Last year, an employee of one of our clients received a call from their broker, asking for verbal confirmation to wire a large amount of money to a foreign country. They had received email instructions from the client, in his name, to wire funds to a specified bank and account overseas. Thankfully, the call took place as the entire email scam was a Phishing Attack against his Google email account. An attempt to defraud him and his financial institution was thwarted by sound business and security practices by his broker. The net result, but somewhat unnerving, he replaced his Google email account with a more secure and managed hosted exchange solution and bought a bottle for his financial advisor.

Another one of our new clients had been running their WordPress website for several years and wasn’t paying much, if any, attention to maintaining and processing software updates for their site. An old vulnerability was exploited and their website was compromised allowing the intruders to spoof the web server and send 10s of thousands of SPAM emails out almost instantaneously. The site was being hosted by a cheap no-name web hosting company who immediately shut down the website and took the server offline. Luckily, we could recover the website code from their development company as the vulnerability had to be corrected and the entire site had to be repaired and rebuilt before it could be brought back online. Albeit this time with new security and firewall plug-ins installed to protect against future unwanted cyber intrusions. The site was also transferred to a more robust and redundant hosting environment where cyber security elements like these are not overlooked for sake of deep-dish discounted web hosting services.

According to the Communications Security Establishment (CSE) the Government of Canada is blocking over 100 million malicious cyber actions or attacks against our federal government every day. On some days that can trend upwards to 1 billion attempts where hackers, enthusiasts, state actors and their bot programs are constantly probing networks and poking at websites looking for holes that can be exploited to open a door to access systems, private servers and confidential information.

The CSE has issued a Top 10 List of concrete actions businesses and individuals can take to help better protect yourself against these malicious activities and becoming a victim of cyber crime. Look for your IT resources or managed services provider to ensure you are protected. Simple steps like regularly applying software updates, ensuring systems are up-to-date, and old programs are uninstalled, are routinely overlooked.

We should all think twice before weakening security just to make things a bit easier for end users. Security by default is becoming the norm and is now being built into the applications and devices we are all using. As technology becomes more and more pervasive in our lives we need to protect our online presence, including your company website. It is often considered the poor or forgotten cousin in your day-to-day management of technology when protecting your valuable network and data resources. The potential risk, cost and consequences of ignoring every cyber element your employees, company and clients are utilizing is just too high! Don’t become a victim, and our next cyber attack example.