Be proactive in 2024: Make online security your New Year's resolution

What can we expect from a cyber security perspective in 2024? The threats we’ve come to know and dread – social engineering, phishing, ransomware – aren’t going away. Unfortunately, they’re only becoming more sophisticated, more frequent and more harmful.

How do you protect yourself and your family? Leigh Tynan, Director of TELUS Online Security, has some insights and advice. She shares her top three threats heading into 2024, how identity theft is evolving and why being proactive is so critical to staying secure.

Looking ahead to 2024, what are the biggest security trends to be aware of?

LT: Artificial intelligence (AI) is number one on my list. There are two sides to this coin. On one side, bad actors are using AI to make threats more sophisticated. We’re starting to see deep fake social engineering, where hackers mimic voices and faces to fool people, and AI allows them to adapt much more quickly to evade detection. On the flip side, security experts are also using AI to improve how they identify, predict, detect, defend and guard against risks. It’s an interesting dance that’s taking place between the forces of good and evil. We’re also seeing another evolution of phishing attacks with the maturation of AI. They are becoming more sophisticated, with bad actors using personal information they know about you (sometimes obtained with the help of AI) to make these attacks more personalized. Third, AI is also fueling a new wave of ransomware attacks because AI makes it easier to launch them. Individuals and organizations will start to see them grow in frequency and severity.

In 2023, you highlighted identity theft as a major threat. How has it evolved in the past year?

LT: Identity theft is an outcome of the threats I mentioned above. AI increases the sophistication, complexity, frequency and success of these attacks. And typically, it’s your identity that’s at stake. Just recently, one of our team members who subscribes to TELUS Online Security received a notification that a credit card had been opened in his name. The hacker somehow got access to his personal data and was able to change all the identifying information to take over his credit file. Because he received immediate notification, he was able to put a stop to it right away. According to a recent TELUS IDC study* three in four Canadian organizations have experienced a data breach, with the majority of these breaches occurring in the past three years. This means there’s a gold mine of data out there on the dark web that bad actors can use to compromise someone’s identity.

What are some signs that your personal information may have been leaked or your identity compromised?

LT: It really depends on whether you’re looking or not. If you’re not monitoring, you may not see it. Go back to the case of our team member. He received a credit monitoring notification about changes to his credit profile, so he could take action. For most people, if they aren’t being proactive, the first hint they get is when the collections agencies start calling. By that point the damage has already been done. Other signs to look for include an increase in junk mail, a bigger influx of spam email or someone hacking your social media.

If someone suspects their personal data has been compromised or they have been a victim of identity theft, what immediate steps should they take?

LT: You have to ensure you report it appropriately. This means:

1. Report it to the local police, the Canadian Anti-Fraud Centre and the Better Business Bureau. When someone reports the crime, it helps to raise awareness about the threats out there and what people should look out for.
2. Contact Equifax and TransUnion, the two main credit reporting agencies in Canada, and ask them for a copy of your credit report to review if there has been any suspicious activity. You can also ask Equifax and TransUnion to place a fraud alert on your file to help prevent bad actors from opening new accounts or making changes to existing accounts.
3. Contact your financial institutions and credit card companies; you may need to change your account numbers and log in credentials.

It’s also important to follow up and take the required actions anywhere you think your personal information has been compromised. Step up your personal security by changing passwords.

These actions will help minimize the damage caused by your data being exposed, but it's important to take proactive measures to avoid it from happening in the first place. Sign up for a service like TELUS Online Security for proactive dark web and credit monitoring, notifications and the assurance of recovery services if needed. We are all vulnerable, and unless we take proactive measures to help protect our data and get notified when it has been exposed, we often can’t act until it’s too late.

How can people protect themselves?

LT: Passwords! Make them strong and use unique passwords for different accounts. I can’t reiterate that enough. That being said, passwords alone are no longer enough. It’s important to combine passwords with two-factor or multi-factor authentication. Say yes whenever you have the option of choosing added layers of security. Device security and password managers are also critical. And I can’t say it enough – be proactive! Subscribe to monitoring and recovery services to get alerts and have the support you need if you do fall victim.

Where are people falling down most when it comes to personal, digital security?

LT: In general, people are too trusting. Scammers have become more sophisticated in the techniques they use to access our data, so it’s more difficult than ever to distinguish them from acquaintances, legitimate businesses, or even our own friends and family. It’s critical to think twice when we interact with anyone online, especially if they’re asking for information or providing a link to click. Look out for suspicious signs, such as unusual URLs, email addresses and tone. At the same time, based on everything we have just discussed regarding AI and increased sophistication, it is important to understand that even if everything looks okay, take the extra step to validate the legitimacy directly with the sender. If you can’t validate it or have any doubts, don’t respond or click.

We must have zero trust, which essentially means never assuming we are safe. Many companies have taken a zero trust approach to security, which is why we are seeing more frequent requests for validation.

Also, being lax on social media is still a persistent problem. Open profiles, oversharing, playing games or completing quizzes and accepting friend requests from people we don’t know are still some of the most common oversights.

What are your recommendations to stay more secure in 2024?

LT: Don’t wait until there’s a problem. Start subscribing to services that proactively protect you. If you’re currently doing nothing, at least do something. Even a free service is better than no service at all. It’s critical to take that next step to integrate proactive protection. The good news is there are ways to be vigilant that require little time and effort. Solutions like TELUS Online Security do all the work for you behind the scenes, all included in one subscription with a nominal monthly fee. TELUS Online Security provides detection and alerts, as well as recovery services that include a dedicated restoration specialist and reimbursement coverage of up to $1 million for identity theft-related expenses.

Any final thoughts?

LT: Stop thinking, “It can’t happen to me.” Being naive is dangerous. These threats are happening and they’re real. No one can prevent all breaches and identity theft, but there are proven tools that can keep you safer through proactive monitoring and alerts. Once the damage is done, it is so much harder to recover. In 2024, I encourage everyone to prioritize proactive security as their New Year's resolution. It’s never too late to start doing something to protect yourself and your family.

*Based on an online survey of 502 Canadian business representatives conducted by IDC on behalf of TELUS, August 2022.