The internet has connected the Yukon to the outside world in new and amazing ways.
It has also connected us to the world of hackers. They aren’t dissuaded by distance, cold or isolation. Indeed, the only thing that can stop them is when the backhoe operators of Fort Nelson sever our lone fibre optic cable.
Like mosquitoes or squirrels in the cabin attic, they are now an unwelcome and permanent part of life in the North. And they pose new and significant risks for Yukoners and our businesses.
Last week, the Yukon Workers’ Compensation Health and Safety Board disclosed that an “unknown party” had gained access to the names and email addresses of 270 people. Fortunately, the system that was breached did not also contain the most sensitive personal information in the organization’s files.
Organizations in Canada are now required to report such incidents, depending on their nature and the kind of personal information involved, to the national privacy commissioner as well as affected people and sometimes other organizations who may have similar risks. If you haven’t already received such notifications, you surely will.
The WCB went farther than required and held a press conference to explain the incident more fully to Yukoners.
Far from being an organizational embarrassment, that’s a good thing. It makes me as a citizen more confident they are taking their obligations seriously, and I was reassured to learn scam artists had not downloaded everyone’s personal health and financial information files.
Indeed, the fact that only a peripheral system was breached shows the value of security measures such as keeping data and systems compartmentalized.
Things have come a long way from more innocent days when Ferris Bueller used the password “pencil” to log onto his high school principal’s system and erase how many times he skipped school. Now the stakes are much higher, with billions of dollars flowing around our economy, industrial control systems managing things like oil pipelines or traffic lights, and your most sensitive personal information at stake.
There are lots of scare stories out there, many of them true. Edmonton’s McEwan University admitted last fall that hackers had tricked staff into mistakenly transferring $11.4 million to the wrong bank accounts. That’s an astonishing 10 per cent of McEwan’s annual government grant.
The hackers used fake “phishing” emails and imposter websites to impersonate the university’s usual suppliers and convince staff to pay bogus invoices.
Much of the money was recovered, but an $11.4 million haul is an incentive for hackers to put a lot of effort into tricking the target. Think Ocean’s Eleven, not badly spelled emails asking you to transfer millions to a Nigerian prince down on his luck.
It seems to be happening to everyone. A number of Yukoners have told me of incidents at their organizations or in their personal lives. These range from fraud to identity theft to hackers putting ransomware on your website.
Identity theft is when villains use your electronic details to impersonate you by, for example, getting a loan. Ransomware is software that encrypts your data or system until you pay up, usually via electronic crypto-currency.
The consequences can range from minor to severe. You may not care that your internet cat videos have been encrypted by ransomware, but if you lose your clients’ personal data or have your accounting system crippled it could cost you big bucks. The Canadian Federation of Independent Business says 60 per cent of small businesses go out of business within six months of an attack.
So what should Yukoners do?
For citizens, we all need to up our online game. Just like we know not to leave our bicycles unlocked and to keep our most sensitive documents in bank safety deposit boxes or safes, we need to learn the basics of managing our online risks. And like protecting your bicycles and retirement savings, there is a range of things you should do depending on how valuable your different “digital assets” are.
Start with the basics. According to the UK’s Independent newspaper, the five things key things are: use complex passwords, do not click on email links or attachments you don’t trust, avoid pop-up windows, check website URLs before you type in your password to make sure they are legitimate and not pretending to be something trustworthy like your bank, and keep your anti-virus software up to date.
Some people, especially those in the public eye, go even farther with security measures such as two-factor authentication on their emails. One version of this involves having an app on your phone that generates a number you need to log onto your email in addition to your password. This way, someone can steal or guess your password but still be kept from compromising your account.
If you run a business or non-governmental organization or are on the board, things are more complicated.
Boards are responsible for the whole organization, including its data and systems. The days of assuming the IT dude has it all under control are long gone.
Managers must work with their boards and staff to manage the issue. It has joined the managerial to-do list along with finance, legal, human resources and other core business responsibilities. Fortunately, there are a growing number of places you can get advice and support. Ask your lawyer or accountant for suggestions on who can help you, and check out the online resources of organizations such as the Canadian Chamber of Commerce.
If this seems like an annoying addition to your to-do list, you’re right. But as a parent may have told you in the old days, it takes less time to lock your bike than look for it after it goes missing.
Keith Halliday is a Yukon economist and author of the MacBride Museum’s Aurore of the Yukon series of historical children’s adventure novels. He is a Ma Murray award-winner for best columnist.