In our increasingly digital world, the threat of cybercrimes looms large and continues to evolve at an alarming rate.
The statistics speak for themselves, as data from NFP showed that 68% of Canadians have been targeted or fallen victim to a cybercrime in 2022. An overwhelming majority (92%) also felt concerned about a possible cyber breach, while one in four said they felt unprepared to face cyber threats.
Shedding light on these figures, NFP’s Mila Araujo (pictured), head of personal cyber, North America, personal risk, delved into the importance of personal cyber risk awareness and offered tips on how people can protect themselves.
Could you briefly explain what personal cyber risk entails and why it’s important for individuals to be aware of it?
Digital crimes are on the rise and continuously evolving. Personal cyber risk refers to a vast number of ways an individual can experience personal harm or loss at the hands of cybercriminals or bad actors, whether as part of a cyber-attack or as a result of a cyber-enabled crime.
Every year we see cybercrime losses dramatically compound throughout North America. For example, Canadians lost over $530 million to fraud in 2022 vs. $383 million in 2021, which was a 130% increase from 2020. It is estimated that 70% of fraud losses are cyber-enabled.
Becoming a victim of a cybercrime can have devastating effects in many areas of your life, including your emotional wellbeing, personal finances, and overall security. This can also impact your relationships, work, and reputation. Because of this, it is important to be aware of the risks and take steps to protect yourself. Fortunately, there are accessible and affordable solutions for individuals and their families looking to address personal cyber risks.
What are some common types of cyber threats in today’s digital landscape?
The most pressing threat in today’s digital landscape is the ever-evolving sophistication of bad actors and cyber criminals. Some of their most common threats include phishing scams, investment scams, tech support scams, and social engineering.
Personal information exposed due to third-party breaches is also a huge concern for individuals as it gives rise to identity theft, fraud, and personal account compromise.
We’ve also seen increases in losses due to SIM swapping that allows bad actors access to individuals’ cell phone credentials, which then allows them past multi-factor authentication and into personal accounts, e.g., online banking and wire transfers.
Human error, lack of vigilance, and being caught off guard create opportunities for criminals that put a person’s security, finances, and even the company they work for, at risk.
How can people assess their personal cyber risk? Are there any specific factors they should consider?
The most important element that people need to understand about personal cyber risk is that it can impact anyone at any time, irrespective of age, skill, knowledge, or background. For example, last year there was a 400% increase in losses credited to social engineering scams such as grandparent, romance, or emergency scams. These are an example of a few scams that target a broad demographic, leaving few people safe.
Identity theft also remains a major issue for everyone, even children; while both parents and children face risks such as coping with child identity theft, cyberbullying, and sextortion.
Another important factor is that cyber criminals are reaching victims not only via their computers, but also mobile phones and landlines, and unlike many other types of crime, cybercrimes have no territorial limits and can occur via several methods. People can access your information and home network then attack you and your social or investment accounts from your backyard or halfway around the world.
Notably, in assessing one’s personal risks, one must also remember information is not only available to criminals due to data breaches, but also due to social scraping, phishing, giving your information to fake sites, and participating in compromising contests or online quizzes. These are just some of the areas where individuals are open to potential losses. It’s important to focus on this increasing threat and assess the options to protect oneself.
In a recent study, one out of five Canadians reported being the victims of a successful cyber attack. Although a person can limit their exposure by using best practices or good cyber hygiene, everyone is at risk, and there is no measure a person can take to completely prevent being exposed because personal data is already out there: in government sites, health, financial and corporate accounts. It only takes one data breach with one organization you have done business with to put your information at risk.
In the event of a cyber attack, what immediate actions should individuals take to minimize the impact and start the recovery process?
Alarmingly, experts indicate only 5-10% of individuals who are victims of a cybercrime report it. Never underestimate the situation. You may think it’s only a social account that is hacked, or it’s only your computer being compromised, but there is no way to know the extent of damage or what access cyber criminals have managed to obtain.
Cyber vulnerabilities are complex and require expertise to navigate. If you think you’ve been hacked or are a victim of a cyber-attack, you should contact a cyber security professional who can help you navigate and assess the situation. These specialists can help review what has (or has not been) compromised and help an individual decide on the next best course of action since each situation will call for a unique response to help you mitigate loss.
Beware of situations where you are being asked to react or respond with urgency – you may be led to believe there is no time to get help, and this may be part of their ruse. Many social engineering scams rely on a sense of urgency to get you to act, putting you at further risk. If you are being threatened, you can also contact the authorities who will be able to guide you to the appropriate resources and help you regain security.
Are there any industry best practices or resources you would recommend for individuals to stay informed about personal cyber risk and protection?
Because bad actors trick people into compromising themselves in numerous ways, there is no single set of rules that can keep anyone safe.
NFP has developed DigitalShield to provide individuals with the resources and protection they need. The proprietary personal cyber policy provides coverage for losses due to cybercrimes and gives access to consultations with cyber security experts that provide personalized advice proactively, or during and following a cyber attack or loss.
Additionally, some elementary best practices to keep “cyber secure” include using complex passwords; never leave the default password on a new device you purchase. Run necessary updates on your computers, wifi-connected devices, home router, and cell phones as soon as they are available. Updates are a critical step to patch vulnerabilities and keep your home network and devices secure.
Assume any text or email asking you to click on a link or log into an account may be a scam. If you think the request is legitimate, call the company/person in question to verify authenticity, or visit the website (or log into the account) using your usual methods and not via the email or link you’ve been provided.
Open a dialogue within your household to discuss potential cyber risks and the clues to recognize. This is especially important to help kids feel confident and supported about reaching out for help in these situations and not falling victim to criminals who will use threats and panic as part of sextortion or cyberbullying.
Additional resources for individuals to learn more about safety include: