Submitted by Election Admin on Wed, 09/16/2020 - 09:26 Do you see a role for CIRA in educating Canadians on phishing and social engineering as part of it's security projects? Given CIRA's role in providing .CA domains & associated DNS infrastructure, plus it's none profit status, CIRA is in a unique position to play a key role in providing awareness of ongoing phishing and social engineering as part of it's security projects. There are many bad actors trying to phish your data & steal your identity. I have recently downloaded the Canadian Shield. The Canadian Shield is free and gives you another layer of protection from malicious sites. It took 3 minutes to install on my MAC. Go to the CIRA website to access. As you may also know. I am one of the 5 nominees for the Board of Directors. I very much look forward to this campaign & hearing your views on the associated topics. Cheers Dan Byron Educating the public about phishing and social engineering practices should definitely be within the projects sponsored by CIRA. CIRA can also encourage an analysis of best practices from other jurisdictions, such the EU. Keeping the public safe when accessing .CA domains and maintaining their trust in .CA websites is critical to ensure the .CA domain remains valuable and sought-after. Countries that have domains associated with fraud and other practices tend to see the value of their domain decline when access is blocked due to preventative measures or avoided by individuals. The government of Canada has released a Digital Charter containing 10 principles supporting digital privacy and other data rights. Promotion of this charter and subsequent changes to the Personal Information Protection and Electronic Documents Act (PIPEDA) by CIRA and its constituents is a sound action. The short answer is Yes! CIRA already does a great job educating Canadians by writing blog posts, offering free resources and tools (like the Canadian Shield mentioned by Dan), as well as offering fee-based training for larger Canadian organizations who need to keep their employees up to date on cybersecurity. Rob Williams wrote a great post in the CIRA Blog called "Watch out for this new phishing attack on Amazon Prime Day". It's worth a read. https://www.cira.ca/blog/cybersecurity/amazon-prime-day-phishing-attack The Canadian Shield link from Dan's response is here ... https://www.cira.ca/cybersecurity-services/canadian-shield Good evening all. Yes! I agree the CIRA is in a unique position to provide advocacy for phishing and similar practices to the community. Reference materials as noted from other responses can be easily shared and promoted as needed! Jennifer As a Newfoundlander, I feel compelled to respond to a question about “phishing”:) It is a serious problem, however, and definitely within CIRA’s purview as part of its security projects. In addition to the suggestions by previous posters, CIRA could promote the national public awareness campaign at getcybersafe.gc.ca and the upcoming Cyber Security Awareness month, October 2020. CIRA is well-positioned to partner with other organizations to educate Canadians regarding internet safety and security. https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month This issue is important as it relates to the importance of the internet as a safe communication network. I think that CIRA could be very successful in providing tool to fight these security threats. I would support strong involvement of CIRA regarding educating on phishing. Lots is already done but seems that little is known in the general population and communities on tools and protective measures. I would emphasize communication. MRioux Yes, I do see a role for CIRA in educating Canadians on phishing and social engineering as part of it's security projects. This is especially evident now during these extraordinary times. The vulnerable are youth as social media has become their current source of education and maintaining communication with "friends". The other vulnerable are seniors wanting to keep "busy" and conducting numerous internet searches. They are being targeted via various means and eventually building "trust' with the information being transmitted to them. The youth feel they are invincible and won't be affected; the seniors are naive to the consequences of some sort of phishing or hacking. Of course, no one is "immune" so the more Canadians are educated, the better for our internet community of .ca. Joanna Starczynowski Absolutely! With CIRA’s Canadian Shield product, the organization has moved into the realm of cybersecurity. Given the number of hacking attacks around the world with individual and rogue state actors, this is increasingly becoming an issue. CIRA can take the lead not only on a product front but also on an advocacy and training front to protect all Canadians. Some examples might be sponsoring the development of curriculum in schools to educate children at a young age and also working with the financial community to educate their customers on phishing techniques. Recent RFPs from Federal Government agencies have asked for products to simulate phishing attacks to heighten employee awareness and I feel that these types of solutions could be made more broadly available via CIRA. I completely agree Joe. In addition to the Canadian Shield product, CIRA does have a Cyber Security Awareness training service they offer to businesses. The Canadian Shield (which I've enabled on my MAC) is a free security service currently enabled by 80,000 Canadians. As you know, it blocks access to malicious sites and phishing and leverages Akamai threat feeds. More promotion of this tool would provide a great service to the Canadian Household. As a BOD member, I would also investigate allowing the Canadian Household access (for free) to the Cyber Security awareness training service. The combined tools would provide a great benefit to Canadian Households.