When an email from a senior executive directs employees working in accounting or finance to make wire transfers, payments, or purchases – it pays to ensure that the request is legitimate and not a so-called “CEO scam.”

Targeting small businesses and large corporations alike, the scam involves fraudsters impersonating a senior company executive and sending urgent, confidential – and often realistic-looking – messages designed to trick employees into wiring money to a third party.

This scheme, which has cost businesses large sums of money, is one of the many scams directed at companies globally. In Canada, awareness about fraudulent activity is growing among individuals and businesses, but Paul Saabas, vice president of Stericycle, the provider of Shred-it information security solutions, believes this knowledge doesn’t always translate into adequate strategies for reducing vulnerability and exposure.

March is fraud awareness month. As scammers become more sophisticated, all Canadians need to stay alert. One resource is the Canadian Competition Bureau’s free Little Black Book of Scams, released on the website March 1.

As identity theft, fraud and breaches continue to grow, understanding risk factors can help businesses be better prepared, he suggests. “We tend to hear a lot about cybersecurity, but less attention is being paid to physical material.”

‘Protecting information on paper is important. Make sure you keep documents away from prying eyes and store them in a secure place. When you print something, pick it up right away.’ – Paul Saabas, Vice President, Stericycle

Forbes Magazine estimates that North American businesses spent over $102-billion (U.S.) on cybersecurity in 2018 – compared to the $12-million (U.S.) Shred-it states was allocated to dealing with information in physical form.

However, a 2017 Identity Theft Assessment and Prediction Report found that 53 per cent of identity fraud originates from non-digital material, says Mr. Saabas. “This tells us that while it is important to protect digital data, you also need to have a physical document destruction program in place.”

That’s the message Shred-it would like to highlight during Fraud Prevention Month, he says. “Protecting information on paper is important. Make sure you keep documents away from prying eyes and store them in a secure place. When you print something, pick it up right away.”

In addition, files should be cleaned out regularly, and documents that are no longer needed shouldn’t end up in the trash or recycling bins, where they can be easily compromised, says Mr. Saabas.
According to the Shred-it 2018 State of the Industry Report, only 64 per cent of Canadian C-suite executives and 43 per cent of small business owners are confident that their employees understand their data storing and disposal policies.

Rather than guessing what kind of documents could be valuable to fraudsters, Mr. Saabas recommends “a shred-it-all policy, especially since the costs associated with addressing a potential security breach far outweigh the cost of destroying physical documents.”

According to a 2018 study, the average cost of a data breach in Canada is $4.74-million (U.S.) and the average number of breached records is 22,275, he says. “The impact for businesses is substantial and goes beyond financial losses – to include reputational damage and loss of customer trust.”

Given these substantial risks, companies need to make comprehensive fraud prevention measures part of their overall strategy, says Mr. Saabas. Shred-it, for example, offers organizations an end-to-end solution so that their confidential documents are kept safe from the time they are no longer needed to the time they are securely destroyed and recycled.

“Good habits can serve us well, both at home and at work. By properly keeping track of and disposing of documents, we minimize the ability of fraudsters to get their hands on information that could be leveraged for identity theft or other scams,” says Mr. Saabas.

“And while fraudulent schemes are constantly evolving and becoming more sophisticated, what stays the same is that awareness can lead to practices that make people and businesses less vulnerable.”

From the Globe and Mail (BC Edition) – 7 Mar 2019