Cybersecurity in light of the events in the Ukraine

We have received several queries about what should be done in light of the increased risks of cybersecurity attacks given the events unfolding in the Ukraine.

To date we have not seen any new attacks on businesses in Canada that are related but we know that these are going on in other parts of the world.

As of now the best thing to do is to assess your degree of risk and then decide what if any, action is necessary.

Obviously Ukraine and NATO countries would be at the highest risk (including Canada). I would say these sectors are more at risk than other sectors: Government and Government Agencies, Finance and Energy sectors.

For all companies you need to take the standard precautions:

1)  Be vigilant with your email.

-   Do not open attachments you are not expecting. 

-   Do not click on links that look “weird”.

-   Do not succumb to requests to enter or renew passwords. 

2)  Train your staff by running “fake” phishing email attacks to see how your staff responds.

3)  Get training for your staff if you think that is needed.

4)  Do not give out private information that you may use elsewhere to answer security questions on face book such as “What was the first car you drove?”. These types of questions are often designed to gather personal information about you.

5)  Have an MFA (multifactor authentication) also known as 2FA on all email and sites you log in to.

6)  If you are still on POP or IMAP email move to MS 365 email.

7)  Get a proper spam filter on your email.

8)  Monitor your email for logins from countries outside of Canada.

9)  Use encrypted email for confidential information.

10) Have a proper firewall in the office.

11) Make sure windows security patches are kept up to date.

12) Make sure you have a proper Anti-Virus.

13) Make sure your computer is monitored in the event of your Anti-Virus detecting an issue.

14) Have a proper (monitored) backup (not a security measure but can help you recover if there is a breach).


Remember security is a matter of layers – the more layers you have the more secure you will be. Nothing is 100%.

If you are in a high risk area you may also want to add a SIEM (Security Information and Event Management) program. A SIEM program provides 24/7 security. It detects any attempts at intrusion, often block such attempts and in the event of a successful intrusion would shut things down to mitigate the damage. It would also be able to identify what files were accessed and what files were compromised. The SIEM is monitored 24/7 by a Security Operations Center (SOC). The SOC, staffed by live people 24/7, monitors attacks all over the world. They can see attacks spreading to Canada often before it reaches us allowing us to take preventative action.

Once you have a SIEM in place you may want to have pen testing done which would run a series of simulated attacks from outside and from within your firm to identify any security issues. 

If you'd like to discuss or implement any of the above, be sure to call us at 416-805-9296.