The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
As the world leader in paper shredding, we ensure your documents are securely destroyed.
Hard drives could cost you millions in a data breach. Physically destroy your electronic data.
Get a Quote
Back To Information Security Resources
For organizations of all sizes, preventing fraud is better than dealing with the tough consequences. In this issue we will discuss the growing threat of identity crimes directed against businesses and the legal response from the Canadian government.
Download PDF Version
As identity theft continues to be the fastest growing form of consumer fraud, government bodies have made the protection of personal information a priority. However, a growing trend is proving that it’s not just customer data that thieves are after. Fraudsters are now obtaining information about companies and assuming their business identities in order to steal company assets, client lists and credit information or secure new business relationships and payments. Canadian companies large and small are vulnerable to breaches in data security and risk financial damages and reputational losses resulting from business identity theft.
Research by the Canadian Anti-Fraud Centre shows that there were over 4,500 identity theft victims and more than 17, 000 reported cases of identity fraud in Canada in 2011, with a total dollar loss of over $13,000,000 1. Shockingly, it’s estimated that these figures only represent 5 per cent of victims. In reality, identity theft is a serious criminal activity that is not only becoming increasingly lucrative, but is easily happening across borders 2. Identity thieves can be third-parties, employees, competitors and even suppliers—and they are using increasingly sophisticated measures to steal confidential business data and commit business identity fraud.
With all the risks associated with data breaches, why don’t more business owners report the theft of company information? In some cases, large companies don’t notice small breaches in their data security structures until after fraud has been committed. Medium-sized and small businesses owners often don’t report information breaches, because they believe that their operations would be adversely affected if the breach were publicized. Finally, according to a Globe and Mail report, there is little incentive for companies to report business identity theft committed against them because law enforcement tends to prioritize the investigation of consumer or individual identity theft over that of businesses.
In 2009 Bill S-4 created three new core Criminal Code offences targeting identity-related crime, including obtaining and possessing identity information with the intention of using it unlawfully, trafficking in identity information and unlawfully possessing or trafficking in government-issue identity documents.
These amendments to Canadian identity crime law also created a new sentencing power, where courts can order offenders to pay restitution to identity theft or identity fraud victims. The restitution is based on the costs needed for the victim to restore their identity, such as the cost of replacing identity cards and documents as well as correcting their credit history. The courts also have an existing ability to order restitution for actual economic or property losses 3. However, it is also important to note that Bill C-29, a 2010 amendment to the Personal Information Protection and Electronic Documents Act (PIPEDA) clarified that existing provisions against the sharing of individuals’ personal information do not apply to business details.
Theft of paper documents and electronic data occurs in many forms, from dumpster-diving to hacking into company networks Often, fraud is committed when files are left out in the open and visitors are able to steal, copy or snap a photo of information that should be kept confidential. Furthermore, some organizations do not take proper steps to securely destroy their private data.
The growing mobile workforce and shift to cloud computing are leaving organizations increasingly vulnerable to electronic security breaches and the theft of sensitive business data online. A 2011 RCMP report warned that security risks were rising as more and more businesses are choosing to cut costs by switching to cloud computing for the storage of their information. This leaves business information stored in remote third-party servers, which are sometimes in an online space that can be hacked or accessed by fraudsters, and that are also regulated by the laws of other countries that cannot be enforced in Canada 4.
Consider how identity thieves are stealing the information required to assume a company’s identity and take steps to prevent it. Here are some tips to help you ward of fraudsters:
To learn more about Shred-it services or to book your FREE security assessment visit www.shredit.com.
You can also visit Shred-it on Facebook and LinkedIn or follow us on Twitter at @Shredit.
Fill out the form or call 888.750.6450 to start protecting your business today!