Best Practices for Identity Theft Protection of Devices

This week’s blog is adapted from a recent article by Lisa Gerstner from Kiplinger’s Personal Finance. She addresses what to do of your personal computer, smartphone, or other device is lost or stolen. We all know these devices are embedded with a treasure trove of personal information.

A thief who steals your device may be able to access your e-mail, view sensitive documents as well as gain access to your personal finances.

Always lock your devices with a fingerprint sensor, a password or a PIN—one with six or more characters, if possible. Password-protect banking, wallet and other sensitive apps, too. When you get notifications to download updates for your operating system, antivirus software and other programs, do it right away because they may patch security flaws. But never click on a link or attachment in a text message or e-mail from an unfamiliar source (or from what appears to be a familiar source, if anything about the message looks fishy) because it could infect your device with malware.

No matter how tempted you are, be sure that you are only using trusted Wi-Fi networks, preferably ones that are password-protected. Although encrypted Web sites (those that begin with “https”) add protection by making your activities unreadable by hackers, it’s better to be safe than sorry.

When using Wi-Fi, avoid online banking and other sensitive transactions. If you travel a lot, consider using a personal Virtual Private Network (VPN), which provides a secure network.

Before you download a mobile app, read reviews, check its privacy policy and permissions, and visit its Web site to see whether it looks legitimate. If an app requires, say, access to your phone’s camera or GPS for no apparent reason, take a pass on it. Be especially cautious with apps from the Google Play store because anyone can place an app on that market. Apple screens apps more rigorously.

With remote tracking and wiping capability, you can find a stolen or lost device’s location and erase its contents. Users of Apple’s computers, tablets and phones can set up the option through iCloud and with the Find My iPhone app. Android owners can use Google’s Android Device Manager app.

For more on best practices in the realm of identity theft protection, please visit www.hvshred.com

Identity Theft Protection in “The Internet of Things”

In our never-ending effort to keep our community informed of the best practices is identity theft protection, this week we adapt a recent post from the “Stop.  Think. Connect.” blog posted by the Department Of Homeland Security.  The post explains how important it is that we recognize that we now live in a “smart world,” where the Internet touches all aspects of our daily lives. We have wearables that track our eating, sleeping, and exercise habits. We utilize devices that provide us with a quicker route on a summer road trip. We own mechanisms that allow us to preheat our oven or adjust our thermostat on our way home from work before we even walk through the door. These types of devices are all part of our new, more connected world – commonly referred to as the Internet of Things.

The Internet of Things includes objects or devices that send or receive data automatically via the Internet. As more devices and objects become connected to the Internet – from phones and tablets to homes, vehicles, and medical devices – it is important to realize that the security of these devices is not always guaranteed.

Why does it matter?

  • 1.8 billion: the number of smartphone users*
  • 50 billion: the number of connected devices expected by 2020 (that’s 1 person to every 7 devices)*
  • $5 trillion: the amount the IoT market is expected to grow over the next 6 years*

Though this technology brings many conveniences to our lives, it also requires that we share more information than ever. Here are three simple steps to take to secure the devices that hold your valuable personal information.

  • Keep a clean machine. Just like your smartphone or laptop, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the mobile applications you use to control the device.
  • Think twice about your device. Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.
  • Secure your network. Properly secure the wireless network you use to connect Internet-enabled devices.

For more information and tips on identity theft protection, please visit www.hvshred.com

*National Cyber Security Alliance Internet of Things Infographic

Local, Personalized Total Data Security Solution

As we embark on a new school year, we’d like to “school” our blog community with some tips for how to tell one shredding service apart from another.

We encourage all businesses and individuals wherever they are and how small or large the service to THINK LOCAL FIRST.

Local businesses like HV Shred are more likely to be invested in the local community. At HV Shred, our owners are involved with the day to day business–we take the service personally–and we feel service in the community is a premium. That’s why our president Judith Papo is a Rotarian, an active member of the Mid Hudson Chapter CPA Society, as well as active in the local chambers.

In addition, HV Shred focuses on keeping the service simple and straightforward. No hassles with sorting of folders–we even shred hard cover books and spiral notebooks.

Newly added is our hard drive shredder. We can now shred hard drives in seconds right on sight! Electronics recycling is part of our offerings as well.

We are the total data security solution for local businesses.

And everything we shred gets recycled–our clients helped us save over 2000 trees in August alone!

Please visit our newly updated website for more information www.hvshred.com

Best Practices with Security Questions

Continuing with our theme of best practices for identity theft protection and building on last week’s post of strong passwords, this week we highlight those security questions. This post too is adapted from a recent post on OnGuard On Line by Whitney Merrill Legal Fellow, Division of Privacy and Identity Theft Protection, FTC.

If you forget your password or sometimes just as additional security, many companies require you to answer security questions to regain access. Here are some tips to make sure an attacker can’t use your security questions as a way to get into your account:

  • Select security questions where only you know the answer. Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, birth place. That is information a motivated attacker can obtain.
  • Don’t use answers to security questions that can be guessed. An attacker can guess the answer to a security question that has a limited number of responses (dates, colors, states, countries). Avoid questions like “What state were you born in?” or “What color was your first car?” which allow an attacker to guess all possible answers.
  • Don’t give a generic answer to a security question. Find an answer to a security question that you will remember but is also more complicated than a generic word. For example, if the security question asks “What is your favorite childhood memory?” the answer “watching the Dodgers with my mom” is more secure than “baseball.”

For more on best practices when it comes to identity theft protection, please visit www.hvshred.com

A Refresher On Strong Passwords

Best practices for identity theft protection is a theme of our HV Shred Blog. A recent post on On-Guard On-Line by Whitney Merrill Legal Fellow, Division of Privacy and Identity Protection, FTC is a good refresher when it comes to password common sense.

When the time comes to create another password, be sure it a secure one. A little extra attention when you create a strong password can prevent an attacker from getting access to your account.

Your password should be long, complex, and unique. Here are additional steps you can take to help create strong passwords and secure your accounts:

  • Avoid common words, phrases, or information. Don’t use information available to others like your birthday, phone number, or Social Security number. Attackers often use a dictionary of previously exposed passwords and information gathered from the internet to help them guess a password.
  • Change passwords quickly if there is a breach. Attackers who steal data from companies often obtain password information. If you receive a notification from a company about a possible breach, change that password and any account that uses a similar password immediately.
  • Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a password manager, an easy-to-access application that allows you store all your valuable password information in one place. Use a strong password to secure the information in your password manager.

For more on best practices for identity theft protection, please visit www.hvshred.com

Ransomware is Still a Problem

This week we turn again to the “IC3” Internet Crime Complaint Center established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.

According to I-062315-PSA data from the FBI’s Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. Recent IC3 reporting identifies CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses. Between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.

The problem begins when the victim clicks on an infected advertisement, email, or attachment, or visits an infected website. Once the victim’s device is infected with the ransomware variant, the victim’s files become encrypted. In most cases, once the victim pays a ransom fee, he or she regains access to the files that were encrypted.

If you believe you have been a victim of this type of scam, you should reach out to your local FBI field office. You may also file a complaint with the IC3 at www.IC3.gov. Please provide any relevant information in your complaint.

Tips to protect yourself:

  • Always use antivirus software and a firewall. It’s important to obtain and use antivirus software and firewalls from reputable companies.
  • Enable popup blockers. Popups are regularly used by criminals to spread malicious software.
  • Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you.
  • Be skeptical. Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether.

For the latest on internet safety and identity theft best practices, please regularly check in to our website www.hvshred.com

Heartbreak Scammers Nabbed

In a recent blog by Lois C. Greisman Associate Director, Division of Marketing Practices, FTC, the latest trend is to add insult to injury.


Among the latest scams is hackers using the on-line dating sites to steal identities.  Heart break in this case leads also to heart burn and even worse depending.

On-Guard On Line is always on top of reporting imposter scams. In recent months, we’ve told you about IRS imposters, romance scams, and work-at-home scams. We always give you tips on how to spot and avoid these scams. We tell you about the cases we’ve brought to shut down the scammers. But, as a civil law enforcement agency, we don’t often get to tell you about the criminal charges brought against the scammers. Until today.

The Department of Justice (DOJ) recently announced the extradition of six Nigerian nationals from South Africa to Mississippi to face a nine-count federal indictment for various Internet frauds. These six people join 15 others who were previously charged with, among other things, conspiracy to commit mail fraud, wire fraud, bank fraud, identity theft, and money laundering.

What were the scams? According to the indictment, the defendants found and reached out to their potential victims through online dating websites and work-at-home opportunities. In some cases, they carried on so-called romantic relationships with their targets, trying to get their victims to do things like re-ship merchandise purchased with stolen credit cards, deposit counterfeit checks, and send money to the defendants – whether via wiring money or sending prepaid debit cards.

Here’s where you come in. If you know someone who lost money or information to romance, reshipping, fake check, or work-at-home scammers, please tell them to visit DOJ’s announcement. Why? Because there’s a list of aliases and email addresses that the defendants allegedly used in carrying out these scams. If you recognize a name or email address, you could help in the investigation of these crimes.

It’s not every day you get to help lock up alleged bad guys. Unless, of course, you work at the Department of Justice, the US Postal Inspection Service, or Homeland Security Investigations – all of which had a hand in this case. Please check out the list and see if you might have information to share with the investigators.

This points to the need for the entire community local, national, and global to work together to help deter, detect, and defend against identity theft.  For more information, please visit www.hvshred.com

The RIght & Responsibility to Vacation Safety

Once again turning to a favorite resource, we adapt the latest entry by Consume Education Specialist Amy Hebert from the FTC’s On Guard On Line website.

The focus this week is on safe travel arrangements.  Whether you travel a lot or just a little, you’ve probably gone online to book a hotel stay. Sometimes you might find a travel comparison site gets you the best deal. Other times, you might book directly at a hotel’s website — maybe to earn points for the company’s reward program, or because you have some special requests for your stay.

For those times you’re looking to book directly with a hotel, make sure that’s what you’re doing. The FTC has heard from people who searched online and thought they were booking on a hotel website, only to find they’d unknowingly been doing business with someone else.

The confusion resulted in problems like:

  • arriving and finding no reservation
  • having trouble canceling or modifying a reservation, or disputing charges through the hotel
  • finding reserved rooms didn’t reflect special requests like disability access
  • being charged undisclosed fees
  • paying a higher rate than what’s advertised by the hotel
  • getting credit card charges from the third party, not the hotel
  • not earning points with their hotel reward program

It can be hard to tell that you’re not on the hotel’s site. You might see a hotel’s name in the URL, or call the number shown next to the hotel’s address and not realize it’s the reservation company — not the hotel — you’re talking to.

Your best bet to avoid surprises — look closely at your search results. If you know you want to deal directly with a hotel, take the time to look for signs you might be on a third-party site, like another company’s logo. It’s also a good idea to find the hotel phone number yourself, rather than rely on what’s listed on the site.

Keep checking for more information for best practices in identity theft protection and safety on line at www.hvshred.com

Efficiency & Economy of On-site Shredding

There are many reasons you should be using a shredding vendor to handle the destruction of your confidential documents, but the biggest motive for businesses to outsource this task is always security. Proper document destruction means compliance, because non-compliance can be costly, embarrassing, and have long-term financial effects, not to mention your brand’s name will be indefinitely tarnished.

Many federal and state laws govern how you handle your confidential documents and the record retention policies your business must abide by. Often times, businesses will stockpile their records for far longer than necessary, so it’s imperative to know when and how often you should destroy old documents.

To save on storage fees and to keep your records current, it’s recommended to rely on routine document destruction services. This will take the guess work out of when and how long to keep documents, but also alleviate sensitive waste that can pile up in offices, such as human resources departments, tax and finance departments, and healthcare practices.

Why should you consider routine service from HV Shred Shred?

  • There are no required contracts
  • Billing can be set up automatically
  • Options are flexible; we can service your needs weekly, monthly, or anywhere in between
  • Legal Shred is certified with MSA (Mobile Shredding Association), so you know the job will be handled properly and with the utmost care
  • We supply you with all bins
  • We come to you and will shred all of your documents right at your location
  • HV Shred’s routine scheduled service is a great plan for customers that have a legal and ethical obligation to protect their sensitive information on a daily basis, and the most crucial benefit to routine service? It saves money.

With a routine service schedule, we are able to offer competitive pricing for your destruction needs.

To learn more, please visit www.hvshred.com and feel free to contact us immediately via email or phone. We customize the service to suit each company’s specific needs.

Efficiency and Economy of On-Site Shredding

There are many reasons you should be using a shredding vendor to handle the destruction of your confidential documents, but the biggest motive for businesses to outsource this task is always security. Proper document destruction means compliance, because non-compliance can be costly, embarrassing, and have long-term financial effects, not to mention your brand’s name will be indefinitely tarnished.

Many federal and state laws govern how you handle your confidential documents and the record retention policies your business must abide by. Often times, businesses will stockpile their records for far longer than necessary, so it’s imperative to know when and how often you should destroy old documents.

To save on storage fees and to keep your records current, it’s recommended to rely on routine document destruction services. This will take the guess work out of when and how long to keep documents, but also alleviate sensitive waste that can pile up in offices, such as human resources departments, tax and finance departments, and healthcare practices.

Why should you consider routine service from HV Shred Shred?

  • There are no required contracts
  • Billing can be set up automatically
  • Options are flexible; we can service your needs weekly, monthly, or anywhere in between
  • Legal Shred is certified with MSA (Mobile Shredding Association), so you know the job will be handled properly and with the utmost care
  • We supply you with all bins
  • We come to you and will shred all of your documents right at your location

HV Shred’s routine scheduled service is a great plan for customers that have a legal and ethical obligation to protect their sensitive information on a daily basis, and the most crucial benefit to routine service?   It saves money.


With a routine service schedule, we are able to offer competitive pricing for your destruction needs.

To learn more, please visit www.hvshred.com and feel free to contact us immediately via email or phone.  We customize the service to suit each company’s specific needs.