Cybersecurity is an ever-changing landscape. As legitimate businesses reinforce defences with more effective security, cybercriminals craft an improved offence with more aggressive attacks. As the two sides parry back and forth, the nature of electronic threats will evolve. It should come as no surprise to learn that, in addition to the age-old phishing scams and Trojan horses, the arsenal of the average cybercriminals has expanded to include something called ransomware.
Ransomware is a different kind of malware from phishing. Whereas phishing relies on tricking the targeted individual into releasing their confidential information, ransomware doesn’t attempt to steal this information. Instead, its software prevents an individual from accessing their files by unleashing an encryption virus that locks some or all of their data. Rather than collecting this information to defraud money from the unsuspecting user, ransomware restricts access. They use such an complicated encryption that it’s impossible to decrypt without an ecryption key – which cybercriminals using this software will provide for a price.
The number of ransomware attacks has increased over the past three years, with highly successful trojans like CryptoLocker, TorrentLocker, and Cryptowall. According to Intel Security Group (which was previously known as McAfee) the number of ransomware attacks in 2013 more than doubled than those that transpired in 2012. Since then, Symantec has reported a 35% increase in ransomware, affecting not just desktop and laptops but expanding to target smartphones, tablets, and Apple products.
If you or one of your employees have been victim of a ransomware attack, you have two options. Unfortunately, neither of them is in your best interest. Since the encryption on this kind of malware is so advanced, there’s no way to decrypt them. The FBI has officially stated that the only way to get your files back is by paying the ransom. The price of your data will vary depending on your industry and nature of your information, but you can expect to pay anywhere from $200 and $10,000. That can be a bitter pill to swallow; however, so is the alternative. If you can’t pay up, the affected computer is out of commission. You’ll have to replace the device and start from scratch in terms of files.
The latter may end up costing you more time and money than the ransom fee, but there’s no way of knowing these criminals will release your information once their ransom is met. There’s no ‘right’ way to how to handle these attacks. The better alternative is to invest in the appropriate preventative measures so that your business’ electronics are never seized by this newer malware. Training is absolutely essential. Your employees won’t know how to avoid ransomware if they don’t know what it is. Make sure they know how to identify what a ransomware email looks like, and reiterate your policy on downloading files and other attachments.
As you update your staff’s training, take this as an opportunity to evaluate the state of your business’ overall cyber security. It’s important that, in protecting yourself against newer threats, you don’t forget about old ones. When you’re ready to throw out old hard drives and computers, remember that they’re still vulnerable to attack. Thieves can find them and reveal hidden files, even if you had wiped your electronic clean. Before you throw anything out, make sure to call us. We can destroy any device so effectively that there’s no possible way to reconstruct the electronic.
The rate of ransomware may be skyrocketing, but as long as you take the appropriate measures to educate your staff and protect your tech, you won’t have anything to worry about.
May 17th, 2016
We’ve bandied about the consequences of a critical data breach in relation to the various privacy protection laws in this country for years now. But have you ever read these laws on your own? It may come as no surprise to discover that PIPEDA and PHIPA are written in typical legalese, which makes their regulations difficult to understand. Regardless of their complexity, they’re still the law. Not following their directives can result in costly fines and unmeasurable damage to your business’ reputation.
The nature of data breaches will differ from industry to industry and company to company. Some will be negligible while others will blow up on a large scale. Several prominent organizations have studied commercial identity theft and broken it down the averages in black and white, making it easier to understand what’s in store for your company should you suffer from a breach.
Each year, the Ponemon Institute publishes a study on the cost of data breaches. Their fifth (and most recent) survey has shown that the cost of data breaches has continued to rise since the study’s inception. Their report analyzed information provided by companies from over 15 different industries, including medical and healthcare services, retail, financial, and marketing industry. They consolidated the stats and came to an easily disseminated review.
In two years alone, between 2013 and 2015, the number has increased by 23%. As a result, the cost of the average breach has seen exponential growth as well. The statistics are astounding. Every single stolen article or file costs the average company somewhere between $145 and $154. The chances of a breach involving only one confidential record are incredibly unlikely. In fact, the Ponemon study shows the average breach involves approximately 5,000 to 101,000 files. That makes the average cost of a data breach – all told – $3.8 million.
That’s quite a price tag, especially if you’re a relatively small enterprise without the multi-billion dollar revenue of certain multinational companies. This also doesn’t take into account the damage a breach can cause to your reputation. A large data breach can be a PR nightmare. Those clients affected in the theft will resent you for the risk you’ve opened them up to. Meanwhile, future customers will be wary to trust you, as they’ll see you aren’t taking the appropriate security measures to protect their information.
What are the appropriate security measures? Taking the time to invest in employee screening and training, adaptive digital security policies, and reliable document destruction is integral to preventing an attack. As you meet with your CIO, Board of Directors, and IT department to draft a comprehensive security policy, give us a call. We can schedule mobile shredding for your physical and electronic data that fits your needs. Whether that’s once a day or once a month, our fully bonded and uniformed shredding personnel will arrive at your doors and ensure not a single file – paper or otherwise – leave your place of business in a way that can be read and exploited.
Avoid having to pay the price of a data breach. Beef up your security, and give us a call – before it’s too late!
May 10th, 2016
Symantec, the organization behind Norton Anti-Virus and the world leader of cyber security, published a discouraging report recently. In what they call the 2016 Internet Security Threat Report (ISTR), Symantec analyzed the incidences of online security breaches occurring in the previous year. According to their research, 500 million online identities were either stolen or exposed in 2015. And that was only the tip of the iceberg. Their study suggests that companies have underreported the full extent of their data breaches, so the exact number of compromised files and identities is unknown.
Even with some companies’ failure to register their breaches, the reports have increased by 23% since 2014, jumping from 348 identities to 429. The report indicates this raising statistic is due to incomplete website security, targeted phishing campaigns, and the increased use of randsomeware. It’s evident that cyber thieves are ramping up their game, learning new methods to exploit weaknesses in security and bait unsuspecting individuals. As hackers refine their skills, it only makes sense to upgrade your business’ methods of protection. Without evolving along with changing threats, your company will join the ranks of those breached businesses.
In this day and age, it’s rare for a business to operate without having a presence online. Regardless of your industry, it’s likely you have a website, a Google+ page, and profiles on various social media sites like Facebook, Twitter, and LinkedIn. While your Facebook profile (as an example) is protected by Facebook’s security measures, your website is entirely your own responsibility. A well-designed, user-friendly, and protected website can be expensive, but it’s worth the cost. Don’t cut corners when you create, upgrade, and maintain your site. According to the ISTR, three quarters of all websites are vulnerable to cyber-attacks, which cybercriminals take advantage of to infect and steal from the website’s users.
Get your IT department and website admin to beef up your security, and remember this applies to all websites – not just yours. Alert your employees to take care when they use company computers to access the Internet. Inform them of what constitutes a safe website (like verified site certificates, Secure Socket Layers, and firewalls) and where to find this information.
A memo regarding this won’t be enough, as most people will only skim the contents and not absorb the information. We suggest scheduling an online security tutorial for your entire company, so you can go over the facts, the consequences, and the defence against cyberscams. With enough time devoted to this training, you can also teach your employees how to identify and avoid phishing campaigns. These can appear as emails from trusted sources (or even upper-management), and they will ask for the targeted employee to release confidential information like usernames, passwords, and other data.
In a similar vein to phishing emails, you should warn your staff against ransomware viruses. These appear as attachments in emails that, should they be downloaded, can encrypt all of the files on the user’s computers. This software is incredibly advanced, and the only way to crack it is to pay the malware operator’s ransom. Knowing they’ve got you, these cyber criminals can ask for a high price.
We can agree that’s easier (and cheaper) to spend the time and money on proper education, so your employees are less likely to expose the company to threat. If you employ a BYOD (Bring Your Own Device) policy at your company, it’s also a good idea to remind your staff on the safe way to handle their tech. Limit the files that they can store on these devices, and enforce personalized password encryption on every gadget. Whenever you know your employees are upgrading their tech for newer models, schedule our electronic data destruction services. We can provide secured containers for you to collect their discarded devices until you have amassed enough for our mobile shredders to destroy. It doesn’t matter if that takes a few weeks or a few months; you can call us and schedule an appointment.
An educated staff is a protected one. When employees know how to avoid the biggest threats to online security, you can shield your company and avoid becoming a statistic in the next IRTC.
May 5th, 2016
Spring has officially sprung in the GTA, and we’re welcoming it with open arms. Though this past winter was unseasonably warm, it was still too cold for our liking. Now that the days are longer and the temperatures are finally in the double digits, many of us are swinging open the windows and letting that warm breeze flow through our homes. The fresh air will certainly aid in clearing out winter’s bad humours, especially as you start your annual spring cleaning. As you move through your rooms, remember that your home office requires a more discerning cleaning routine than the rest of your house. It’s home to personal and confidential information, so you need to clean, de-clutter, and organize your office with care.
If it’s been awhile since your last clean through, your office can be quite the challenge this April. Utility bills, financial statements, records, receipts, tax refunds, and other miscellaneous documents can take up space on every flat surface, and these towering stacks of paper make your task daunting. You may be tempted to sweep all of these files into an awaiting recycling bin to save on time and stress, but we wouldn’t recommend you do that. Without reviewing their content first before you throw these papers out, you could be setting yourself up for financial mistakes and identity theft.
While some of the receipts you kept out of obligation can see the inside of your recycling bin without any risks, there are other documents that should never be thrown out – period. The original copies of your birth certificate, will, marriage license, and mortgage should be taken from these piles and filed away in a cabinet or desk drawer. You should also keep a hold of car titles, life and auto insurances, investments, and pension plans, taking efforts to file them away with labels so you know where to look when you next want to review them.
Next up are those documents that you need to keep but only for a little while. As we mentioned last month, the Canadian Revenue Agency requires you to retain your old tax returns and any supporting documents for 6 years after you file. The CRA reserves the right to review any return within those 6 years, and if they do, they will request to see any associated paperwork. Should your file be audited and you can’t provide these documents, the CRA may fine you for filing a false statement. Being reviewed and finding out you need to pay a fine because of your poor bookkeeping doesn’t feel good. Avoid the stress of owing the CRA by keeping your tax refunds organized properly for the appropriate time frame.
Once you clear your desk free of the “keepers”, it’s time to turn your eye towards what you need to discard. Some of these documents should never leave your office in an average garbage or recycling container. Those tax returns that exceed 6 years, as well as credit and bank statements, prescriptions, bills, and any other file that shows important contact or account information should never be thrown out with the rest of your recycling. Thieves target residential recycling and garbage bins to find these kinds of documents, as the confidential information they hold can be used to open up fraudulent accounts.
According to idAlerts Canada, the average victim of identity theft ends up paying $2,000 out of pocket to recover from these thefts. Being liable for expenses you didn’t make feels a lot worse than owing the CRA. To make sure you never have to pay for charges made in your name, let us help you with your spring cleaning. Our one-time purge document destruction service can ensure any file you wish to discard is incinerated entirely within our mobile shredders. We’ll even give you a “Certificate of Destruction” as proof that our shredding services will make it impossible for criminals to retrieve your information! So give us a call as you embrace your spring cleaning schedule.
April 21st, 2016
If you’ve been reading the news lately, then you know that cases of identity theft happen right here at home just as often as they do abroad. In many ways, the last 12 months can be seen as a year of identity fraud, and it’s Canada’s fastest rising non-violent crime. It’s also a year in which countless people have fallen victim to elaborate scams, who learnt too late the importance of proper document disposal.
The GTA is no stranger to identity theft. It’s been an ongoing and problematic issue affecting thousands of residents. In April of 2015, there was one incident in particular that rocked the area – and the nation at large. Police caught 33 people involved in a cross-country fraud ring that affected not only those living in the GTA but Halton, Hamilton, as well as communities in Nova Scotia, Quebec, Alberta, and British Columbia. In what the police an “ID lab” the culprits defrauded over $2 million from individuals and banks.
Their success was due to their diversity. They targeted online banking services by issuing malware and using phishing techniques to steal personal information. Once they had a name and contact information, they were able to order new cheques, bank cards, and even IDs for the stolen names to their location. With these pieces of information in their hands, they had access to real people’s bank accounts to drain their savings and use their credit as they wished. They could also create additional false accounts and wrack up serious debts – money that the police doubt the victims will ever recover.
More recently, the Toronto Police uncovered another identity theft ring in February of this year. The fraud lab was located at Bloor and Parliament Street in the downtown core of the city, where criminals used the information found on stolen mail, financial statements, paycheques, and tax slips to open up new cellphone, credit, and payday loan accounts. As the investigation is still ongoing, there’s no way to know how much money these thieves defrauded from individuals.
Any amount of money, however, is too much, which is why it’s so important to keep your personal information safe at all times. When on the Internet, be careful with whom you share your data. Only ever log onto secure networks and only provide information to websites that you can trust. You should also be wary of the email that you receive. Phishing scams will claim to be the CRA or a Canadian financial institution and request that you verify your information by clicking a link. Neither the Government of Canada nor any bank will ask you to do this. If you’re ever suspicious, give the organization a call and verify if they sent it.
In terms of your physical information, you should be very careful with how you send, receive, store, and destroy it. Be mindful of when you’re expecting any financial statements, bills, or new cards in the mail, so you’re aware if anything is late or missing completely. Keep statements, invoices, bills, and receipts for however long you need them for your records. When you’re ready to dispose of them, make sure you employ our mobile shredding services to ensure they go through complete destruction. You can schedule an appointment as often as your routine requires it – whether that’s once a week, once a month, or once a year.
Though identity theft has never been more widespread than it has been now, you can stay safe from those who wish to cause you harm. Stay attentive and get your information destroyed by the professionals. It’s the best way to keep your information out of local identity theft rings.
April 13th, 2016
Time and time again this blog reminds its readers to properly dispose of paper and electronic documents in order to prevent identity theft. We discuss the process of securing your appointment with our mobile shredders so you don’t become the victim. For businesses and healthcare professionals, we explain how document destruction isn’t just our suggestion but the law, as the Government of Canada outlines the appropriate disposal methods to protect consumers. We also give examples of what happens to those organizations and corporations that fail to dispose of their documents correctly, outlining the penalties and fines that they face for their misconduct. What we haven’t gone over are the consequences an individual sustains should their identity be stolen.
No, we’re not suggesting that the Government of Canada will fine you should you let your personal information get into the wrong hands. That would be cruel and unusual punishment! However, once your identity is stolen, you do face significant costs to your time, money, and credit standing. Today, we’d like to go over how a stolen identity can affect you.
When you first realize your identity has been stolen, you’ll immediately cancel all of your cards and accounts. Once you’ve done that, you’ll need to get in to contact with the government, credit unions, and financial institutions to alert them of the situation and to reverse the false charges made in your name.
On paper, it sounds easy. But if you’ve ever been on hold for Service Canada or Master Card, then you know that this won’t be a simple 5-minute phone call. Getting in touch with all of the organizations involved in your finances takes time. In fact, it’s estimated that it takes 600 hours to recover. Back to back, that amounts to 25 full days.
Even with all of these hours logged and all of your efforts dedicated, you might not be able to reverse the effects of the theft from your record completely. Sometimes, you’ll have difficulty with future insurance and credit card accounts as you encounter increased interest rates and fees due to your history. You may end up having to pay for some charges or any legal assistance you require while refuting the charges. The average victim ends up spending $2,000 of their own money to cover these expenses.
Being responsible for 2 grand is a slap in the face for anyone who’s just spent 600 hours setting their financial records straight. Frustrating doesn’t even cover it. It can be downright devastating, especially if you were already struggling financially before your identity was stolen. It might not be the Government of Canada doling out fines, but these consequences certainly feel like punishments for being a victim.
That’s why it’s so important to take the appropriate steps to avoid ever being a victim. Protect your personal information by keeping cards, documents, and electronics safe. When you’re ready to dispose of anything that may contain financial accounts or your SIN, speak with one of our representatives to learn about our document shredding services. We can schedule a document destruction appointment and shred any paper files or electronics that you need. Preventing identity theft and avoiding these consequences is that easy – just give us a call.
April 8th, 2016
Identity theft: it happens more often than you think. According to Trans Union and Equifax, the country’s top two credit bureaus, they receive anywhere between 1,400 and 1,800 identity theft complaints from Canadians every month! Those numbers aren’t very encouraging. To think you can avoid becoming victim of identity theft by sheer luck alone isn’t just optimistic, it’s downright dangerous. Without a proper system in place to protect your confidential material, you (or your business) could very well be another number to prove these statistics right.
When you’re ready to throw out your documents – stop. Files with your name, contact information, account numbers, or – worst of all – your SIN should never see the inside of your garbage or recycling bins. Bills, financial statements, and old tax returns hold the keys to unlocking your identity, and criminals actively search through garbage to get their hands on this information. All they need is a name and a few crucial numbers to start opening false accounts under your name.
As Shereen Zink found out, these accounts can rack up quite a bit of money. In her particular case, identity thieves used her name and SIN to open an account with Bell Canada. When the account went overdue, Bell came calling for the bill that amounted to $3,500. Eventually, Zink was able to prove to the phone company that she did not open or use the account, but this process took 8 long months.
No one wants to get entangled in a legal battle with a company over money they didn’t spend. That’s why it’s essential that you use our secure document disposal services whenever you need to get rid of important paper documents. These services destroy any files into pieces so small there’s no hope of them being recovered.
But why specifically is a local company better? Because it’s as simple as it is secure. As a shredding service local to the GTA, we’ve streamlined our process to eliminate any weaknesses in security. The steps that we take to destroy your material are few, secure, and straight forward. We operate with a small crew of fully bonded service representatives who arrive to your home or place of business with one of our mobile shredding trucks where they’ll shred your documents on site. These representatives and our trucks adhere to standards set by the National Association for Information Destructions (NAID) to ensure the utmost confidentiality. Once completed, we can supply a “Guarantee of Destruction” before our representatives deliver the pulverized paper to a secure recycling facility.
It’s as simple as that. There are no elaborate methods of acquiring, shredding, or recycling your documents. You simply only have to schedule an appointment, and we’ll meet you wherever you are. Our service representatives will transport your collected material to our shredders under your watchful eye.
If you’re ready to protect yourself from potential identity theft, check out our services. See if you require a one-time purge or a regular pick-up for the amount of paper or electronics that you produce. Then you only need to call or request an online quote to schedule our services. Once we dispose of your confident documents with our guaranteed certainty, you can rest assured you’ll avoid being a victim!
March 22nd, 2016