(file photo/battlefordsNOW Staff)

By Tyler Marr

CYBER SECURITY

Education key to prevent city from falling victim to fraud

Aug 16, 2019 | 5:00 PM

You can have all the security measures in place but it only takes one person to click on a bad link to put an entire organization at risk.

Those comments are from the City of North Battleford’s IT coordinator Daniel Aucamp in the wake of the City of Saskatoon falling victim to a $1 million spear-phishing attack.

On Thursday, Saskatoon’s city manager said a fraudster electronically impersonated the chief financial officer of a construction company that has a contract with the city. The culprit asked for a change in banking information for the next contract payment and the city complied.

Once the city realized what happened, the internal auditor, Saskatoon Police and other authorities, including banks, were notified.

“This incident is a serious criminal matter, and the city is working hard to recover these funds, minimize the opportunities for this to occur in the future, and to co-operate with the police in this investigation,” Mayor Charlie Clark told reporters at a news conference.

BDO Debt Solutions

Deck the Halls Without Breaking the Bank: Tips for a Budget-Friendly Holiday

12h ago

strong reputation

North Battleford wins gold in provincial volleyball championship

13h ago

POSTAL STRIKE IMPACT

Chamber reaction: Postal strike in rural Sask. sparks concerns for businesses and holiday shipping

14h ago

Aucamp said he was not surprised when he heard the news as phishing attacks are extremely common and directed to nearly everyone. He said big fish, like Saskatoon, are highly sought after targets as fraudsters can come out with substantial paycheques.

“Attacking small mom and pop business, they can’t pull out $50,000 or $100,000 or $1 million,” he said. “Whereas a big city like that, they deal with big contracts and big suppliers. Big transactions are not that uncommon so it is easy to slip this through the cracks and get away with it.”

He said the city has expected means of cybersecurity in place, be it firewalls and keeping activity under security certificates, and regularly broadcasts memos to internal users to make them aware of new threats, how best to protect themselves and what to do should something happen.

However, Aucamp said many attacks have no real solutions and rely on the people who receive them to be able to decipher whether or not it is legitimate.

“There isn’t any defence against it other than user training,” he said, highlighting this as a key to keeping the city secure.

“It doesn’t even have to be full-on training, just letting people know, ‘Hey, this is a threat and this is what it looks like. Watch out for this and watch out for that,’” he said. “It is crucial.”

— with files from CKOM

—

tyler.marr@jpbg.ca

On Twitter: @JournoMarr