In the midst of the Sony hack, this seems like a good time to review “Cyber safety”. It’s a realm that impacts businesses and individuals on small and large scale. Beyond embarrassing and expensive, Sony has shown us the mushroom cloud that potentially hovers over each instance.

A joint effort is necessary.

The following blog is adapted from The US Department of Homeland Security’s “Stop. Think. Connect” site.

The Stop.Think.Connect.™ Campaign is a national public awareness effort to guide the nation to a higher level of Internet safety by challenging the American public to be more vigilant about practicing safer online habits. The Stop.Think.Connect. Campaign’s overarching goal is to help Americans understand not only the risks that come with using the Internet, but also the importance of practicing safe online behavior.

To understand and practice cybersecurity, individuals must be able to recognize risks, threats, and vulnerabilities that exist online and their impact at a national and individual level.

Who: Malicious actors intend to cause harm in cyberspace, such as a hacker stealing personal information. Benign actors accidentally cause harm to a network, system, or the Internet, such as an employee who accidentally downloads malware onto their company’s network.

What: Malicious actors exploit the anonymity and vulnerabilities of the Internet using methods that range in sophistication from botnets to viruses. Benign actors introduce threats through simple actions that can range from clicking on an unknown link to using a USB drive.

When: It is impossible to predict when a cyber incident will occur.

Where: Cyberspace, often interchanged with “the Internet” is created by and accessible through computer networks that share information and facilitate communication. Unlike the physical world, cyberspace has no boundaries across air, land, sea, and space.

Why: Benign actors unintentionally and often unknowingly cause harm while malicious actors may have a range of motives, including seeking confidential information, money, credit, prestige, or revenge. There are many risks online, some more serious than others. The majority of cybercriminals are indiscriminate; they target vulnerable computer systems regardless of whether they are part of a government agency, Fortune 500 company, a small business, or belong to a home user.

To minimize risk:

o Set strong passwords, change them regularly, and don’t share them with anyone.

O Keep your operating system, browser, and other critical software optimized by installing updates.

O Maintain an open dialogue with your friends, family, and colleagues about Internet safety.

O Use privacy settings and limit the amount of personal information you post online.

O Be cautious about offers online–if it sounds too good to be true, it probably is.

For more on best practices related to identity theft and related resources, please visit www.hvshred.com

It’s the 11^th hour and many of us are hastily making last minute orders to get that perfect gift in time for Christmas. Still, be mindful of some key aspects of the process to make sure we don’t fall into Identity theft traps along the way.

First and foremost, check the authenticity of the web address or URL. Above the web site at the top of your screen is a rectangular window that contains the web site address (also called the URL or Uniform Resource Locator).

Cyber-thieves have created web sites that look convincingly like the web sites of well known companies.  These sites will capture the credit card numbers of unwary shoppers when they attempt to purchase an item.  The thieves then use the stolen credit card numbers to make fraudulent purchases in the shopper’s name.  If these shoppers had checked the URL at the top of the screen, they could have noticed that it was not the same URL as the real company.

The following items shown on your web browser will indicate a connection to a secure web site.

• https:// The “s” that is displayed after “http” indicates that web site is secure.  Often, you do not see the “s” until you actually move to the order page on the web site.
• A closed yellow padlock displayed at the bottom of your screen or next to your URL box.  If that lock is open, you should assume it is not a secure site.

It’s also a good idea to research the vendor or website. Do business with companies you already know.  If the company is unfamiliar, investigate their authenticity and credibility. Conduct an internet search (i.e. Google, Yahoo) for the company name. The results should usually provide both positive and negative comments about the company. If there are no results, be extremely wary. Reliable companies should advertise their business address and at least one phone number, either customer service or an order line. Call the phone number and ask questions to determine if the business is legitimate.  Ask how the merchant handles returned merchandise and complaints.  Find out if it offers full refunds or only store credits.

Always advocates of “buy local”, when you shop on a website of a business that has locations within the U.S.  These stores must follow specific state and federal consumer laws.  You might not get the same protection if you place an order with a company located in another country.

Wishing all a very happy holiday season safe from identity theft and full of friends and family!

For more on identity theft protection, please visit www.hvshred.com

Thanks to Karen Shan for her recent article in the Poughkeepsie Journal reminding the community of the importance of safely disposing of electronic waste. HV Shred is all about secure and safe disposal of confidential paperwork and oftentimes we get requests regarding what to do with electronic waste.

In addition to paper shredding, we also securely destroy hard drives. When it comes to key boards, monitors, printers, phones and other fast becoming obsolete electrical equipment, it is critical to keep in mind safe disposal.

Our colleagues at Royal Carting are a particularly good resource for this type of material. In the article, Attorney James P. Constantino, partner at Teahan & Constantino in Millbrook, who is general counsel for Royal Carting Service in Hopewell Junction explained that tech gear contains serious contaminants, such as lead, mercury, cadmium, manganese, arsenic, beryllium, barium and chromium metals, plus other toxic chemicals/compounds, such as phosphorus.

Constantino explained the importance of managing this waste stream/commodity and keeping it out of landfills and out of our ground water as critical for the health and safety of all of our citizens—particularly young children whose growth and development could be negatively impacted.

Among the products recycled by Royal Carting are: televisions, monitors, personal computers and associated equipment, printers, scanners, VCR/DVR/DVD players, portable digital music players, electronic or video game consoles, cellphones and more.

Locally, Royal Carting accepts, separates and stores e-waste at its Hopewell Junction and Wingdale transfer stations, with the goods subsequently transported to Regional Computer Recycling & Recovery for recycling and recovery processing. As well, the company files annual reports with the DEC to account for e-waste disposal.

Our Judith Papo was quoted in the article as well, noting: “Number one is reduce,” said Papo. “On the ‘reduce, reuse, recycle,’ priority one is reduce.”

For more information on proper e-recycling as well as secure document destruction, please visit www.hvshred.com

We have often broadcast valuable information we have found on the “OnGuardOnline” blog organized by the Federal Trade Commission–the government agency charged with, among other things, consumer protection including the pitfalls of identity theft.

Recently, the blog encouraged readers to remember the FTC has many a resource in brochure form and other types of resources to facilitate identity theft education. The best part is IT’S FREE!!! The idea is to create an army of citizen soldiers armed with valuable information. When one person is informed with how to avoid the pitfalls of identity theft, we are protected better on a national level. This is an expensive problem for our country at large. The FTC has brochures on ID Theft protection, online safety handouts; bookmarks about charity fraud and more. The new and better bulk order site is your gateway to almost 200 free publications for consumers and businesses.

The site helps you tailor your search to the audience, topic, type of material and language that matter to you. And you can choose the quantity you need. Not only are the resources free–so is the shipping!

You can:

Sort by audience to find material that suits your crowd; we have items for consumers, parents and teachers, consumer advocates and business people.

Sort to see what’s available in English, Spanish, Chinese, Korean and other languages. All items are described in English, so you can order even if you don’t speak another language.

Search for publications in nine topic categories ranging from Scams to Health to Homes & Mortgages.

Sort the contents by campaign to view all of the materials related to FTC campaigns like Pass It On, Identity Theft or Immigration.

Inspired? Visit ftc.gov/bulkorder and order up to date, easy to use information.

Another great resource for identity theft protection is www.hvshred.com

Identity theft scammers are, above all, opportunistic. With Halloween on the horizon, a Halloween scam was sure to be close by. Believe it or not, Halloween is the second most consumer driven holiday, nipping on the heels of Christmas in terms of how much money is spent each year. Experts say real nightmare scams can occur if shoppers aren’t careful.

The focus of these scams are the pop-up Halloween online stores, the here today, gone tomorrow costumers that show up on the Internet each October.

Local authorities receive countless complaints each year regarding these fly-by-night operations, committing to sending you your costume overnight. The majority of the complaints center on websites not delivering merchandise in a timely manner, if at all. The storefront operations most cited complaints were of the poor quality of merchandise and the difficulty of obtaining refunds.

The best defense is to keep your guard up. If it seems too good to be true, it likely is.

Not to mention, at HV Shred we are big proponents of “Think Local First”; please consider doing your shopping up close and personal with local mom and pops in your neighborhood. You’ll have much safer experience and likely feel good about the purchase as well since it will be supporting your local economy.

For more on identity theft best practices, please visit www.hvshred.com

It’s good to review the basics every now and again. This week’s blog focuses on the elements of the Disposal Rule as defined by the FTC–the government agency charged with overseeing identity theft protection.

The Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to – or use of – information in a consumer report. For example, reasonable measures for disposing of consumer report information could include establishing and complying with policies to:

(1) Burn, pulverize, or shred papers containing consumer report information so that the information cannot be read or reconstructed;
(2) Destroy or erase electronic files or media containing consumer report information so that the information cannot be read or reconstructed;
(3) Conduct due diligence and hire a document destruction contractor to dispose of material specifically identified as consumer report information consistent with the Rule. Due diligence could include:
a. Reviewing an independent audit of a disposal company’s operations and/or its compliance with the Rule;
b. Obtaining information about the disposal company from several references;
c. Requiring that the disposal company be certified by a recognized trade association;
d. Reviewing and evaluating the disposal company’s information security policies or procedures.

The FTC says that financial institutions that are subject to both the Disposal Rule and the Gramm-Leach-Bliley (GLB) Safeguards Rule should incorporate practices dealing with the proper disposal of consumer information into the information security program that the Safeguards Rule requires (ftc.gov/privacy/privacyinitiatives/safeguards.html).

The Fair and Accurate Credit Transactions Act, which was enacted in 2003, directed the FTC, the Federal Reserve Board, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, the National Credit Union Administration, and the Securities and Exchange Commission to adopt comparable and consistent rules regarding the disposal of sensitive consumer report information. The FTC’s Disposal Rule became effective June 1, 2005. It was published in the Federal Register on November 24, 2004 [69 Fed. Reg. 68,690], and is available at ftc.gov/os/2004/11/041118disposalfrn.pdf.

On site shredding service is a powerful way to comply. For more information, please visit www.hvshred.com