Cyber threat actors are targeting businesses and institutions involved in research and development, and they may even pose as a legitimate business to try to spread misinformation, obtain sensitive information, or gain funding. If you conduct research and development for COVID-19, you are at risk.
The Canadian Centre for Cyber Security can help protect you. We work with organizations and Canadians to better protect them from cyber adversaries. Visit our website for a list of alerts and advisories, including those regarding critical vulnerability patches.
Email us at contact@cyber.gc.ca or call, toll-free 1-833-CYBER-88 (1-833-292-3788)
The Cyber Centre recommends that health organizations working on the pandemic remain vigilant and ensure that they are engaged in cyber defence best practices, including increased monitoring of network logs, reminding employees to practice phishing awareness and ensuring that servers and critical systems are patched for all known security vulnerabilities.
Keep in mind that working from home presents more risk than working on an organization’s network, especially when employees are using their own laptops, tablets and phones. Help your workers be aware of malicious messages and give them tips on how to protect themselves at home. One way to do that – and to take advantage of one of our services – is to use CIRA’s Canadian Shield for your DNS provider. Following a few simple steps will ensure you aren’t inadvertently sent to a website the Cyber Centre knows to be malicious.
3 simple steps
There are three simple steps you and your employees can take to ward off the majority of cyber threats:
- Install software updates and patches regularly and as soon as they are made available.
- Use a strong password or passphrase and use different ones for every account you have. Consider a password manager if it’s too hard to remember each password.
- Be on guard against phishing: messages that seem legit but that seek to have you click on a link that puts your information at risk.
Help protect yourself
More broadly, you can take the following steps to help protect yourself:
- Know the value of your information.
Consider the risk of not protecting the confidentiality, integrity, and access to information, particularly business-critical information, sensitive information, and records and evidence. - Identify threats and vulnerabilities.
Think about the types of threats that could affect your organization based on your activities and the type of information you have, and where there are gaps in your security. Don’t forget that human error is a major vulnerability. - Protect your information.
Limit access to sensitive systems and information, use encryption and email filters, and always install software updates and patches. Use anti-virus or malware software to detect threats. - Respond and recover.
Plan for the worst-case scenario: develop a response plan, and train your employees. Back up your information.