Cyber criminals are smart – and getting smarter. As technology progresses and communication methods change, online scams are evolving. Online Extortion is one way criminals are getting to Canadian businesses.
Protecting your business from fraud and theft has always been a challenge – there have always been criminals looking for ways to steal money and information for their own gains. Even as security advances, so do scams, and online attacks have resulted in the loss of millions of dollars by Canadian businesses every year.
Online extortion is one branch of cyber fraud that can be particularly damaging to small and medium sized businesses as it often involves loss of client and operating data as well as the money many businesses pay to have it recovered.
One of the best ways to protect your business from online extortion is to be aware of the types of scams out there and understand how real businesses have been affected by incidents of ransomware, phishing and online blackmail.
In the first episode of our podcast series: Real-Life Cyber Crime Stories, RBC Director of Awareness and Education Denise Pratt sits down with Detective Alpha Chan from the Toronto Police Services Cyber Crime Unit.
Listen to the podcast for Detective Chan’s stories, warnings and tips that can help protect your business from online extortion scams.
Detective Chan underscores how falling victim to an online extortion scam can be overwhelming – it can cripple business operations and put customer and employee information at risk. He says the key to protecting your business is being prepared. Here are four ways to prepare your business, and minimize potential damage that can be caused by an online extortion scam.
1. Back Up Data
No matter the size of your business, you hold valuable information that cyber criminals are hoping to get a hold of such as employee records, customer data, and financial information. Should your business ever be the target of a ransomware attack – where a cyber criminal gets a hold of your data and encrypts it until you pay a ransom to retrieve it – having an off-site, off-line data back up can minimize the impact to your business.
“To have a protocol or a process to have continual backups that are not connected is key. We’ve had situations where businesses had backups, but they were connected [to the main system] so they were also encrypted. Encrypted backups are no good to anyone,” Detective Chan explains.
2. Educate Employees
Fraudsters play on people’s emotions and anxieties to infiltrate a company. Online extortion begins with intimidating or manipulating a person to get what they want. “People often get tricked into giving away information that is compromising to their personal lives as well as the business,” cautions Detective Chan.
Teaching your employees about cyber threats and the different ways criminals try to maneuver into a business can help to keep attacks from happening in the first place. Provide regular training about phishing scams, the latest social engineering tactics, and how posting on personal networks can affect an employee’s own security and that of the company. Detective Chan says that even reminding employees to simply think twice is helpful – “Before you post anything, look at the picture. Are you releasing any kind of information inadvertently?”
3. Never Pay Ransom
If you have been locked out of your computer systems, you may feel like you would do anything to get back in. After all, it may be next to impossible to operate your business without having access to your data. Cyber criminals know this and if they have stolen or taken over your digital assets, they are likely holding them ransom by demanding large sums of money to release your data back to you.
Detective Chan cautions to never pay ransom for data. “We’re just funding the problem if you are paying for it,” he reasons. “It breeds the notion that it is profitable to do this and [criminals] will continue doing it.” What’s more, there is no guarantee that you will get your data back once you pay the ransom.
4. Report Any Incidents
So if you shouldn’t pay the ransom to recover your information/data, what do you do? The best course of action is to report the incident to your IT team, financial institution and the authorities – the earlier you do so, the better.
“If you are a victim and you call or contact your respective technical partners and/or law enforcement early, the better your chance of recovery,” says Detective Chan.
By reporting incidents, law enforcement can investigate and ultimately shut down fraudsters. And when you notify your IT support and financial institution early in the process, there is a much better chance of recovering data and losses.