When an email from a senior executive directs employees working in accounting or finance to make wire transfers, payments or purchases – it pays to ensure that the request is legitimate and not a so-called “CEO scam.”
Targeting small businesses and large corporations alike, the scam involves fraudsters impersonating a senior company executive and sending urgent, confidential – and often realistic-looking – messages designed to trick employees into wiring money to a third party. This scheme, which has cost businesses large sums of money, is one of the many scams directed at companies globally.
In Canada, awareness about fraudulent activity is growing among individuals and businesses, but Paul Saabas, vice president of Stericycle, the provider of Shred-it information security solutions, believes this knowledge doesn’t always translate into adequate strategies for reducing vulnerability and exposure.
As identity theft, fraud and breaches continue to grow, understanding risk factors can help businesses be better prepared, he suggests. “We tend to hear a lot about cybersecurity, but less attention is being paid to physical material.”
Forbes Magazine estimates that North American businesses spent over $102-billion (U.S.) on cybersecurity in 2018 – compared to the $12-million (U.S.) Shred-it states was allocated to dealing with information in physical form.
Protecting information on paper is important. Make sure you keep documents away from prying eyes and store them in a secure place. When you print something, pick it up right away.— Paul Saabas, vice president, Stericycle
However, a 2017 Identity Theft Assessment and Prediction Report found that 53 per cent of identity fraud originates from non-digital material, says Mr. Saabas. “This tells us that while it is important to protect digital data, you also need to have a physical document destruction program in place.”
That’s the message Shred-it would like to highlight during Fraud Prevention Month, he says. “Protecting information on paper is important. Make sure you keep documents away from prying eyes and store them in a secure place. When you print something, pick it up right away.”
In addition, files should be cleaned out regularly, and documents that are no longer needed shouldn’t end up in the trash or recycling bins, where they can be easily compromised, says Mr. Saabas.
According to the Shred-it 2018 State of the Industry Report, only 64 per cent of Canadian C-suite executives and 43 per cent of small business owners are confident that their employees understand their data storing and disposal policies.
Rather than guessing what kind of documents could be valuable to fraudsters, Mr. Saabas recommends “a shred-it-all policy, especially since the costs associated with addressing a potential security breach far outweigh the cost of destroying physical documents.”
According to a 2018 study, the average cost of a data breach in Canada is $4.74-million (U.S.) and the average number of breached records is 22,275, he says. “The impact for businesses is substantial and goes beyond financial losses – to include reputational damage and loss of customer trust.”
Given these substantial risks, companies need to make comprehensive fraud prevention measures part of their overall strategy, says Mr. Saabas. Shred-it, for example, offers organizations an end-to-end solution so that their confidential documents are kept safe from the time they are no longer needed to the time they are securely destroyed and recycled.
“Good habits can serve us well, both at home and at work. By properly keeping track of and disposing of documents, we minimize the ability of fraudsters to get their hands on information that could be leveraged for identity theft or other scams,” says Mr. Saabas. “And while fraudulent schemes are constantly evolving and becoming more sophisticated, what stays the same is that awareness can lead to practices that make people and businesses less vulnerable.”
Identity theft can turn your life upside down. Consider the scenario of someone using your personal information to make purchases from your accounts, apply for loans, obtain passports or even receive government benefits. According to the Canadian Anti-Fraud Centre, the incidence of identity theft has been increasing at an average of 33 per cent per year. In 2017, there were 8.9 incidents of identity theft per 100,000 residents in Canada.
“Anyone can be a victim of fraud, irrespective of age, background and profession,” says Paul Saabas, vice president of Stericycle, the provider of Shred-it information security solutions. To prevent fraudsters from accessing material they can exploit, he suggests paying attention to both digital and physical information.
“When I’m working from a Starbucks, for example, I log into my VPN before going into my email to make sure my account is not at risk,” he says. “A lot of people are aware of safe online practices like this. But at the same time, many don’t think twice about throwing documents, envelopes or boarding passes into trash cans or recycling bins.
“Documents and labels can contain information, such as addresses, account numbers or customer history, that can be exploited for fraud in some shape or form,” says Mr. Saabas, who adds that a recent study found that more than half the incidents of identity theft start with non-digital material. “This means we have to be more proactive when it comes to destroying physical documents,” he says.
2019 marks the 15th anniversary of Fraud Prevention Month, an educational campaign advancing knowledge and awareness about fraud among consumers and businesses. Launched in March – and continuing throughout the year – the initiative is organized by the Fraud Prevention Forum, which consists of 104 public- and private-sector organizations and is chaired by the Competition Bureau.
Advertising feature produced by Globe Content Studio. The Globe’s editorial department was not involved.