber-related incidents concern fraud and identity theft.

The Canadian Anti-Fraud Centre, as of the end of September 2020, notes almost 20,000 Canadians reported being victims of fraud this year, with a staggering estimate of almost $67 million lost to fraud. The number of victims this year is similar to last year’s total. The Centre has a dedicated webpage with simple, step-by-step instructions to help you navigate the aftermath of suspected fraud – including the different types of fraud and their varying severities.

Consumer Protection Ontario also has resources, including tips for how to identify most of the common scams such as “grandparent” or emergency scams, romance, get-rich-quick, gift cards, charity, and employment. Many of these common scams may be more likely to exploit Canadians during the pandemic. Check what services are available in your home province or territory.