When most people think about identity theft, they picture sophisticated hackers breaking into computer systems from dark rooms halfway around the world. It’s important that you protect yourself from identity theft.
While cybercrime certainly exists, the reality is often much simpler — and much closer to home.Many cases of identity theft don’t begin with advanced technology at all.
They begin with people.
A clicked link.
A rushed decision.
A reused password.
A fake text message that looks legitimate.
That’s all it can take.
Today, our personal information lives almost everywhere:
• online shopping accounts
• banking apps
• payroll systems
• healthcare records
• insurance files
• social media platforms
The convenience of digital life has made everyday tasks easier, but it has also created more opportunities for criminals to gather information piece by piece.
According to the Canadian Anti-Fraud Centre, Canadians reported more than 112,000 fraud cases in 2025, with losses exceeding $704 million. And experts believe many more incidents go unreported.
What’s especially concerning is that identity theft often starts with information we don’t think twice about sharing:
• birthdates
• addresses
• employment details
• usernames
• phone numbers
Individually, these details may seem harmless. Together, they can be used to impersonate someone, access accounts, or commit fraud.
One of the most common examples today is the fake delivery text scam.
You receive a text message that appears to come from a shipping company asking you to confirm delivery details. The message looks professional, so you click the link and enter your information. Days later, unauthorized charges appear on your account.
Another growing threat happens in the workplace.
An employee receives what appears to be an urgent email from a manager requesting payroll information or a wire transfer. The request feels legitimate and time-sensitive, so it gets processed quickly — only to later discover it was fraudulent.
These scams succeed because they rely on human behaviour:
• trust
• urgency
• distraction
• fear of making mistakes
That’s why identity theft is not just a technology issue. It’s a people issue.
Technology can help protect systems, but awareness protects trust.
One of the best habits anyone can develop is simple:
Pause before reacting.
If something feels urgent, emotional, or unusual:
• stop
• verify
• confirm through another channel
That small pause can prevent enormous damage.
In our next blog, we’ll look at five everyday scams Canadians are falling for right now — including AI voice fraud, cloned social media accounts, and online marketplace scams — and what you can do to protect yourself before it happens.
This is part one of a three part series authored by Marlene Lane, MBA, CIAPP-P
About the Author
Marlene Lane is the Principal Consultant at LANEiQ Consulting, based in Sherwood Park, Alberta. LANEiQ helps small and mid-sized businesses and organizations build privacy practices and people systems that protect trust from the inside out, because when people and privacy are aligned, organizations function better, and the people within them feel it.
Connect with Marlene on LinkedIn
As cyberattacks become more frequent and severe, it is increasingly essential for organizations to practice good cyber hygiene to minimize their risk exposure. Cyber hygiene refers to habitual practices ensuring critical data and connected devices are handled safely. Here are some helpful tips for you.
Daily routines, good behaviors and occasional checkups can make all the difference in ensuring an organization’s cyber health is in optimal condition. The following are essential parts of cyber hygiene:
• Passwords—The use of strong and complex passwords—containing at least 12 characters and a mix of upper- and lower-case letters plus symbols and numbers—that are changed regularly is an essential cyber hygiene practice. Users should avoid sharing passwords or repeatedly using them across different accounts. • Multifactor authentication—Important accounts, including email, social media, and banking apps, should require multifactor authentication to limit the opportunity for cybercriminals to steal data. • Data backups—Essential files should be backed up separately, such as on an external hard drive or in the cloud. Remember, having your data stored in the cloud does not mean it is secure. You still need a regular backup of that data! • Firewalls—A network firewall prevents unauthorized users from accessing company websites, email servers, and other sources of information accessed through the Internet. • Security software—High-quality antivirus software can perform automatic device scans to detect and remove malicious software and protect against various online threats and security breaches. • Software Updates –Always immediately apply all updates and patches for relevant software. • Employee education—Employees are one of an organization’s most significant cybersecurity vulnerabilities. Workforce cybersecurity education is essential to teaching employees to identify phishing attacks, social engineering, and other cyberthreats. • Social Engineering
1. Verify all payment changes by phone. Use a trusted phone number already on file—not one provided on the invoice or email. This step is a condition or warranty of your policy coverage.
2. Secure your email accounts. Use Multi-Factor Authentication (MFA) and remind employees to approve MFA requests only when they initiate them.
3. Communicate with your partners and clients. Let them know that you will always confirm banking changes by phone and encourage them to adopt similar protocols.
4. Test small transactions first. Send a small test payment to confirm new or updated banking details before transferring larger amounts.
For more information on how Cyber Privacy and Crime Insurance can provide additional protection, contact Heather at 587-597-5478 or heather@thorinsurance.ca
Did you know cybercrime is now considered the new ‘fire’ in the business world? Protecting your company is crucial, especially with over 72 percent of businesses affected by ransomware attacks in 2023. Here are some eye-opening facts:
You are nine times more likely to have a cyber attack than a property claim.
60% of companies go out of business after a cyber-attack.
The costs of a cyber claim can be devastating!!
Loss from operational disruption
Remediation and recovery expenses
Legal fees
Hiring of expert teams
Regulatory fines
Ransom payment, if you choose to pay it
Reputational harm
Loss of customer loyalty
Enter Cyber Insurance
This is crucial in safeguarding your business from fraud, system shutdowns, and lockouts. CFC Underwriting, a Lloyd’s of London Syndicate and market leader in cyber insurance, offers a comprehensive Three-Pillar Solution.
Pillar One – Prevention:
Through vulnerability scanning, threat monitoring, and claims data, they are used to identify risks. They provide instant support through their Response app, eliminating threats before they develop. “Kindly take a look at these tips as well!”
Pillar Two – Response:
A qualified world-class team of experts who jump in to help you – available 24/7, responding within 15 minutes to triage incidents, contain threats, and get businesses back online.
Pillar Three – Coverage:
That’s the insurance piece where that provides the coverage for breaches, attacks, and the cost of recovering your data, plus additional costs to re-create data and applications.
Cyber insurance is a supplement, not a replacement for your existing IT teams. It’s like adding sprinklers and fire alarms to your building – essential for comprehensive protection.
The Costs
Your current protection levels, business size, and employee count influence premiums. Considering the average cost of a privacy breach exceeds $200 per customer, investing in cyber insurance is an investment in your company’s long-term viability. Moreover, the cost of cyber insurance protection could be as low as $100 per month!
What’s Next?
Let’s discuss how we can tailor Cyber Privacy and Crime insurance options for your business. Get in touch to discuss securing your company’s future.
Why on earth would someone spend time writing a “primer” for business owners on commercial insurance?
I mean, think about it. What do we usually hear about insurance?
“Insurance is like marriage. You pay, pay, pay, and you never get anything back.”Al Bundy
Or,
“It’s a rip-off, and insurance companies are just out to make money.”
And finally,
“The wordings are so confusing and full of fine print.”
Every one of those statements does hold some truth. Sometimes you do pay and never get anything back. That makes some sense. The whole premise of insurance is that “the premiums of the many go to pay the losses of the few.” You may go through your lifetime and never have a claim. You didn’t receive any money from the insurer. However, the insurer was there for you in case you did. Is that different from paying Employment Insurance all your life and never being out of a job?
As for insurance companies, out to make money that makes sense too. Aren’t you in business for the same reason?
The last statement about confusion is almost bang on. The contracts can be confusing, so you must understand the wording of that policy. It’s a contract between you and the insurer. You pay a premium to transfer some business risks to the insurance company.
There is no doubt that insurance can be confusing, and therein lies the reason why you need to take some time and learn more about how you can protect your business.
Many insurance companies are including limited cyber coverage in some commercial package policies on the market today. You need to be aware that this coverage is not intended to provide the higher levels of protection required to cover the varied cyber incidents occurring these days.
Just as you secure your premises to attempt to avoid having a loss, it’s just important to secure your IT systems. In the event you do suffer a cyber-attack, having a solid cyber insurance policy can provide coverage for both first party and third-party losses.
First Party losses are costs that must be born by you, the insured. This can include:
Breach Costs
Data Damage
Network Failure and resultant Business Interruption
Outside provider/cloud service provider failure
Cyber extortion and ransomware
Customer attrition
e-Theft
Third Party losses are those costs that you will be liable for as a result of the cyber breach:
(Network) Privacy and confidentiality liability
Privacy and network security liability
Multimedia Liability
Technology Errors &Omissions
Payment Card Industry Data Security Standard losses (PCI DSS
Additional costs for such expenses incurred in crisis management, fraud response, public relations and forensic and legal may also be included in the protection depending on the insurance product purchased.
Premiums will be determined based on a number of factors including:
Type and amounts of coverage required
Industry and business type
Size of the business
Type of data stored on the network
Risk mitigation and security measures taken by your company
History of cyber-attacks
Privacy policies
An insured loss whether it be to your physical property, a third-party liability claim or a malicious cyber event can put you out of business.
Remember many of the breaches and hacks are caused by simple human error. I’ll share some tips on what to look for so you aren’t victimized.
Let me remind you that I am not a techie. I’m a business owner just like you and feel that it’s important to me to understand the risk and prepare. It’s like putting a fire wall in a building to prevent spread of a fire or ice-melt on your sidewalks to prevent slip and falls. Cyber risk is huge and very costly and I want to be prepared. Hopefully this information will be helpful to you and please check with your tech guru for their expertise.
I preface this blog with a reminder that protecting yourself, your data and data of others, is not just a nice thing to do. There are laws in place that impose strict rules and responsibilities under Provincial and Federal laws. The Personal Information Protection and Electronic Documents Act (PIPEDA) (PIPEDA) and Canada’s anti-spam legislation (Anti-Spam) are two pieces of legislation.
Here are some suggestions as to how you might protect yourself.
1. Know what’s happening. If you read my first blog, you are already aware of the some of the threats posed by cyber-criminals. Good for you!
2. Change your passwords. I know! That’s such a pain. It’s much easier to use one password for all your sites. The danger in that is that if your passwords are duplicated and not changed regularly, a hacker has much easier access to all of your sites. There are a number of software programs available to assist you. Personally, I use Norton’s Password protector.
3. Secure your home office. Have you changed your router password since it was installed? Do you have antivirus software and automatic back-up tools?
4. SPAM. You’ve all seen those emails that look like they are coming from someone you know. So, you click on it or worse yet open an attachment. Bang – you’ve just downloaded malware onto your system. Check email headers and sender’s addresses and only open attachments of verified trusted senders and those that you are expecting to receive.
5. VPN. With so many business owners and employees working from home, it makes it much more accessible to cyber-criminals. A Virtual Private Network on your home computer can mask your internet protocol (IP) address so that your online activity is virtually untraceable. It establishes secure and encrypted connections. Again, shop around to get good speed and reliability.
These are just a few tips that many of you may know about. If not, I hope it’s been helpful. Remember to call on the tech experts. I would also suggest that perhaps an Information Technology Audit might be appropriate to make sure you are safeguarding your assets, maintaining data integrity and operating effectively.
In our next blog, I will talk about the next level of cyber protection – yes Insurance! As technology and society changes, the insurance world must adapt. There are now many insurers who have products available. We will talk about some of the features to look for.
