Protect Your Business or Organization Online or While Mobile

Here are three things you can do to protect your business or organization from spam and other electronic threats:

Protect Your Computer, Networks and Electronic Devices

Keep your software and operating system up to date on your computer(s) or electronic device(s).

Make sure you have security software, including anti-spam, anti-virus and firewall protection on all your organization's computer(s) and electronic device(s) and keep them up to date.

  • Anti-spam software can scan email before it is received and automatically get rid of known spam. Web based email services generally filter spam before it reaches your inbox.
  • An anti-virus program protects against malicious software such as malware, adware, spyware, viruses, and Trojans.
  • Firewall protection helps control traffic to and from an individual computer. Make sure to choose a firewall that provides both incoming and outgoing protection.

This type of security software can be all purchased from a security software company. Look for a reputable company and do not accept offers made through suspicious types of solicitation, such as random phone calls, pop-up advertisements, etc. These could be fraudulent or contain malware.

You may also find firewall protection through the Operating System(s) (OS) of your computer(s) or device(s).

If your business or organization operates a network of computers, you should also enable a hardware firewall. Most network technology devices that pass data between networks, such as routers, come with built-in firewall components that can be enabled and modified to suit the preferences and needs of your organization.

Wi-Fi Networks:

You and your employees may find yourselves wanting to use Wi-Fi networks when travelling or working outside of the office. While there are some risks to accessing these public networks with your electronic devices, there are definitely some simple ways to reduce those risks:

  • Make sure you're on the correct network. Fake or "evil twin" hotspots are sometimes created in the same location as legitimate hotspots, and it can be very difficult to recognize if you are on the wrong network. Therefore, before connecting,, check the name of the network with the host (for example, at a coffee shop ask at the counter for the network name and password if there is one).
  • Never surf without enabling your firewall.
  • When possible, enable the Secure Sockets Layer (SSL) encryption in the settings of the sites you visit (like email or social network sites) which scrambles and protects your data. This is usually found under "privacy" or "account" settings.
  • Where available visit the secure HTTPS version of sites and not the unsecure, regular HTTP site—in particular when you are making transactions and exchanging sensitive data. Be mindful of the URL in the address bar while you're exchanging sensitive data—if the 'S' disappears you should log out right away.
  • Try to avoid exchanging sensitive information while on public Wi-Fi networks. Remember that once you are on the network, it is much easier for anyone else on the network to see what you are doing.
  • If you find yourself using public Wi-Fi a lot, using a virtual private network (VPN) makes a lot of sense. It will direct all your web activity through a secure, independent network that encrypts and protects all your data. You can set up a VPN for your business or organization.
  • If you're using your computer or device in a public Wi-Fi zone, but you're not on the Internet, it doesn't hurt to turn the Wi-Fi function off on your device. Doing so could prevent a spammer from connecting to your device.

Protect Your Electronic (Email) Addresses

Consider creating an employee email policy that restricts the amount of personal email sent through business email addresses. This will reduce electronic threats such as viruses that can come, unknown to the employee, in videos, pictures and links from personal contacts.

Know where your company email addresses and mobile numbers are being posted. Posting an electronic address anywhere on the Internet can attract spam. Share your company electronic addresses, where possible, only with people and organizations you know and trust. If specific email addresses at your business are getting a lot of spam, consider replacing them with new addresses.

Find out if your Email Service Provider (ESP) supports email authentication technology. This technology creates a digital signature on all messages being sent from your domain. This allows recipients to verify that your message was actually sent from your domain and that the message was not changed while being sent.

If posting your business email address to a website, do not use the '@' symbol, instead use a format such as "jane at myDomain dot com". This can help prevent "spambot" software often used to extract email addresses, from recognizing it.

Protect Your Business or Organization

Use Caution and Judgement

Ask your employees to use judgement when deciding whether to open unwanted messages. If it looks suspicious, it may be malicious spam. Unfortunately, there is no way to know for sure whether or not a message is safe. The best you can do is to reduce your risk by using your judgement and following these tips.

  • Don't reply to suspicious spam. If the message seems at all suspicious to you, don't respond. Never reply to, or click on a "remove" or "unsubscribe" link in a suspicious spam message. If you do respond, it can confirm your address and cause your business to receive more spam.
  • Once Canada's new anti-spam law is in force, messages coming from businesses and organizations with whom you have a business relationship should have a working "remove" or "unsubscribe" link that you can use to tell the sender that you no longer wish to receive their messages.
  • Ask your employees not to visit websites or try or buy anything advertised in a spam message. In particular, advise your employees to beware of clicking on links in suspicious emails. They are not necessarily what they appear to be and may take them to a different website without them realizing it. If they decide to visit a website that appears in a suspicious message, it's better for them to type the address in their web browser.
  • Attachments included in emails may have software that could harm your company's computer network, the computer's performance or steal confidential information. Malicious software can corrupt your computer network and computers or take over your company's email account so as to send viruses to other people. Advise your employees to only open attachments in emails from someone they know.
  • Fraudsters can also make messages look like they come from people you know; this is called "spoofing". If you are unsure about an email message, don't open it. Use an alternative method of contact to reach the sender. Look up the contact information for the organization on their website, in the phone book or on printed correspondence you may have from them—the contact information provided in the original email could be false.

Develop Good Practices

Use alphanumeric passwords that use a combination of numbers, character symbols and letters in upper and lower case. This makes it hard for people to guess your password. (Example: User name: JohnRobert, Password: An!C4nadi*n).

Only buy software from a legitimate dealer. Malicious software can corrupt your computers and networks, or hijack your email accounts to send viruses to other people.

Create an Internet and email usage policy for employees:

  • Prohibit employees from visiting certain websites that may put the security of your network at risk.
  • Advise your employees not to visit websites or try to buy anything advertised in a spam message.
  • Create rules to reduce the amount of personal email sent through business email addresses.
  • Create guidelines for employees who download and use software, including a list of software that you know are safe.

Report fraud caused by spam and other electronic threats. If you or your business is a victim of fraud, report it to the Canadian Anti-Fraud Centre, your local police, the credit bureaus and your bank so they are aware of the situation.