Skip to main content

Series on Cybersecurity

The pandemic has accelerated reliance on technology and online solutions, and in many ways our ability to stay connected and productive despite the massive disruption has been a positive development of the last several months. It comes with some heightened risk, however in the shape of cyber threats. As we move more aggressively into a digital world, we are happy to share a few safety tips in a three-part series from the OMERS Cybersecurity team and curated from thoughtful sources.

While many of the same precautions that apply in the physical world also apply in the digital one – like be aware of where you are and who might be trying to look over your shoulder – there are some unique challenges and solutions for navigating online.

Like flossing, these are good hygiene measures.

Topics below include:

  • Practicing good password etiquette

  • Securing social media and email accounts

  • Store Your Data Securely and Know Your Back-up Procedures

  • Apply Updates to Your Mobile Devices, Computers and Applications

  • Be on Guard for Phishing and Spear-Phishing Messages


Cybersecurity series: Week 3

Friday, October 2, 2020

In the third installment of this three-part series, we look at Phishing and Spear-Phishing messages and how to stay one step ahead of them.

Be on Guard for Phishing and Spear-Phishing Messages

There was a time when building a strong enough security fence kept would-be hackers out. Attackers now fully realize that employees can be tricked into opening a door or window that will let them inside. Phishing is a fraudulent practice designed to trick an individual into revealing sensitive information by disguising their identify as a trusted entity. Spear-phishing targets a specific individual with specific information that has been harvested from social media and other readily-available public sources.

“Phishing has now taken over as the primary way to initiate an attack on an organization and lures that are being used are often sophisticated and very easy to fall for,” said Blair Radbourne, OMERS VP, Cybersecurity. “It has been particularly disturbing to these phishing lures attempt to capitalize on the pandemic, preying on people’s fear to trick them.”

A few tips to help stay one step ahead:

  • Hover over links embedded in emails before clicking them to see where they are going to take you. Be wary of suspicious links - don't click without confidence.

  • Read the actual email address in the sender’s email to make sure it is legit. Don’t recognize it? Don’t click it.

  • Watch out for urgency, spelling mistakes, grammatical errors.

  • Use anti-virus or anti-malware software on computers.

Additional resources:

  • Email Fraud/Phishing - Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information...

  • Common threats to be aware of - Learn about the latest online scams and what you should know to ensure safe Internet browsing...


Cybersecurity series: Week 2

Friday, September 24, 2020

In the second installment of this three-part series, we look at data storage security and the importance of applying regular updates to your devices.

Store Your Data Securely and Know Your Back-up Procedures

Many people don't realize just how important their data is until they lose it. It is important for not only businesses, but individuals as well to make sure their data is backed up in case of an emergency.

Here are a few tips to help keep your data securely backed up.

  • Use only new USB memory sticks purchased by you or someone you know. Do not use USB sticks on untrusted computers.

  • Secure data stored in the cloud or online by turning on the available security features.

  • Back up your vital personal information and know where you have it backed up.

  • Practice recovering your data at least once. This way you'll know what to do if you become a ransomware victim.

Related Articles and additional insights:

Apply Updates to Your Mobile Devices, Computers and Applications

Applying updates can be time consuming and it is easy to continuously hit the "remind me later" button to keep delaying them. However, updates contain more than just new features. Updates provide vital security enhancements to help protect your devices.

  • These updates are crucial to your security; they contain security "patches." Don't Ignore them.

  • Be sure to apply updates to your mobile applications in addition to your device operating systems and get them to automatically update.

Related Articles and additional insights:

  • Why Software Updates are Important- You’re hard at work on your computer or device and a message suddenly pops up saying, “a software update is available”. You’re busy, so you click “cancel” instead of “install”, thinking you’ll get to it later, but you never do...

  • 5 reasons why general software updates and patches are important -
    You’re probably no stranger to those little pop-up windows. They tell you software updates are available for your computer, laptop, tablet, or mobile device...


Practice Good Password Etiquette

Friday, September 18, 2020

In 2011, the most common password was “password.” By last year, we hadn’t really moved the dial on creativity or self-security, with the most popular password choice of “123456.”

Everything, from your bank to your video streaming service requires a password, and security-conscious sites will recommend that you change your password regularly. In the interests of keeping track, the temptation to pick a simple solution – and repeat it often – is understandable. But in this case, the simple answer is not the best one.

OMERS VP of Cybersecurity, Blair Radbourne, offers this advice. “Think of it as a lock and key. To protect your home, you want a key that isn’t easy to duplicate, and you wouldn’t leave that key sitting in the lock or taped beside the door. Your password has the same power to protect your information as the key to your house has to protect your family and possessions. Hackers are increasingly sophisticated, and security starts with a solid password.

Equally important is what you do with that key. Keep your password confidential, and keep in mind that no OMERS employee will ever ask you to share this information.”

Top tips for Good Password Etiquette:
Your password is the key to your personal information, which is why practicing good password etiquette is the best defence for keeping your information safe and secure. A few tips:

  • Use unique passphrases and complex passwords

    • Do you have a favorite phrase? How about lyrics to a favorite song? Combine the first letters to make a strong, personal, password

    • For example, dpayei1b – stands for “don’t put all your eggs in 1 basket”

  • Don't share passwords

  • Don't use the same password for multiple accounts, websites or devices. Consider using a password manager (see below).

  • Use Multi-Factor Authentication (MFA – see below) when available

  • Use account backup features when available

    • For example, Gmail accounts can be linked to mobile devices to prove you are you when requesting a password change

  • Don't use your browser’s 'remember' password function on sites where confidential information may be transmitted.

Key Definitions:
Password Manager - a software application used to store and manage passwords a user has for various online accounts and security features. Password managers store passwords in an encrypted format and provide secure access to all password information with the help of a master password.

Multi-factor Authentication (MFA) - also called two-step verification or dual factor authentication. This is an extra layer of security in which users provide two different authentication methods to verify themselves.

Secure Your Social Media and Email Accounts

Research conducted at the end of 2019 found that 90% of online Canadians use social media. That’s a lot of Facebook pages and cat videos (which we happen to love, by the way).

While social media platforms have helped with information sharing and staying in touch with people, the rise in usage also means greater potential for identity theft.

"Social media has been really helpful in keeping us connected, especially when we are physically keeping our distance,” said OMERS Director of Cybersecurity, David White, “But it is also a feeding ground for people looking for personal details that can be used to compromise your passwords or duplicate your identity.”

Here are some tips to help you stay socially safe:

  • Use as many security options (settings) as you can for each social media and email platform.

  • Use Multi- Factor Authentication for an additional layer of security.

  • Think about the information you are sharing – if your password is connected to the name of the street you live on, you might want to leave it out of your posts.

  • Do not use your social media to log into other web accounts.

Related Articles and additional insights and information:

Disclaimer: The opinions and suggestions above are provided for informational purposes only. OMERS AC and its affiliates and other investment entities make no representations, warranties or guarantees as to the completeness, reliability or accuracy of the information. Please consult with your service providers and/or other professionals for advice on the above subject matter. OMERS AC and its affiliates and other investment entities are not responsible or liable in any manner for your use of or reliance on the above information.







The opinions and suggestions above are provided for informational purposes only. OMERS AC and its affiliates and other investment entities make no representations, warranties or guarantees as to the completeness, reliability or accuracy of the information. Please consult with your service providers and/or other professionals for advice on the above subject matter. OMERS AC and its affiliates and other investment entities are not responsible or liable in any manner for your use of or reliance on the above information.