Hacking the Yukon

Securing your data is on you

The internet has connected the Yukon to the outside world in new and amazing ways.

It has also connected us to the world of hackers. They aren’t dissuaded by distance, cold or isolation. Indeed, the only thing that can stop them is when the backhoe operators of Fort Nelson sever our lone fibre optic cable.

Like mosquitoes or squirrels in the cabin attic, they are now an unwelcome and permanent part of life in the North. And they pose new and significant risks for Yukoners and our businesses.

Last week, the Yukon Workers’ Compensation Health and Safety Board disclosed that an “unknown party” had gained access to the names and email addresses of 270 people. Fortunately, the system that was breached did not also contain the most sensitive personal information in the organization’s files.

Organizations in Canada are now required to report such incidents, depending on their nature and the kind of personal information involved, to the national privacy commissioner as well as affected people and sometimes other organizations who may have similar risks. If you haven’t already received such notifications, you surely will.

The WCB went farther than required and held a press conference to explain the incident more fully to Yukoners.

Far from being an organizational embarrassment, that’s a good thing. It makes me as a citizen more confident they are taking their obligations seriously, and I was reassured to learn scam artists had not downloaded everyone’s personal health and financial information files.

Indeed, the fact that only a peripheral system was breached shows the value of security measures such as keeping data and systems compartmentalized.

Things have come a long way from more innocent days when Ferris Bueller used the password “pencil” to log onto his high school principal’s system and erase how many times he skipped school. Now the stakes are much higher, with billions of dollars flowing around our economy, industrial control systems managing things like oil pipelines or traffic lights, and your most sensitive personal information at stake.

There are lots of scare stories out there, many of them true. Edmonton’s McEwan University admitted last fall that hackers had tricked staff into mistakenly transferring $11.4 million to the wrong bank accounts. That’s an astonishing 10 per cent of McEwan’s annual government grant.

The hackers used fake “phishing” emails and imposter websites to impersonate the university’s usual suppliers and convince staff to pay bogus invoices.

Much of the money was recovered, but an $11.4 million haul is an incentive for hackers to put a lot of effort into tricking the target. Think Ocean’s Eleven, not badly spelled emails asking you to transfer millions to a Nigerian prince down on his luck.

It seems to be happening to everyone. A number of Yukoners have told me of incidents at their organizations or in their personal lives. These range from fraud to identity theft to hackers putting ransomware on your website.

Identity theft is when villains use your electronic details to impersonate you by, for example, getting a loan. Ransomware is software that encrypts your data or system until you pay up, usually via electronic crypto-currency.

The consequences can range from minor to severe. You may not care that your internet cat videos have been encrypted by ransomware, but if you lose your clients’ personal data or have your accounting system crippled it could cost you big bucks. The Canadian Federation of Independent Business says 60 per cent of small businesses go out of business within six months of an attack.

So what should Yukoners do?

For citizens, we all need to up our online game. Just like we know not to leave our bicycles unlocked and to keep our most sensitive documents in bank safety deposit boxes or safes, we need to learn the basics of managing our online risks. And like protecting your bicycles and retirement savings, there is a range of things you should do depending on how valuable your different “digital assets” are.

Start with the basics. According to the UK’s Independent newspaper, the five things key things are: use complex passwords, do not click on email links or attachments you don’t trust, avoid pop-up windows, check website URLs before you type in your password to make sure they are legitimate and not pretending to be something trustworthy like your bank, and keep your anti-virus software up to date.

Some people, especially those in the public eye, go even farther with security measures such as two-factor authentication on their emails. One version of this involves having an app on your phone that generates a number you need to log onto your email in addition to your password. This way, someone can steal or guess your password but still be kept from compromising your account.

If you run a business or non-governmental organization or are on the board, things are more complicated.

Boards are responsible for the whole organization, including its data and systems. The days of assuming the IT dude has it all under control are long gone.

Managers must work with their boards and staff to manage the issue. It has joined the managerial to-do list along with finance, legal, human resources and other core business responsibilities. Fortunately, there are a growing number of places you can get advice and support. Ask your lawyer or accountant for suggestions on who can help you, and check out the online resources of organizations such as the Canadian Chamber of Commerce.

If this seems like an annoying addition to your to-do list, you’re right. But as a parent may have told you in the old days, it takes less time to lock your bike than look for it after it goes missing.

Keith Halliday is a Yukon economist and author of the MacBride Museum’s Aurore of the Yukon series of historical children’s adventure novels. He is a Ma Murray award-winner for best columnist.

Just Posted

Whitehorse musicians offer film scores online

‘People know when they come to the site that there is a certain aesthetic and level of quality’

Yukon government won’t release municipal carbon tax rebate details until May

Details of potential rebates for municipalities to be announced in May

They’ve got a guy: Yukon government signs first pot supplier deal

A B.C.-based company will provide up to 350 kg of cannabis flower and oil

Yukon Parks tightens rules to crack down on campsite squatters

Campers were previously allowed to leave occupied campsites unattended for up to 72 hours

Black Press Media acquires two new Alaska newspapers

New Media Investment Group to acquire the Akron (OH) Beacon Journal while Black Press Media takes on daily newspapers in Juneau and Kenai Alaska

Gold Rush star Tony Beets appeals pond fire fines

Beets and his company, Tamarack Inc., were fined $31k for violating portions of the Waters Act

Defence lawyer asks Crown appeal of Kolasch acquittal be dismissed

In factum, Harry Kolasch’s lawyer says it’s clear that police officer used excessive force

Yukon Liberals raise $20,000 at Vancouver hockey game

Silver says no public money spent on trip, party refuses to say who bought tickets

Inspector, CYFN lawyer talk about WCC inspection at justice conference

David Loukidelis and Jennie Cunningham spoke about the Whitehorse Correctional Centre

An early view on how the carbon tax will affect the Yukon economy

If you only remember two numbers from the recently released federal-territorial study… Continue reading

‘New way of thinking’ about infrastructure funding asks First Nations and municipalities to chip in

Some of YG’s 25 per cent share of infrastructure cash may come from municipalities or First Nations

Nadia Moser named to senior national team

Whitehorse’s Nadia Moser was officially named to the senior national team by… Continue reading

Most Read