This month has brought us the mad scramble to deal with the Heartbleed bug. Many fingers were pointed at Governments and agencies about poor security, and largely the finger pointing was accurately placed.
But what about the risk of open source? It is still problematic to try and use open source tools like SSL, but it is not overly more risky than big name closed ecosystems, MS and Adobe, for example. The problem though can be markedly more difficult however in terms of detection and implementation of a fix. The open source concept is great at rapid development and a true uniqueness which can only be developed in a free form environment, but it is also this environment which can keep developers from focussing on the end product, testing and retesting to find problems and satisfy a client. Not so bad for Mom's flower shop, but a very bad thing for the Canadian Revenue Agency and other similar organizations as we've seen.
Protection of these types of systems remains of vital national importance and open source cannot be risked in these cases. A closed, secure and easy to update and patch system is the best bet for secure sites, or if open source is the only option, then a dedicated in house programmer corps must be set in place to test and develop a unique flavour for a given organization to ensure protections are in place, and not just cyber-crime monitors, which are useless in situations such as this where internal alarms are not able to respond to these problems.
That being said, there was a fairly good reaction to Heartbleed once detected with a fairly rapid deployment of fixes. There will undoubtedly be blowback over the next few months as internal security agencies and companies start to reveal the extent of damage from Heartbleed. Anyone suspecting they were impacted should take the time to report their information to the standard credit agencies, banks and police. For the general populace, a change up of sensitive passwords should be looked at, particularly tax agency, banking and medical sites with prime identification information.
Starting next month, we will be looking at some of the more practical sides of investigations, and will expand on the actual experiences of private investigations, mixed in with some tips for private individuals and companies to look at. We hope you'll join us!
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
Friday 18 April 2014
Friday 21 March 2014
Fraud Month
Well, we're about half way through Fraud Awareness Month and there has been an overall excellent effort to raise awareness around the world, both for and against frauds!
Law enforcement and media here in Canada have been diligently promoting common fraud types which has definitely been great to raise awareness for those most at risk, particularly seniors, who are often targeted due to isolation, resources and sometimes impairment.
Fraudsters on the other hand seem to have also stepped up some activity, with major increases this month in online phishing and scam campaigns, toppling a major BitCoin trader and the spring onslaught of door to door scams kicking off.
Despite this, and the ever present efforts of fraudsters to part victims from their money, there exists more resources than ever to help raise the awareness level of individuals, business and government to the threats posed by fraudsters, not just financially but for non-financial frauds as well.
The best message coming out this month so far, and as always, is to help those at risk understand the threats out there. This can be as simple as telling the next person you meet about the Canadian Anti-Fraud Center or point them to the RCMP Scams and Fraud page. It also pays to remember that it is not just the elderly who are targeted, as many professionals and business have come under increased attack from more sophisticated scams than the classic Nigerian variety, meaning that general staff needs to be aware of the ever present landscape of the world of frauds, as the weakest link is going to be an eventual target.
As the months comes closer to the end, it is also a great idea to remember to keep up the efforts of awareness throughout the year as the fraudsters do not pack things up once the month ends.
If you find yourself a victim of a scam, or suspect something is wrong, contact your local police to file a complaint. Often, a third party investigation must be completed before the police can take action, which requires the assistance of an accountant or private investigator, sometimes both depending on the nature of the scam. If in doubt, contact a local PI to see what can be done in your situation.
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
Law enforcement and media here in Canada have been diligently promoting common fraud types which has definitely been great to raise awareness for those most at risk, particularly seniors, who are often targeted due to isolation, resources and sometimes impairment.
Fraudsters on the other hand seem to have also stepped up some activity, with major increases this month in online phishing and scam campaigns, toppling a major BitCoin trader and the spring onslaught of door to door scams kicking off.
Despite this, and the ever present efforts of fraudsters to part victims from their money, there exists more resources than ever to help raise the awareness level of individuals, business and government to the threats posed by fraudsters, not just financially but for non-financial frauds as well.
The best message coming out this month so far, and as always, is to help those at risk understand the threats out there. This can be as simple as telling the next person you meet about the Canadian Anti-Fraud Center or point them to the RCMP Scams and Fraud page. It also pays to remember that it is not just the elderly who are targeted, as many professionals and business have come under increased attack from more sophisticated scams than the classic Nigerian variety, meaning that general staff needs to be aware of the ever present landscape of the world of frauds, as the weakest link is going to be an eventual target.
As the months comes closer to the end, it is also a great idea to remember to keep up the efforts of awareness throughout the year as the fraudsters do not pack things up once the month ends.
If you find yourself a victim of a scam, or suspect something is wrong, contact your local police to file a complaint. Often, a third party investigation must be completed before the police can take action, which requires the assistance of an accountant or private investigator, sometimes both depending on the nature of the scam. If in doubt, contact a local PI to see what can be done in your situation.
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
Sunday 23 February 2014
Industry Standards
Something near and dear to us here at Elemental Solutions are industry standards for PI's, not only here in balmy Ottawa, Canada (of course I jest in the midst of one of the worst winters in recent memory), but around the world.
There has been a large push to bring PIs in line with other professional industries, particularly considering the ever increasing sensitivity to privacy issues and can be seen in most countries really beginning to take hold.
Canada, like may nations, benefits from a national requirement for privacy issues, allowing for fairly uniform standards between the provinces, which hold ultimate jurisdiction. Other countries, such as the US, operate on a state by state basis, which requires an understanding of each state's views on privacy and the industry to known how the laws and standards may apply to the industry.
The pushes all around the world are still largely in their infancies, focussing on bringing licensing out to the profession and basic levels of training and liability. These changes are also having the benefit seen in most industries when licensing and common practices are instituted, that of a reduction in unskilled and unethical businesses operating in the environment.
There are some in the industry who continue to resist the changes coming to the industry, and for those agencies, I would say that their time is rapidly coming to a close. Increasing liability issues in the face of breaches of privacy are on the move, a reduction in tolerance for obtaining black market information for cases is becoming more evident and the existence of an ever increasing well informed client base will lead to these agencies adapting or dying.
These changes are ultimately a boon to clients who need to know that their PI agency of choice has met some basic standards. It also benefits the investigations industry when sub-contracting out work across jurisdictions by ensuring that a potential contractor can be counted on to conduct themselves in a certain manner. It also ensures that our industry is kept in the highest esteem of the communities in which we serve, allowing our client bases to thrive.
If you want to learn more about the private investigator regulations in your jurisdiction, do a search fro your state, provincial or national level private investigator associations. They will be able to discuss the standards to which your local PIs are held, as well as how to ensure you are dealing with a licensed PI.
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
There has been a large push to bring PIs in line with other professional industries, particularly considering the ever increasing sensitivity to privacy issues and can be seen in most countries really beginning to take hold.
Canada, like may nations, benefits from a national requirement for privacy issues, allowing for fairly uniform standards between the provinces, which hold ultimate jurisdiction. Other countries, such as the US, operate on a state by state basis, which requires an understanding of each state's views on privacy and the industry to known how the laws and standards may apply to the industry.
The pushes all around the world are still largely in their infancies, focussing on bringing licensing out to the profession and basic levels of training and liability. These changes are also having the benefit seen in most industries when licensing and common practices are instituted, that of a reduction in unskilled and unethical businesses operating in the environment.
There are some in the industry who continue to resist the changes coming to the industry, and for those agencies, I would say that their time is rapidly coming to a close. Increasing liability issues in the face of breaches of privacy are on the move, a reduction in tolerance for obtaining black market information for cases is becoming more evident and the existence of an ever increasing well informed client base will lead to these agencies adapting or dying.
These changes are ultimately a boon to clients who need to know that their PI agency of choice has met some basic standards. It also benefits the investigations industry when sub-contracting out work across jurisdictions by ensuring that a potential contractor can be counted on to conduct themselves in a certain manner. It also ensures that our industry is kept in the highest esteem of the communities in which we serve, allowing our client bases to thrive.
If you want to learn more about the private investigator regulations in your jurisdiction, do a search fro your state, provincial or national level private investigator associations. They will be able to discuss the standards to which your local PIs are held, as well as how to ensure you are dealing with a licensed PI.
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
Sunday 16 February 2014
Credit Scores
Lately, I've been seeing a large number of credit score ads on TV where they try and convince people that they need regular and up to date info on their credit scores. This bugs me.
The credit score system, for good or bad, is set up with a variety of things geared for the most part to determine an individual's or organization's credit trustworthiness when determining whether or not to grant credit, and at what rates. They also have a few bonus features that not all people are aware of. First is that it holds a collection of your credit histories, including where you have made purchases, what your holdings are in a given country and your spending habits. They also have all of your primary identification listings, which can be used to copy an identity perfectly.
Now the big credit companies, Transunion and Equifax in Canada, and again fro good or bad, have a fair amount of scrutiny on the security of the data they hold, which is about as complete a picture as you can paint on most people. Which brings us to where I am heading.
The free credit score companies are actually data aggregators, otherwise known as data mining companies. What they do is obtain whatever info they can possibly assemble on individuals and sell the data off to advertisers, insurers and anyone else who is looking for a certain level of data...of which there are many. By requesting a score from these companies, people are granting access to these companies for their complete credit profiles. What's worse, is that these companies have significantly less oversight than the actual credit companies, and a data breach would result in significant risk of identity theft for anyone who has data stored with them. It gets even more problematic, as these data miners sell of your data to even other organizations, leading to a greater loss of control over the security of your personal information.
The worst part is that free credit scores can be requested, usually for free once per year by the major credit agencies in most countries.
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
The credit score system, for good or bad, is set up with a variety of things geared for the most part to determine an individual's or organization's credit trustworthiness when determining whether or not to grant credit, and at what rates. They also have a few bonus features that not all people are aware of. First is that it holds a collection of your credit histories, including where you have made purchases, what your holdings are in a given country and your spending habits. They also have all of your primary identification listings, which can be used to copy an identity perfectly.
Now the big credit companies, Transunion and Equifax in Canada, and again fro good or bad, have a fair amount of scrutiny on the security of the data they hold, which is about as complete a picture as you can paint on most people. Which brings us to where I am heading.
The free credit score companies are actually data aggregators, otherwise known as data mining companies. What they do is obtain whatever info they can possibly assemble on individuals and sell the data off to advertisers, insurers and anyone else who is looking for a certain level of data...of which there are many. By requesting a score from these companies, people are granting access to these companies for their complete credit profiles. What's worse, is that these companies have significantly less oversight than the actual credit companies, and a data breach would result in significant risk of identity theft for anyone who has data stored with them. It gets even more problematic, as these data miners sell of your data to even other organizations, leading to a greater loss of control over the security of your personal information.
The worst part is that free credit scores can be requested, usually for free once per year by the major credit agencies in most countries.
Blog post is courtesy Elemental Investigations: Private Investigator Edmonton, an Edmonton, Canada based private investigator agency. They can be found online at www.elementalpi.ca
Saturday 1 February 2014
Threat Risk Assessments-Factors for Consideration
Threat Risk Assessments (TRAs) come in a wide variety of flavours. They can be general or specific, focussing on a limited location or range of activities.
Considering the variation, one would expect a wide range of factors which should be considered in a discussion of TRAs, and you are largely right. There is however, a fairly stable list of prime factors which should be considered for most general TRAs.
Many of the primary factors which should be considered in a general TRA should include the following:
- Information Management - Files, garbage management, access controls and authorizations
- IT Networks - All electronic communications and data storage capabilities. These are often a separate TRA within the overall TRA due to the size of this file
- Moral Considerations - Perceptions, codes of conduct public relations and employee interactions all play a role here
- Personnel - This is affected by things like labour issues, training, turn-over and criminality
- Market/Industry Factors - This includes the general methods of the industry, and the vulnerability your organization can face from your colleagues and competitors in a modern environment
- Physical Threats (Mobile) - These include fleets and mobile structures, as well as leased or rented movable infrastructure
- Physical Threats (Fixed) - This includes all fixed and semi-permanent structures and fixtures
Blogging by Elemental Investigations: Private Investigator Edmonton, a private investigations agency serving Ottawa, Canada and the surrounding area.
Friday 17 January 2014
Employee Screening
Employee screening is often misunderstood. People think that running a quick search of credentials through the normal hiring process is sufficient for all hires, despite the fact that most research finds that the majority of resumes and CVs contain falsities from minor to major.
The normal process of checking references on some of your potential hires is the thing that is relied on by potential hires who are fabricating their past. Even HR staff normally will go only so far as to ask a couple of questions to a "former employer" who may have nothing to do with actually ever having been the boss of someone.
While the lighter end of screening is not always a major concern, such as a Mc-Job hire, conducting the same level of scrutiny for professional organizations (which is what is occurring) can expose a company to many potential issues when hiring if the person is not legit. Poor performance, lack of training, mental health issues, criminality and opening up your organization to litigation are among the many risks associated to a bad choice in a hire.
A private investigator can help out with screening programs for sensitive personnel, particularly management and sensitive positions requiring specific knowledge. This includes things like executive hiring, scientific and technical trades, financial services and special access personnel, including things like night shift cleaners who often have free access to a building's interior while unsupervised.
Having a PI augment your internal HR services can be a relatively low cost option to running an internal program as it can be focussed on specific hires deemed at risk to fraudulent hires and allows you to not spend money on a full time in house investigator. Give a local PI a call to see how their screening services can help you.
Postings provided by Elemental Investigations: Private Investigator Edmonton
The normal process of checking references on some of your potential hires is the thing that is relied on by potential hires who are fabricating their past. Even HR staff normally will go only so far as to ask a couple of questions to a "former employer" who may have nothing to do with actually ever having been the boss of someone.
While the lighter end of screening is not always a major concern, such as a Mc-Job hire, conducting the same level of scrutiny for professional organizations (which is what is occurring) can expose a company to many potential issues when hiring if the person is not legit. Poor performance, lack of training, mental health issues, criminality and opening up your organization to litigation are among the many risks associated to a bad choice in a hire.
A private investigator can help out with screening programs for sensitive personnel, particularly management and sensitive positions requiring specific knowledge. This includes things like executive hiring, scientific and technical trades, financial services and special access personnel, including things like night shift cleaners who often have free access to a building's interior while unsupervised.
Having a PI augment your internal HR services can be a relatively low cost option to running an internal program as it can be focussed on specific hires deemed at risk to fraudulent hires and allows you to not spend money on a full time in house investigator. Give a local PI a call to see how their screening services can help you.
Postings provided by Elemental Investigations: Private Investigator Edmonton
Thursday 9 January 2014
New Year Outlook
Well, its good to be back from the Christmas and New Year's holidays. We're a little late getting to our New Year's outlook on the coming year, but to be honest, entime off was well deserved. With that in mind, we want to highlight a few things we see as being large or continued stories in 2014 in the world of privacy, investigations and security. Let's see what will shape the landscape on those topics in the coming year:
- Snowden will continue to make waves as the government tries to reign him in. He is holding on to enough juicy tidbits to keep this ball rolling throughout the year. Importantly, the big internet companies will see more action in court as they try and distance themselves from the appearance of being in cahoots with the NSA, and may out out some new encryption standards which have been developed without the special sauce provided by the NSA.
- Also related to Snowden, look to more operators offering "secure" online interactions. While interesting at the start, they will also lead to a greater level of attacks and sophistication in exploiting perceived protections. Think of Snapchat and Lavabit for those who know.
- On the security front as a whole, we will continue to see the sad march to automation and new standards designed to save mid-level managers the discomfort of taking 4 seconds to secure information. Federal Govenment et al, will see more major blunders as a result.
- On the economy, a stronger economic footing will allow us to enjoy reduced employee based crime as wages and stability help calm the masses. That being said, on the fraud front, managers will be granted relaxed fiscal controls, which will inevitably lead to something about hands and cookie jars. Also on this front, better economic conditions usually also lead to lessened rates of family violence and drug abuse.
- The investigations industry on the whole in Canada will strengthen we think. This will be due to economic factors which will allow business to tackle problems requiring outside help and the easing of purse strings will help outside of Canada. The push in jurisdicitons such as the UK and the US will also continue towards more regulation of the industry in terms of licencing and basic standards, which should be good news for local investigators and those of us trying to contract investigators in those countries for assistance with cases elsewhere.
That about does it for our outlook. We definitely are looking forward to 2014 and the new and exciting challenges it will bring. We wish all a happy and prosperous new year!
Blogging provided by Elemental Investigations: Private Investigator Edmonton, a Canadian Private investigations and security consulting agency.
Blogging provided by Elemental Investigations: Private Investigator Edmonton, a Canadian Private investigations and security consulting agency.
Subscribe to:
Posts (Atom)