Continued COVID-19 stay-at-home orders and spending more time online have made 78 per cent of Canadians feel more vulnerable to fraudsters, an increase from 72 per cent reported in the same period a year ago, a new report says. Cybersecurity experts add that the increase is caused by hyper-awareness of cyberattacks.
Equifax said in its March 1 report that because Canadians are spending more time online buying groceries, arranging curb side pick-ups, and ordering restaurant deliveries, they’ve become more “attuned and concerned about the threat of fraud and identity theft.”
The report noted that 54 per cent of Canadians said they felt vulnerable to fraudsters when using public Wi-Fi and ATMs, an increase from the 46 per cent that was reported last year.
Sumit Bhatia, director of communications and knowledge mobilization with Ryerson University's Cybersecure Catalyst, said in an interview he wasn't surprised with the increase adding that our online habits have changed since the pandemic. He added that Canadians feel more vulnerable because they are a lot more conscious of their digital behaviours.
“The level of awareness around the use of technologies has risen, which means that we are by default more conscious of our activity and its potential impact as it relates to cybersecurity,” he said.
Bhatia added that because we’re spending more time online doing work or shopping for things, the number of touch points between technology and our interactions with other people has increased on a day-to-day basis.
“You’re going into a store, you’re pulling out your phone, you’re checking your email so you can show somebody a receipt. The number of touch points that have happened between physical interaction and actual technology is starting to change and it creates more vulnerability in our systems,” he said.
Ritesh Kotak, a technology and cybersecurity expert, said in an interview that the vulnerability also comes from not having proper training on cybersecurity measures. He said at the start of the pandemic, most companies rushed to send employees home without thinking about the cybersecurity protocols necessary to keep them protected and feel safe.
“It was a rush to implement,” he said. “As a result, we became more vulnerable. Add to that greater reporting mechanism, media coverage, it created the perfect storm.”
The report added that millennials (18-34) also lag “in their understanding about the risks of fraud and identity theft.” Fifty-seven per cent of millennials wouldn’t know what to do if someone committed fraud in their name, compared to 49 per cent of individuals who are 35 and older, the report said. It added that 19 per cent believe that identity theft happens to other people and not them, compared to 8 per cent of Canadians who are 35 and older.
Bhatia said millennials have a different relationship to technology, especially when it comes to cybersecurity. He said that the culture of cybersecurity has not been passed along in the same professional capacity as it has for older individuals.
“Millennials are entering the workforce at a time where they haven’t had an opportunity to truly understand how some of these security dynamics work. You’re seeing people in terms of starting their first job working from home,” he said.
“They’re functioning on a very [bring-your-own-device] model, and I feel that that potentially has a contribution here as well in that personal practices have blended into professional practices.”
In 2020, the Canadian Anti-fraud Centre received over 101,000 fraud reports involving nearly $160 million in reported losses.
Kotak added that it might be beneficial for Canadians to undertake cybersecurity drills at their workplace so that they have more knowledge and feel less vulnerable.
“Create a simulation. A cyber drill. What do we do? How do we protect our data? Do we have the right backups? How do we actually report this internally? What shouldn’t we do when this happens? It’s similar to a fire drill,” he said.
“It comes down to education. Whether it be public awareness campaigns, whether it be stuff whiting organizations, I even think cybersecurity training should be mandated by organizations. These are basic things that will alleviate some of those pressures.”