As the number of Canadians working from home grows, so do the risks they face as they work online.
Working on unsecured networks or devices sets you up to be scammed by those wonderful folks among us looking for the easy score.
Pandemic-related scams are growing, it appears very certain.
In a CBC News story published Thursday, Catharine Tunney reports that a couple of major players in the security game are teaming up to do something about that.
They’ve created something they’re calling the CIRA Canadian Shield–a protected domain name system that prevents Canadians from connecting to a malicious website that might infect their devices and steal their personal information.
In everyday lingo, it’s called a threat-blocker.
It’s new and it’s free--created by the Canadian Internet Registration Authority, or CIRA, a not-for-profit agency that manages the .ca internet domain, and Communication Security Establishment, Canada’s foreign signals intelligence agency.
CIRA, Tunney writes, is supplying the threat-blocking technology and the CSE’s Canadian Centre for Cyber Security is providing its threat intelligence services–essentially a list of the people out there in cyberland looking to scam.
“For any piece of malicious software to get to you, 90 per cent of it relies on knowing the address book of the Internet,” Scott Jones, head of the cyber security centre, told Tunney.
“What we do is when we know it’s malicious, CIRA makes sure that you don’t get told to go to the bad address. It stops you from getting to the bad place.”
Jones says work on the project began before the COVID-19 crisis took hold and is not limited to scams stemming from the virus.
“We’re not just feeding in information about malicious attacks that are COVID-related. We’re feeding in anything we see from any criminal activity that’s targeting the government, or that we’re getting made aware of. Any state-sponsored type activity as well that we can block, we’re putting it in there,” he said.
“Basically, anything we’re using to defend the government of Canada we’re now making available for all Canadians, so that they can protect themselves.”
Tunney writes that the Communication Security Establishment is restricted in its ability to collect data on Canadians but collects a wide array of foreign communications related to Canada’s interests — including phone calls and emails.
And, she notes, the CSE has been reprimanded over its metadata collection practices in the past.
As the Canadian operator of the threat-blocker, CIRA would have to comply with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act.
A CIRA spokesperson, Spencer Callaghan, told Tunney the authority has committed to a full annual privacy audit by a third-party auditor.
With files from CBC News (Catharine Tunney), RCI (Marc Montgomery)