Cybercrime

Stay safe online by learning how to protect your personal information, recognize scams and respond to digital threats.

Today, much of our daily life happens online—whether we’re using smartphones, social media, or home and work computers. As technology evolves, so do cyber threats, with criminals constantly finding new ways to access personal information and accounts.

Staying safe online starts with simple, everyday habits. Use these practical cyber safety tips to protect your personal information and keep your family secure:

Secure your devices and accounts

Set strong, unique passwords for your Wi-Fi, email, and social media, and turn on built-in security features like two-factor authentication whenever possible.

Know the platforms your kids use

Take time to learn about the apps, games, and websites your children are using so you can better understand potential risks.

Keep computers in shared spaces

Encourage device use in common areas of the home so you can stay aware of your child’s online activity.

Set clear expectations about sharing

Talk to your kids about why they should never send or share inappropriate messages or images—these can have lasting impacts and may even lead to legal consequences.

Have open conversations

Make it easier for your children to come to you by talking regularly about inappropriate or harmful content and how to handle it.

Protect personal information

Remind everyone in your household to never share sensitive details like names, addresses, dates of birth, passwords, or banking information online.

Types of cybercrime

Learn about the different types of cybercrime, how they work, and what you can do to recognize and protect yourself from online threats.

Malware

Any software designed to damage a computer, system or network, like spyware or viruses

Phising

Sending fraudulent messages to a user to gather private or sensitive information, like credit cards, social insurance numbers or login credentials

On-Path Attack

A threat actor inserts themselves between two people communicating online and either alters or gathers information from the conversation

Denial of Service Attack

A website or server is targeted and flooded with web traffic to slow or shut down the service

Zero Day Exploit

Threat actors exploit a security vulnerability in software or hardware to perform a cyberattack

Password Reuse Attack

Threat actors gain access to a victim’s password, either through a previous data breach of a commercial service or through other means, and attempt to use the same username and password on other services.

Internet of Things Attack

Refers to attacks on all the various internet-connected devices that are not traditional computers, such as home security systems, smart fridges and vehicles

Protect your business

Safeguard your business by following strategies to secure, prepare and respond.

Secure your business
  • Replace outdated computer hardware, unsupported versions of operating systems and patch hardware/software to latest versions
  • Upgrade or decommission unsupported operating systems/hardware. Ensure software/firmware is up to date with the latest version and any patches are current
  • Close and secure unnecessary ports on your firewall  
  • Ensure Remote Desktop Protocol (RDP) is inaccessible directly from the internet. Close any unnecessary ports on your firewall to reduce the attack surface of the network
  • Enable multifactor authentication wherever possible
  • Consider implementing a mail filtering service to lower the risk of phishing emails being delivered to email inboxes.
  • Train and educate staff on detecting phishing emails (scrutinize emails before clicking links or attachments)
  • Be aware that some ransomware attacks can originate from compromised emails of legitimate business partners
  • Consider implementing data loss prevention measures to mitigate against the risk of data exfiltration
Have a plan
  • Have a disaster recovery plan, which is a step-by-step process to get back up and running, and ensure there is a hard copy of the plan available. Test the plan periodically
  • Have offline backups, which includes all business-critical data at a minimum
Know how to respond
  • Isolate unaffected devices and servers from the network if possible
  • Try and preserve evidence if safe to do so (i.e. network/firewall logs, ransom notes, suspicious files should be zipped and password protected)
  • Enact your disaster recovery plan, recover/restore from backups

Cyber Attack Awareness Training

York Regional Police offers Cyber Attack Awareness Training (CAAT). For more information, email CAAT@yrp.ca