The personal information of 900,000+ taxpayers was compromised in the middle of a complicated tax season, when millions of Canadians have been preparing to file taxes after receiving COVID-19 benefits.

In March 2021, the Canada Revenue Agency (CRA) locked more than 800,000 taxpayers out of its online platform after an investigation revealed that some usernames and passwords may have been obtained by “unauthorized third parties.” They took similar action the month prior, when over 100,000 accounts were locked due to compromised personal information from external data breaches. 

Unfortunately, data breaches and email phishing scams have become increasingly common.  Cyber criminals have used the opportunities presented by the COVID-19 pandemic to pounce. Many people are using personal devices that are not updated or patched regularly, which leaves vulnerabilities that are not properly dealt with. Living through the pandemic has made people more anxious and willing to believe in a hoax that comes in the form of an email or social media message. 95 per cent of cybersecurity breaches are caused by human error. Fortunately, there are ways to avoid becoming a victim yourself. Here are basic guidelines to prevent cyber attacks and keep yourself safe:

Think Before You Click

Be wary of clicking on any links that appear in random emails and direct messages. Make it a practice to always hover over a link to see where it leads. A phishing email will claim to be from a company you trust, and when you click the link to the website, it will probably look just like the real website. Many phishing emails start with “Dear Customer” and ask you to fill in personal information like passwords or credit card numbers, so be on alert when this type of email finds itself in your inbox. Phishing emails can also entice you to open a URL or an attachment that installs malicious software on your computer. You may not even know! It’s best practice to go directly to the official website rather than clicking a potentially virulent link.

Pandemic-themed phishing emails, attachments, and websites are everywhere. Hackers are being increasingly shameless in their phishing attempts. According to The National Post, they’re taking advantage of the pandemic by launching attacks on Canadians that include a fake COVID-19 contact tracing app disguised as official government of Canada software. Downloading the sham app activates a hidden program that steals the user’s data and holds it for ransom.

Use a Password Manager 

A password manager stores all your passwords and automatically fills them in your web browser and mobile apps. They’re not only a safe choice, but a first-rate way of keeping track of your passwords. A password manager stores your passwords in a secure vault, which you can unlock with a master password. To help keep them extra secure, you can also use multi-factor authentication.

Password managers, such as LastPass and 1Password, let you use strong and unique passwords everywhere. If you don’t use a password manager, you probably can’t remember all the strong, individual passwords you would need to use. That’s why most people end up reusing passwords on multiple websites, which is dangerous since a password database leak at one website would mean all the other accounts are wide open. A hacker just has to try signing in with that same email address and password combination.

What makes a strong password? Go for passwords that are a minimum of 12 to 14 characters in length, although a longer password is even better. It needs to include not only lower-case letters and capital letters, but numbers and symbols, too. By using a mix of different types of characters, you’re making the password harder to crack. Stay away from dictionary words and combinations of dictionary words. And, don’t use common substitutions, either — for example, “CanadianM00se” isn’t a strong choice just because you replaced the o’s with a 0’s. It’s just obvious.

Use Multi-Factor Authentication

Multi-factor Authentication (MFA) is an authentication method that requires you to provide two or more verification factors to gain access to a device, an online account, an application, or a Virtual Private Network (VPN). Rather than just asking for a username and password, an MFA, such as Duo Security and Google Authenticator, requires one or more additional verification factors. If cyber criminals gain access to one piece of information, such as your password, they would still need to provide additional pieces of information to successfully gain access to your accounts. According to research by Microsoft, 99.9% of cyberattacks can be blocked by using multi-factor authentication.

Foolproof Protection with Antivirus 

Many people find that just by regularly updating Windows/Windows Firewall and Defender, only downloading authorized Store Apps on their phone and Google Chrome, they do just fine keeping viruses at bay. There are some tools which antivirus software wants to block, even with artificial intelligence (AI) and machine learning, so it can be more trouble than it’s worth. As well, using an antivirus program means that a lot of resources from the memory and the hard drive is being used. As a result it can slow down the overall speed of the computer.

But for those who are not confidently ‘tech literate’ and want easy peace of mind, antivirus software like Norton can provide all-round protection against the latest cyber threats. Antivirus providers are constantly updating their internet security software packages to protect against ever-increasing threats to our online lives, including pop-up ads and spam websites that viruses can use to infect your computer and damage your files.

USB and removable devices can also serve as a transmission device for a virus. Have you ever suffered from a slowed down computer or a computer crash after connecting someone else’s USB? It was probably a virus. Viruses can easily be passed on to your computer network via infected files, which can harm your data and files. Antivirus software can scan all removable devices for any potential viruses to make sure that no virus is transferred to ensure your data and files are protected.

You don’t have to be an IT wiz to prevent cyber attacks, just do more to protect your sensitive information than the majority of people, which is usually not very much. Think before you click, and secure your devices by using a password manager, and enabling multi-factor authentication. You may also want to consider the pros and cons of antivirus software, depending on your situation.