Kategorie: English

Identity Protection, Identity Security
While most of us will have heard of identity theft, that never seems like something that would happen to us. It’s one of those things that happen on the telly but not to one personally. However, identity theft is far more common than anyone would think. And it’s not all large credit card theft operations and manufacturing fake passports.
No, identity theft can be as simple as forging a signature and, unless the perp is caught, it will almost always cause rather big problems for the victim. For the seemingly small benefit of a pizza ordered on someone else’s credit card, that person’s credit rating can take damage, they may even have their credit cards cancelled.
Identity Protection is key to avoid being in a situation like that. Now, taking care of personal documents is one of the easier steps to avoid being targeted for identity theft. The same thing goes for signatures and online payments. Taking extra care before signing anything and double-checking the validity of websites before making a payment can make all the difference for a potential scammer.
There’s less obvious protections as well, and they can be just as important. Keeping a secure pin on a phone (meaning not a birthday or ‘1234’) and not writing down the pin-codes for debit and credit-cards makes it much harder for thieves to use cards even if they are able to lift them or find the details. Sometimes card details are stored online during a purchase and there is ample proof that they aren’t always kept secure enough. It’s always safer to choose to not store card details for future payments.
Another often neglected thing to do is to regularly check all bank statements and credit card statements. That way, if there are any odd or unexplained charges, the bank can take care of them immediately and refund the money, possibly even find the culprit. If the fraud is never reported, it’s much more difficult to prove it happened at all, much less to stop the negative consequences that can happen.
Depending on the specific country, it can also be very important to keep one’s national insurance number private, as that alone can often be enough to do things like take out a new credit card, or even enter an employment contract. That can have rather awful consequences, just as credit card theft can.
Identity Security is as vital to personal protection as locking the door when you leave-forgetting it even once carries significant risk of falling victim to a scammer.

The world of business is so complex that no single phenomenon remains unchanged for a long time. As you gain momentum, you need to keep on innovating—or you get left behind. We all witness milestones from big companies such as joint ventures, mergers and acquisitions, financings and other major investments. How do these businesses thrive? How do they satisfy the dynamics of the competition?

One key standard by which companies follow before a major investment is due diligence investigation. This is the process of researching and analyzing an individual or organization before a business transaction. This helps in assessing the practicality and profitability of a transaction or investment.

A — ASSESSMENT

Do I need a a due diligence investigation?

Assess yourself. Do you run a business? Are you stockholder of a big corporation? Are you about to accept a top-ranking position? Do you plan to enter a joint venture? All these entail due diligence investigations to give you a clearer picture of the company you are about to do business with.

The concept of due diligence is simple: it revolves around reasonable care or “required carefulness”. In simple terms, due diligence is studying for a major exam. In business, due diligence investigation is done in preparation for a major transaction.

B — BENEFITS

How can a due diligence investigation benefit my business?

The goal of due diligence investigation is to provide you with information, hidden or otherwise, to help you make an informed decision. Would you enter a battlefield unprepared? Certainly not.

By conducting a due diligence investigation, you can figure out what a company is going through. It is typical for the larger business to conduct this due to their large assets. If there is even just a small risk of failure, wouldn’t you want to discover it? A due diligence investigation does just that—because once problems start, they become difficult to fix. Even in business, prevention is a lot better than damage-control.

However, due diligence is not limited to investigate hidden information or analyze risks. It can also determine opportunities when the acquisition or venture starts. If it’s for the betterment of both parties, why not? Let’s say, for instance, the potential partner has a strong chance of winning bids in future contracts—your business can definitely benefit from this strength.

Remember that both risk and opportunity are two sides of the same coin—but you don’t have to flip it. Running a due diligence investigation can identify the risks and opportunities that will help you arrive at the best decision.

C — COMPLIANCE

What is the basis of due diligence investigations?

Due diligence investigation did not become a practice if it weren’t for the laws that emphasize on checking companies out of prudent and careful practice.

The use of due diligence rose due to the US Securities Act of 1933, originally referring to the process as “reasonable investigation”. Though every country practices their own laws and policies, here are the most common legal bases for investigative due diligence:

US Foreign Corrupt Practices Act

One strategy of the FCPA compliance program done by corporations is to tap into due diligence providers. They perform this as a precautionary yet sincere measure by identifying public officials associated with foreign companies.

US Patriot Act

The Act orders all financial institutions in the US to conduct due diligence in accounts established or maintained for foreign individuals or institutions. This is done as a means to combat money laundering.

UK Bribery Act

When the Act was still in the works, the Secretary of State published a Guidance outlining six principles followed in business. One of the principles, as stated in the Guidance, is due diligence, which is done in compliance with a code of conduct.

Non-compliance to these laws results in serious legal ramifications, ultimately damaging the reputation of the affected companies. Due diligence investigations are almost always called for in states, cities or areas where corruption is rampant.

D — DUE DILIGENCE PROCESS
How is a due diligence investigation conducted?

The due diligence investigation is an exploratory process and uses different styles to gather information. It encompasses person background checks, company background checks, mystery shopping, surveillance, and financial investigations.

The typical areas an investigator looks into are:

Company history and overview
Who founded the company? What is the vision-mission?

Employees

What benefits does the company offer to their employees? What is the dynamics of their workforce? Is there an existing association or union of their employees?

Financial record

How much is the monthly revenue of the company? Do they have a good credit history?

Audits

How does the company fare in marketing audits? Do they routinely perform IT audits?

Inventory management

What approach does the company use to manage their materials? How do they deal with issues concerning inventory?

Depending on the depth of the search, due diligence investigators can dig deeper. They can review public records, contact foreign offices and talk to actual individuals like customers to gather more information.

It is possible to perform a due diligence investigation on your own, but it might not be very effective. Investigators are experienced and wise, and they know what kind of information to look for and how to obtain it. They know how to acquire records legally and have authorized access to data that are not accessible to you or to the public. It is crucial to employ the service of an investigator to get hold of accurate and relevant information without compromising other precious resources like time and money, which you can use elsewhere.

E — EXAMPLES

What are the types of due diligence investigations?

Because there are various aspects in business, there are also many types of investigative due diligence that can cater to each area:

Legal due diligence

Does the company own rights to intellectual properties? Do they have contracts with all their partnerships? Do they have previous or current litigations in court?

Financial due diligence

How does the company deal with their finances? Is there a declaration of assets and liabilities?

Commercial due diligence

Does the company have a business plan in force? Do they have a pool of regular clients? Who are their competitors?

HR due diligence

Does the company’s human resource department conduct pre-employment screenings? What is the recruitment process? How do they handle employee grievances?

IT due diligence

Does the company utilize effective data-gathering tools? How do they analyze information? Do they act on intelligence to make business decisions?

Before any big change, it’s all about verifying if the company in question is indeed what they are showing to you. If the other party presents you with their own facts, a due diligence investigation can show you another aspect. Even if you practice integrity and professionalism in all your business dealings, there are still companies that may not mirror your own values.

How willing are you to risk your own business? Due diligence may cost your company a certain amount, but think of it is as a lifetime investment. Not doing a due diligence investigation prior to a major change is like entering into a battle blindfolded—you don’t know what you’re up against.

With due diligence investigations, your company can analyze all the aspects of the other party—allowing you to see the bigger picture. Once it’s clear, you will have the confidence to make informed decisions that will benefit your company without compromise.

There’s so much you can do with the Internet—the good and the bad. Cybercrime is so ruthless that experts predict it will incur $6 trillion worth of damages by 2021. It is the largest threat to every company, and one of the toughest challenges of mankind, created by mankind, for mankind.

The evidence itself is in the numbers. Do you think nothing could be worse than drug trade, terrorism or human trafficking? According to Cisco, cybercrime will be more profitable than the biggest illegal drug trades in the world combined. Give it a few more years, and even the most savage syndicates will turn to cybercrime to strengthen their networks—if they haven’t already. Cybercriminals are always two steps ahead—who knows what they’re cooking now?

As a key person in an organization, you have the corporate responsibility to prioritize safety and security—of the employees, finances, and data down to the last detail. You do this through security intelligence, a smart approach to protect your organization from all threats possible.

What is security intelligence?

Security intelligence is the real-time collection, analysis, evaluation and response of data generated from an organization through users, software and IT infrastructure.

By intelligence, we mean information that holds relevant value to your organization. The ultimate goal of security intelligence is to give significant insight to identify, prevent or reduce threats regardless of the size of the organization.

You don’t just collect information in retrospect; you have to know what is going on right now in all nooks and crannies of your network. Then you gather data from every source within your network, so you can compare and see patterns. With analytics, you can perform behavioral profiling and determine false positives. As soon as you have the right intelligence, you present your findings in a concise approach to the top-level management of your organization.

In simple terms, the information provided by security intelligence is laid in front of you. You may not know it, but there may already be a breach of security as you speak—and you’ll never spot it without proper correlation and analysis of data.

How is security intelligence applied?

You’ve heard it many times, but what exactly does security intelligence do? What is it good for? How is it so beneficial?

Here a few ways on how you can apply security intelligence to your business:

● Monitoring accounts

What are the odds of having a rogue employee? Even with pre-employment screening, an insider can be a threat. Security intelligence tracks the routine events of your users. It can look into activities and access permissions and alert you for any unusual behavior.

● Detecting fraud

Your company’s customer service department is the highest risk vector for fraud. How many users comprise the call center? Imagine all of them having access to clients’ accounts, credit card details, and personal information. This is a serious security risk, but not all internal network monitoring systems can look into this specific network in real-time. Security intelligence, in comparison, can dive deep into this area and detect unusual activity suggestive of fraud.

● Recovering compromised accounts

You want to prevent unauthorized access to your network at all times. However, the access itself is not preventable as the attacker enters all valid credentials of the original user. Security intelligence only detects the infiltration through changes in the routine events of the user’s login after the successful access. This will instantly alert your team so you can take immediate action.

How is security intelligence flexible?

Do you own a small business? Do you run a social enterprise? Security intelligence is not exclusive for business giants with a lot of resources, big budgets, and employees. Once you’re in business, there’s always competition.

With your competitors in the background, what can put your business at risk? Complacency.

And complacency opens the doors for security threats to break your defenses. Without security intelligence, you won’t even know there’s a breach going on already.

Open source intelligence and competitive intelligence are both beneficial for strategy-building and decision-making, but you still need security intelligence to protect your company from cybercrime. So whether you belong to a small or large-scale company, security intelligence is helpful.

There is no universal platform used for security intelligence; it’s not a one-size-fits-all approach. It’s a complex process and the approach done by one organization may not be effective for your own. The good thing is that security intelligence is flexible, and there is room for configuration. You can modify it according to your company’s risk posture and weaknesses. Utilizing the right approach identifies both internal and external threat data and transforms them into threat intelligence, forming the basis for making security decisions.

How does security intelligence provide insight?

Not all companies have their own analysts to perform security intelligence. In many organizations, third-party providers comprising of security intelligence experts trained in IT security do the service. In both cases, what matters is the accuracy of the results from which you derive insight.

Collecting the right information—sifting the relevant data from the less significant ones—is crucial in security intelligence. Do you know how much data you hold in your organization? You’ll be surprised how much big data you have stored in your networks. How do you deal with the overload? Security intelligence can help you make sense of the big data. A comprehensive insight will let you look at the big picture and guide you to make the right security decisions.

There is a need to add layers of defense to your organization’s network. This reflects on how you secure your assets, including business data, IT infrastructure and intellectual property. In turn, your ability to secure all these will reflect your organization’s reputation.

Security intelligence is more defensive than it is offensive. Fortunately, this approach is within reach to any organization who takes security seriously. This matters because as you innovate, threats become more sophisticated. As you read, enemies may be breaching your organization’s defense layers right now—utilizing complex measures to infiltrate your network in ways you have never imagined.

Can you stop them?

The new EU-DSGVO (data protection basic regulation) offers new approaches in connection with an occasion-related or holistic online risk management to protect privacy on the Internet or in online media (for example in connection with domain registrations, party donation lists, wealthy and rich lists) in the best possible way.

From practice:

Domain holder data are now not readily available online … until recently this was quite different.

With the new DSGVO, security managers now also have an additional means of pressure at their fingertips to have any unwanted critical content on websites, blogs and forums deleted. The „right to forgetting“ and the associated deletion of (old) data records supports security officers in the context of the holistic support of wealthy persons.

The extent to which the deletion of data on party donation lists and so-called wealthy and rich lists is favoured by the DSGVO will have to be demonstrated in practice in the coming months and years. It is quite possible that in the foreseeable future there will be a precedent before an administrative court in this regard, in order to make a final judgement as to whether personal rights (also in connection with the protection of privacy and the like) have priority over the public’s right to information and disclosure.

The situation is similar in connection with the „right to official information embargo“ for wealthy families and persons. In the past, authorities have often refused applications for information embargo if the addresses of the persons concerned had to be researched elsewhere (simply and quickly) on the Internet. In our opinion, this can and will change in the future if the security manager has completed the correct steps and measures before applying for an official information ban.

So much in a nutshell. We would be pleased to prepare an individual protection concept for you, taking into account the DSGVO special feature and our best practice approaches.