You don’t have to be in the legal field to appreciate the need for a secure chain of custody. The way you and your business obtains, records, shares, and disposes of paper and electronic documents is important, regardless of your industry. Implementing fortified policies that secure physical and digital data is one of the best measures you can take to prevent fraud, but it isn’t the only way to protect your confidential material. A sound network security deters hackers from preying on your organization, but it does nothing to prevent something as simple as human error from threatening your company.
You can have the most sophisticated system put in place to safeguard your files, but they’re only effective when all of your employees can follow them. A simple mistake, whether through malice or ignorance, can negate the intricate physical and technological securities you have. You may have the utmost faith in your employees, but employee negligence is the one of the number one causes of fraud. According to the Ponemon Institute, over 80% of all corporate data breaches were due to human error. A fact confirmed by the Identity Theft Resource Centre (ITRC) and the Privacy Rights Clearinghouse, both of which presented similar findings through independent studies. All it takes is an accidental email, a misplaced company phone, or mishandled files, and all of your elaborate precautions can be for naught.
When people are the weakest link in your chain of custody, it’s important that you invest in regular training. A one-time afternoon spent going over policies and procedures isn’t enough; people will eventually forget one or all of the steps involved in securing data and they’ll jeopardize the company when they do.
Next to education, limiting access to confidential material to top personnel only is another way you can secure the lines of information. Minimize contact by handing over the destruction of sensitive paper and digital files to a service that specializes in safe methods of removal.
As a NAID certified shredding service, we’re well-informed of the best ways to dispose of vulnerable material. We supply your office with locked containers to collect the paper and electronics that you need destroyed. These sealed bins, boxes, or bags can’t be accessed by anyone but our bonded, insured, and uniformed personnel, thus reducing the number of people who have the ability to read or retrieve any discarded information. Once these containers are full, our shredding experts will come to you, and they’ll shred your collected material on-site – after which they’ll deliver the destroyed contents to a secured recycling facility. There are no intermediaries or other employees involved in any of these steps; just our small group of dependable representatives.
When you limit the number of people who have access to important information, you’re strengthening the security policies that you put in place. Consider the lengthy chain of custody you currently have. If it involves far too many employees, give us a call. We can set up a regular pick-up for shredding according to your schedule. Whether that’s weekly, monthly, or something other arrangement, we’ll find a schedule that fits with your needs. You only have to pick up the phone!
June 21st, 2016
Funny how you don’t know how much stuff you own until you try to pack it all up. It may not look like a lot spread throughout your home, but as soon as you start gathering it up in boxes, your belongings can seem like they triple. Closest are full to bursting; the spaces under beds are packed; your home office is more paper than furniture. Before you know it, what was supposed to be a quick job turns into a gigantic responsibility. While we might not be able to help you navigate your couch down the stairs and into your moving van, we can assist your move in another way. We can dispose of your papers and electronics to reduce the amount of stuff you have to move.
Purging before a move isn’t news. Moving experts have always advised moving homeowners to carefully go through their stuff before they pack it all up. They suggest sorting your belongings into three piles: keep, discard, and sell or donate. As the foremost security experts in the GTA, we’d like to make an addendum by adding one final category: the shred pile. A lot of the paper and old electronics we keep in our homes contain very important personal data that shouldn’t go into your garbage or recycling bins. By placing these items in the trash, you run the risk of exposing confidential passwords, account numbers, and contact information.
For most people, the biggest collection of paper is in their office. It’s a place where we stash any number of invoices, bills, financial statements, receipts, contracts, and other important data. In the interest of keeping them for ‘just in case’ purposes, these rooms become home to towering piles of paper where desk drawers and filing cabinets are teeming with documents you might not need. Before you know it, the mess can spread to your spare room, garage, or basement.
You could pack all of this up into banker’s boxes and transport the mess from one home to the next, or you can take a proactive step to keep your new house clutter free – and your move a little less painful. Our shredding services can be booked for one-time purges for exactly this reason. All of our shredding is done on-site by fully bonded, insured, and uniformed personnel. If you need time to sort through your various papers before we arrive, we can also provide you with complimentary boxes or bags to help contain the mess.
We also have secure electronic data destruction that you can schedule alongside your paper pickup. Our powerful mobile shredders are strong enough to destroy old hard drives, computers, CD-ROMs, and other various devices. If your basement is a burial ground for obsolete computers, dusty keyboards, and other electronic leftovers from yesteryear, don’t pack these up for your next home. Get them shredded by the experts.
Moving is stressful. It’s considered to be the most anxious life event, preceded only by death and divorce. Why make yours any harder than it has to be by having to pack more than you should — or worse, risking identity theft by throwing out what you shouldn’t. Lighten the load of your move by scheduling a one-time purge with our professional team. Together, we can make your move a little simpler and lot more secure.
June 15th, 2016
We’re strong advocates for the environment. Next to your information’s security, it’s our primary concern, and we’ve built a business around how we can make responsible, green choices in our day-to-day operations. We aren’t the only ones. Large sectors of the corporate world are adopting eco-friendly strategies to create sustainable businesses, including many of the corporations that call the GTA home. Going green at the office (or anywhere else you call work) is a simple yet effective way of making a difference. And it’s easy, too! By making tiny adjustments to your routine, you can create an efficient office that’s environmentally friendly, economical, and secure.
If this is your first foray into green business practices, the road ahead of you can be daunting. It’s especially discouraging when you read about huge corporations making complex renovations to their operations and buildings. Some, like Patagonia, the outdoor equipment clothing company, were founded on these principles, while others, like Bank of America, have adopted policy changes only recently in order to improve their levels of sustainability. While your commitment may rival these and and other eco-friendly business, you budget may not.
Luckily, making green choices doesn’t have to come with a huge price tag. In fact, by adopting sustainable business practices, you’ll save money in the long run. And you won’t be alone making these changeovers. Both the federal and provincial governments provide financial assistance to those businesses that retrofit their offices with energy efficient fixtures and appliances. You can go online to see which tax incentives, rebates, and even loans are available for your green overhaul. For those looking to reduce their use of water, the Government of Ontario provides incentives to help offset the cost of installing efficient drainage systems. For those looking to update their electronics, the Government of Canada offers the Power Saving Blitz program.
There are also tax breaks and rebates that can be used to make smaller changes in the office. With the government’s help, you can convert wasteful light sources to energy efficient compact fluorescent lights (CFL) or light-emitting diode (LED) lighting. It’s as simple as unscrewing one bulb for another. With a little more work, you can install occupancy sensors onto every light switch. This feature will automatically turn off the light source when it can’t detect movement in the room. With these set up, never again will you accidentally leave the lights on over the weekend.
A truly paperless society may be a ways off, but we can get closer to the ideal with the choices we make today. Count down on needless waste by adjusting your company’s platform so that it uses digital records and communications instead of their wasteful paper counterparts. Attachments and memos can be distributed with only a click of a button, making it easier to share ideas between colleagues.
For those documents that must have a physical copy, be sure to use post-consumer waste (PCW) products and packaging. These paper products are manufactured using recycled material that would otherwise be sent to a landfill, which reduces our reliance on newly felled trees in order to create paper. Be wary of how you dispose of these documents when you’re done, too. Most companies now know not to throw the majority of their paper in garbage bins. We’re huge proponents of the 3Rs, and you can never have too many recycling bins in the office and common areas of your organization.
In addition to our shredding service, we provide recycling receptacles for the various businesses that operate in the GTA. From locked bins and consoles to canvas bags and tent cards, we have a variety of containers to store ‘to be recycled’ material. All of our receptacles have been especially designed to store confidential material, so you can feel good about recycling even the most classified financial statements or client records. These containers remain locked until we pick them and shred their contents. We then transport the destroyed material to a secure recycling facility.
Together, we can make a big impact on the environment. For every metric tonne of paper that is shredded and then recycled, 17 trees, over 26,000 litres of water, and 4100khW are saved. As you search tax incentives to retrofit your office, don’t forget to give us a call. Our commercial shredding services can help you make the change to a greener business. These simple changes to your corporate routine can reduce waste, improve energy efficiency, and decrease your negative eco-footprint.
June 10th, 2016
Cybersecurity is an ever-changing landscape. As legitimate businesses reinforce defences with more effective security, cybercriminals craft an improved offence with more aggressive attacks. As the two sides parry back and forth, the nature of electronic threats will evolve. It should come as no surprise to learn that, in addition to the age-old phishing scams and Trojan horses, the arsenal of the average cybercriminals has expanded to include something called ransomware.
Ransomware is a different kind of malware from phishing. Whereas phishing relies on tricking the targeted individual into releasing their confidential information, ransomware doesn’t attempt to steal this information. Instead, its software prevents an individual from accessing their files by unleashing an encryption virus that locks some or all of their data. Rather than collecting this information to defraud money from the unsuspecting user, ransomware restricts access. They use such an complicated encryption that it’s impossible to decrypt without an ecryption key – which cybercriminals using this software will provide for a price.
The number of ransomware attacks has increased over the past three years, with highly successful trojans like CryptoLocker, TorrentLocker, and Cryptowall. According to Intel Security Group (which was previously known as McAfee) the number of ransomware attacks in 2013 more than doubled than those that transpired in 2012. Since then, Symantec has reported a 35% increase in ransomware, affecting not just desktop and laptops but expanding to target smartphones, tablets, and Apple products.
If you or one of your employees have been victim of a ransomware attack, you have two options. Unfortunately, neither of them is in your best interest. Since the encryption on this kind of malware is so advanced, there’s no way to decrypt them. The FBI has officially stated that the only way to get your files back is by paying the ransom. The price of your data will vary depending on your industry and nature of your information, but you can expect to pay anywhere from $200 and $10,000. That can be a bitter pill to swallow; however, so is the alternative. If you can’t pay up, the affected computer is out of commission. You’ll have to replace the device and start from scratch in terms of files.
The latter may end up costing you more time and money than the ransom fee, but there’s no way of knowing these criminals will release your information once their ransom is met. There’s no ‘right’ way to how to handle these attacks. The better alternative is to invest in the appropriate preventative measures so that your business’ electronics are never seized by this newer malware. Training is absolutely essential. Your employees won’t know how to avoid ransomware if they don’t know what it is. Make sure they know how to identify what a ransomware email looks like, and reiterate your policy on downloading files and other attachments.
As you update your staff’s training, take this as an opportunity to evaluate the state of your business’ overall cyber security. It’s important that, in protecting yourself against newer threats, you don’t forget about old ones. When you’re ready to throw out old hard drives and computers, remember that they’re still vulnerable to attack. Thieves can find them and reveal hidden files, even if you had wiped your electronic clean. Before you throw anything out, make sure to call us. We can destroy any device so effectively that there’s no possible way to reconstruct the electronic.
The rate of ransomware may be skyrocketing, but as long as you take the appropriate measures to educate your staff and protect your tech, you won’t have anything to worry about.
May 17th, 2016
We’ve bandied about the consequences of a critical data breach in relation to the various privacy protection laws in this country for years now. But have you ever read these laws on your own? It may come as no surprise to discover that PIPEDA and PHIPA are written in typical legalese, which makes their regulations difficult to understand. Regardless of their complexity, they’re still the law. Not following their directives can result in costly fines and unmeasurable damage to your business’ reputation.
The nature of data breaches will differ from industry to industry and company to company. Some will be negligible while others will blow up on a large scale. Several prominent organizations have studied commercial identity theft and broken it down the averages in black and white, making it easier to understand what’s in store for your company should you suffer from a breach.
Each year, the Ponemon Institute publishes a study on the cost of data breaches. Their fifth (and most recent) survey has shown that the cost of data breaches has continued to rise since the study’s inception. Their report analyzed information provided by companies from over 15 different industries, including medical and healthcare services, retail, financial, and marketing industry. They consolidated the stats and came to an easily disseminated review.
In two years alone, between 2013 and 2015, the number has increased by 23%. As a result, the cost of the average breach has seen exponential growth as well. The statistics are astounding. Every single stolen article or file costs the average company somewhere between $145 and $154. The chances of a breach involving only one confidential record are incredibly unlikely. In fact, the Ponemon study shows the average breach involves approximately 5,000 to 101,000 files. That makes the average cost of a data breach – all told – $3.8 million.
That’s quite a price tag, especially if you’re a relatively small enterprise without the multi-billion dollar revenue of certain multinational companies. This also doesn’t take into account the damage a breach can cause to your reputation. A large data breach can be a PR nightmare. Those clients affected in the theft will resent you for the risk you’ve opened them up to. Meanwhile, future customers will be wary to trust you, as they’ll see you aren’t taking the appropriate security measures to protect their information.
What are the appropriate security measures? Taking the time to invest in employee screening and training, adaptive digital security policies, and reliable document destruction is integral to preventing an attack. As you meet with your CIO, Board of Directors, and IT department to draft a comprehensive security policy, give us a call. We can schedule mobile shredding for your physical and electronic data that fits your needs. Whether that’s once a day or once a month, our fully bonded and uniformed shredding personnel will arrive at your doors and ensure not a single file – paper or otherwise – leave your place of business in a way that can be read and exploited.
Avoid having to pay the price of a data breach. Beef up your security, and give us a call – before it’s too late!
May 10th, 2016
Symantec, the organization behind Norton Anti-Virus and the world leader of cyber security, published a discouraging report recently. In what they call the 2016 Internet Security Threat Report (ISTR), Symantec analyzed the incidences of online security breaches occurring in the previous year. According to their research, 500 million online identities were either stolen or exposed in 2015. And that was only the tip of the iceberg. Their study suggests that companies have underreported the full extent of their data breaches, so the exact number of compromised files and identities is unknown.
Even with some companies’ failure to register their breaches, the reports have increased by 23% since 2014, jumping from 348 identities to 429. The report indicates this raising statistic is due to incomplete website security, targeted phishing campaigns, and the increased use of randsomeware. It’s evident that cyber thieves are ramping up their game, learning new methods to exploit weaknesses in security and bait unsuspecting individuals. As hackers refine their skills, it only makes sense to upgrade your business’ methods of protection. Without evolving along with changing threats, your company will join the ranks of those breached businesses.
In this day and age, it’s rare for a business to operate without having a presence online. Regardless of your industry, it’s likely you have a website, a Google+ page, and profiles on various social media sites like Facebook, Twitter, and LinkedIn. While your Facebook profile (as an example) is protected by Facebook’s security measures, your website is entirely your own responsibility. A well-designed, user-friendly, and protected website can be expensive, but it’s worth the cost. Don’t cut corners when you create, upgrade, and maintain your site. According to the ISTR, three quarters of all websites are vulnerable to cyber-attacks, which cybercriminals take advantage of to infect and steal from the website’s users.
Get your IT department and website admin to beef up your security, and remember this applies to all websites – not just yours. Alert your employees to take care when they use company computers to access the Internet. Inform them of what constitutes a safe website (like verified site certificates, Secure Socket Layers, and firewalls) and where to find this information.
A memo regarding this won’t be enough, as most people will only skim the contents and not absorb the information. We suggest scheduling an online security tutorial for your entire company, so you can go over the facts, the consequences, and the defence against cyberscams. With enough time devoted to this training, you can also teach your employees how to identify and avoid phishing campaigns. These can appear as emails from trusted sources (or even upper-management), and they will ask for the targeted employee to release confidential information like usernames, passwords, and other data.
In a similar vein to phishing emails, you should warn your staff against ransomware viruses. These appear as attachments in emails that, should they be downloaded, can encrypt all of the files on the user’s computers. This software is incredibly advanced, and the only way to crack it is to pay the malware operator’s ransom. Knowing they’ve got you, these cyber criminals can ask for a high price.
We can agree that’s easier (and cheaper) to spend the time and money on proper education, so your employees are less likely to expose the company to threat. If you employ a BYOD (Bring Your Own Device) policy at your company, it’s also a good idea to remind your staff on the safe way to handle their tech. Limit the files that they can store on these devices, and enforce personalized password encryption on every gadget. Whenever you know your employees are upgrading their tech for newer models, schedule our electronic data destruction services. We can provide secured containers for you to collect their discarded devices until you have amassed enough for our mobile shredders to destroy. It doesn’t matter if that takes a few weeks or a few months; you can call us and schedule an appointment.
An educated staff is a protected one. When employees know how to avoid the biggest threats to online security, you can shield your company and avoid becoming a statistic in the next IRTC.
May 5th, 2016
Spring has officially sprung in the GTA, and we’re welcoming it with open arms. Though this past winter was unseasonably warm, it was still too cold for our liking. Now that the days are longer and the temperatures are finally in the double digits, many of us are swinging open the windows and letting that warm breeze flow through our homes. The fresh air will certainly aid in clearing out winter’s bad humours, especially as you start your annual spring cleaning. As you move through your rooms, remember that your home office requires a more discerning cleaning routine than the rest of your house. It’s home to personal and confidential information, so you need to clean, de-clutter, and organize your office with care.
If it’s been awhile since your last clean through, your office can be quite the challenge this April. Utility bills, financial statements, records, receipts, tax refunds, and other miscellaneous documents can take up space on every flat surface, and these towering stacks of paper make your task daunting. You may be tempted to sweep all of these files into an awaiting recycling bin to save on time and stress, but we wouldn’t recommend you do that. Without reviewing their content first before you throw these papers out, you could be setting yourself up for financial mistakes and identity theft.
While some of the receipts you kept out of obligation can see the inside of your recycling bin without any risks, there are other documents that should never be thrown out – period. The original copies of your birth certificate, will, marriage license, and mortgage should be taken from these piles and filed away in a cabinet or desk drawer. You should also keep a hold of car titles, life and auto insurances, investments, and pension plans, taking efforts to file them away with labels so you know where to look when you next want to review them.
Next up are those documents that you need to keep but only for a little while. As we mentioned last month, the Canadian Revenue Agency requires you to retain your old tax returns and any supporting documents for 6 years after you file. The CRA reserves the right to review any return within those 6 years, and if they do, they will request to see any associated paperwork. Should your file be audited and you can’t provide these documents, the CRA may fine you for filing a false statement. Being reviewed and finding out you need to pay a fine because of your poor bookkeeping doesn’t feel good. Avoid the stress of owing the CRA by keeping your tax refunds organized properly for the appropriate time frame.
Once you clear your desk free of the “keepers”, it’s time to turn your eye towards what you need to discard. Some of these documents should never leave your office in an average garbage or recycling container. Those tax returns that exceed 6 years, as well as credit and bank statements, prescriptions, bills, and any other file that shows important contact or account information should never be thrown out with the rest of your recycling. Thieves target residential recycling and garbage bins to find these kinds of documents, as the confidential information they hold can be used to open up fraudulent accounts.
According to idAlerts Canada, the average victim of identity theft ends up paying $2,000 out of pocket to recover from these thefts. Being liable for expenses you didn’t make feels a lot worse than owing the CRA. To make sure you never have to pay for charges made in your name, let us help you with your spring cleaning. Our one-time purge document destruction service can ensure any file you wish to discard is incinerated entirely within our mobile shredders. We’ll even give you a “Certificate of Destruction” as proof that our shredding services will make it impossible for criminals to retrieve your information! So give us a call as you embrace your spring cleaning schedule.
April 21st, 2016