← BACK TO BLOG
FORMATION

Cybersecurity

M3IK Admin

Cybersecurity in Quebec in 2026: Good Habits to Adopt

image

Who is this article for? This article is for everyone — whether you're a student, a worker, a retiree, or a small business owner. You don't need to be an IT expert to protect yourself online. Threats are evolving, but good habits remain simple to adopt.

Why does cybersecurity matter to you?

In 2026, we do almost everything online: we pay our bills, see our doctor, manage our bank account, and stay in touch with loved ones. It's convenient, but it also attracts bad actors.

In Quebec, cyberattacks have hit hospitals, municipalities, and thousands of individuals in recent years. You don't need to be a large company to be targeted.

Real-life example: Imagine you receive an email that appears to come from Revenu Québec saying you owe money and need to click a link to pay. It's probably a scam (phishing). If you click without verifying, you could be handing criminals access to your bank account.

Use strong passwords (and different ones for each account)

The problem

Many people use the same password everywhere — or one that's too simple, like password123 or their date of birth.

Example of the risk: If a website you use gets hacked and your password is stolen, criminals will try that same password on your email, your bank, your Netflix... and if they get in, it's a jackpot for them.

What to do

  • Use a different password for each important account (email, bank, government).
  • Create passwords that are long and random — at least 14 characters.
  • Use a password manager like Bitwarden (free) or 1Password. Think of it as a digital safe that remembers all your passwords. You only need to remember one master password.

Simple tip: Create a phrase that's easy for you to remember but hard for others to guess: Marc'sDog@Eats3Bones! is much better than Marc1987.

Enable two-factor authentication (2FA)

What is it?

It's a second layer of protection. Even if someone steals your password, they can't log in to your account without a second code.

Real-life example: You log in to your bank. You enter your password, then your phone receives a 6-digit code by text (or through an app). You enter that code, and only then can you access your account. A thief who has your password but not your phone is locked out.

How to enable it

  • Go to the security settings of each account (email, bank, social media).
  • Enable two-step verification or two-factor authentication.
  • Use an authenticator app like Google Authenticator or Authy — it's more secure than text messages.

⚠️ Top priority: Enable 2FA on your email account first. Why? Because if someone gains access to your email, they can reset all your other passwords.

Watch out for phishing

What is it?

Phishing is when someone pretends to be a trusted organization (your bank, Hydro-Québec, Amazon, the government) to trick you into giving up your personal information or clicking on a malicious link.

Warning signs to watch for

  • The sender's email address looks strange (e.g., service@revenuquebec-help.ru)
  • The message creates a sense of urgency: "Your account will be closed in 24 hours!"
  • You're asked to click a link to confirm your information
  • There are spelling mistakes or an unusual tone
  • You're asked for your credit card number or SIN by email

Real-life example: You receive a text saying "Package held at customs, pay $2.99 to release your delivery [link]". This is a very common scam. Canada Post or Amazon will never ask you to pay via a link in a text message.

What to do

  • Never click on a suspicious link — go directly to the official website by typing the address in your browser.
  • If you're unsure, call the organization directly at their official number (not the one in the message).
  • Use the phishing report feature in your email app (usually a "Report as spam" button).

Keep your software up to date

Why it matters

Updates for your phone, computer, and apps aren't just there to add new features. They fix security vulnerabilities that criminals could exploit.

Real-life example: Imagine the lock on your front door has a known defect. Updates are like having a locksmith come fix it. If you ignore the repair, anyone who knows about the defect can walk right in.

What to do

  • Enable automatic updates on your phone and computer.
  • Regularly update your apps (especially web browsers and banking apps).
  • Replace old devices that no longer receive updates — they are vulnerable.

Good habit: Once a month, check for pending updates and install them. Make it a routine — the first Sunday of the month, for example.

Be careful with public Wi-Fi

The risk

Free Wi-Fi networks in cafés, airports, or shopping malls can be dangerous. A criminal can create a fake Wi-Fi network with a name similar to a nearby business ("Tim_Free_WiFi") and intercept everything you send.

Real-life example: You connect to the café's Wi-Fi and check your bank account. Someone on the same network could potentially see your data if your connection isn't well protected.

What to do

  • Avoid doing banking transactions on public Wi-Fi.
  • Use a VPN (virtual private network) if you often use public Wi-Fi. A VPN encrypts your connection, like putting your data in a sealed envelope.
  • When possible, use your phone's mobile data instead of public Wi-Fi — it's more secure.
  • Disable automatic Wi-Fi connections in your phone's settings.

Back up your data

Why?

Ransomware is a type of virus that blocks access to your files and demands payment to unlock them. It's one of the most common threats in 2026. If you have a recent backup, you can recover everything without paying.

Real-life example: A virus encrypts all your family photos and important documents. Criminals demand $500 in bitcoin to unlock them. If you have a backup on a disconnected external drive, you only lose a bit of time — not your data.

How to back up simply

Follow the 3-2-1 rule:

  • 3 copies of your data
  • On 2 different types of storage (e.g., your computer + an external drive)
  • With 1 copy offsite or in the cloud (iCloud, Google Drive, OneDrive)

⚠️ Important: An external drive permanently connected to your computer can also get infected. Only plug it in to do your backups, then unplug it.

Protect your privacy on social media

The problem

We often share far too much information on social media without realizing it. That information can be used to guess your passwords, steal your identity, or scam you.

Real-life example: You post a photo of your new dog and name him Biscuit. You also just answered an online quiz asking "What was the name of your first pet?" — a classic security question used to reset forgotten passwords.

What to do

  • Check your privacy settings — limit who can see your posts.
  • Don't post your address, phone numbers, or travel dates in advance.
  • Be wary of online quizzes and games that collect personal information.
  • Don't share photos of official documents (driver's licence, health insurance card).

Watch out for phone scams

What you need to know

In 2026, phone scams are increasingly sophisticated. Using artificial intelligence, criminals can now imitate the voice of a loved one or an official in a very convincing way.

Real-life example: You receive a call from a voice that sounds like your daughter's, saying she's in distress and urgently needs money. It could be an AI imitating her voice using videos from social media. This is known as a voice deepfake scam.

What to do

  • Hang up and call back the person directly on their regular number to confirm.
  • The Canadian government, the RCMP, or Revenu Québec will never ask you to pay by gift cards or immediate bank transfer.
  • If you're unsure, say "I'll call you back" — a legitimate organization will have no problem with that.
  • Set up a secret code word with your loved ones to use in emergency situations.

Use antivirus software and a firewall

For computers

  • Make sure antivirus software is active on your computer (Windows comes with Windows Defender, which is adequate for personal use).
  • Never disable your firewall.
  • Be wary of pirated software — it often contains hidden viruses.

For phones

  • Only download apps from official stores (App Store or Google Play).
  • Read the permissions requested by apps: a flashlight app has no reason to access your contacts or location.

Protect your government and financial information

Your most valuable data

Your Social Insurance Number (SIN), your health insurance number (RAMQ), and your banking information are the most sought-after by criminals.

What to do

  • Only share your SIN when absolutely necessary (employer, financial institution, government).
  • Monitor your credit report — you can check it for free through Equifax and TransUnion. A new credit card opened in your name without your knowledge is a sign of identity theft.
  • Shred paper documents containing personal information before throwing them away.
  • Use the secure online services from Revenu Québec and the federal government (My Account) — make sure the address starts with https://.

Useful Quebec resources

Resource What it offers
Canadian Centre for Cyber Security (cyber.gc.ca) Tips, security alerts
Autorité des marchés financiers (lautorite.qc.ca) Report financial fraud
Sûreté du Québec Report a cybercrime (1 888 255-6189)
Canadian Anti-Fraud Centre (antifraudcentre.ca) Report a scam
Protégez-Vous Consumer articles on cybersecurity

In summary: The top 5 habits to adopt today

  1. Password manager — install Bitwarden (free) today
  2. 2FA enabled — start with your email account
  3. Automatic updates — enable them on your phone and computer
  4. Monthly backup — an external drive unplugged after each use
  5. Default caution — if a message creates urgency, it's suspicious

Final reminder: Cybersecurity is like wearing a seatbelt. At first it feels like a hassle, but it quickly becomes second nature. And the day you need it, you'll be really glad you buckled up.