When it affects infrastructures or essential services such as electricity networks, telecommunications, transport systems, banking services or major government sites, a cyber attack causes disruptions that can greatly jeopardize services for the public, and have very serious economic consequences.
A cyber attack is a malicious act by persons, groups or organizations against a computer system that is intended to destroy or damage it, fool it or take control of it in order to carry out illegitimate operations or steal data. A cyber attack can be against a computer, a server, peripherals (printers, external hard drives) or mobile communication devices (smartphones, digital tablets). Such an act is usually committed through a local network or an Internet connection.
Find out about safety rules
Everyone is responsible for keeping hackers at bay.
Find out about the rules, policies or codes of conduct that apply to your work environment, particularly regarding access to networks, browsing the Internet, downloading software or programs and using peripheral equipment.
You can also look for information on your own about the various threats encountered on the Internet and the code of conduct (in French only) that you should follow in order to browse safely.
The government takes the necessary measures to ensure the security of information (in French only) that is communicated to it by the public.
Follow safety instructions
Within organizations, network administrators are asked to limit the number of authorized applications, install patches for the various applications and operating systems used, and closely correlate administrative privileges with user duties. As a staff member, you must follow established safety rules and procedures carefully. Here are a few basic instructions:
- Do not disclose your passwords to anyone.
- Avoid using a personal USB key or external drive for purposes of work.
- Always lock your work station when you leave, even for a short time.
- Report any suspicious incident to the person in charge of computer-related security.
At home, the following steps can prevent or reduce the impact of a computer-related security incident:
- Make sure you have up-to-date software, anti-virus software and a firewall.
- Check whether your computer and network are securely configured. If needed, request the help of a specialist.
- Create long and difficult-to-guess passwords that include numbers, upper and lower case letters, and special characters.
- Do not disclose your passwords to anyone.
- Do not use the same password twice and change it regularly.
- When registering with a website or for Web service, make sure you choose security questions the answers to which only you know should you forget a password.
- Avoid clicking on hypertext links in unsolicited emails.
- Before opening email attachments, make sure you know what they are.
- If you decide to answer emails from persons or organizations unknown to you, avoid providing personal information.
- Consult only reliable sites, i.e. sites of known organizations. To help you identify counterfeit sites, pay special attention to the spelling and overall visual appearance of the sites.
- Carry out your transactions only on secure sites. Secure websites have an Internet address that starts with “https” or have a padlock or lock icon on the page.
- Be careful when providing personal information.
Ensure that your mobile communication devices (smartphones, digital tablets) are secure at work and at home:
- Activate the automatic locking feature after a period of inactivity or when the device is not in use.
- Adjust the security and confidentiality parameters before downloading and installing applications.
- Download applications from reliable sources. If you won it be using an application again, delete it.
- Make sure that the operating system and applications are kept up to date.
- Be extra careful if you use public or unknown wireless networks.
- As needed, use software that enables you to remotely monitor and lock your mobile devices, or even to modify or delete content.
Since mobile devices are replaced often and may contain sensitive information, follow these recommendations before disposing of a device:
- Erase the data by wiping the device using the reset option.
- Transfer the Subscriber Identity Module (SIM) card, external card, or Secure Digital (SD) card, if the device has one, to the new device. Otherwise, make sure it is unusable.
Your judgment is your best prevention tool. If you are uncertain about a piece of information, a request for assistance or a financial offer that seems out of the ordinary, it could be a cyber attack attempt. Remain vigilant. Learn how to protect your identity (in French only).
Take action if you note problems on the Internet
If you are the victim of an attack on the Internet, take the following actions:
- Scan your computer with your anti-virus software to check whether the computer has been infected and, if so, remove the virus.
- Proceed with a complete restoration of your computer if necessary.
- Contact an expert if you believe that your computer is still not operating properly.
If you think you have witnessed a criminal activity on the Internet, file a complaint with the Sûreté du Québec or your municipal police force. In such cases, start by taking the following measures:
- Note the information that seems suspicious.
- Keep images of what you see by using the “Print Screen” function. Those screenshots could eventually help in the investigation.
- Keep a log of the actions taken.
Other useful links