Social Networking: How Secure is Your Business?
Companies of all sizes are increasingly using sites like Twitter, Facebook and LinkedIn to advertise their services and products, to communicate with customers, and even to recruit new employees. Most businesses, however, remain unaware of the dangers that lurk in this rapidly expanding arena. Phishing scams are but one example of this, where devious ploys are used to manipulate employees into clicking on links that immediately download malicious software into your computer system. Once inside, this malware can run riot, gathering sensitive personal and company data at will, much like a vacuum-cleaner, all to be used later to perpetrate fraud or to steal someone’s identity. Pharming is another danger, similar in nature to phishing, whereby an employee is encouraged to click on a link in a bogus email that then directs them to a false website geared to fleece them. Smishing is the mobile phone form of phishing, where a text message contains the menacing link.
These, of course, are incoming threats. On the outgoing side, there are employees who divulge sensitive corporate information while on social networking sites. There, their idle banter can be harvested as public property and used in a way that may damage your company’s reputation, if not demolish public trust in your products and services.
Just how insidious social networking sites can be was brought home to Britons when the UK Justice Minister, Jack Straw, revealed in February that 30 Facebook pages had been taken down because prisoners were using them to taunt their victims. Facebook removed the offending pages within 48 hours. “It’s not that people at Facebook have a different sense of morality from us,” the Minister told the BBC. “They have the same sense of morality but they have to police hundreds of thousands of their sites, so what we have to do is set up a better system with Facebook.” He said he was reassured by the cooperation his department was receiving from Facebook as the government sought a longer-term solution “to this very modern version of the old problem of victim harassment.”
Cyberspace-Junk: Three Top Ways to Avoid a Collision
The start of 2010 brought with it a spate of reporting on the dangers of cyberspace, whether it be cyberattacks on an individual, a corporation, a public utility system like an electricity grid, or nation states playing games with each other. Mid-January saw an unlikely cyberwar breaking out when Iranian hackers attacked China’s largest internet search engine, Baidu, and Chinese counterparts retaliated against Iranian websites. In this rapidly expanding arena of competition, Russia, China and a number of other countries have been accused of mounting massive operations, though in this field there are far more sinners than saints.
A McAfee survey of 600 international technology executives (‘In the Crossfire: Critical Infrastructure in the Age of Cyberwar’, available at www.mcafee.com), released in January, helped wipe away any New Year complacency. It found that recession-driven cuts in spending on online security over the past 12 months had led to an increase in threats. The result was that more than one-third of those interviewed believed their sector was unprepared to deal with a major attack. More than half felt that the laws in their country were inadequate in deterring potential cyber-attacks, and almost half lacked any faith in their government’s capacity to prevent or deter them. One expert believes that consumers will increasingly bear the cost of online crime and security breaches as organisations seek to limit their exposure in an escalating battle against such attacks.
Art Coviello, president of EMC’s data security arm RSA, for example, has little confidence in government, pointing out that data security regulations have fallen way behind the internet age. He believes that government regulation on security should focus on outcomes and not on prescriptive measures. Data breach regulation is a great regulatory initiative because it does just that. It says, if you are negligent in protecting information, you need to publicly confess. He says it’s amazing what California has done to ensure that people do the right thing because they don’t want to be embarrassed. “Compare that,” says Coviello, “with prescriptive regulation like the obligation to encrypt this or provide that. That relies on the government having the kind of technological sophistication to keep up with the threats. What do you suppose are the odds that governments are going to move quickly enough? They can’t even update the laws for the internet age, let alone data protection. It’s much easier for government to say don’t let something happen and put the onus back on the organisation to protect its infrastructure however it sees fit.”
Britain’s FSA Targets Cross-Border Fraud
Following the global financial crisis, the spotlight on banks is intense, especially in Wall Street and The City of London. Now Britain’s Financial Services Authority (FSA) has radically stepped up its investigation of overseas banks and companies. With the crisis bringing to light potentially improper or fraudulent behaviour that crosses international borders, the Authority’s enforcement division investigated 30 overseas businesses in 2009, a six-fold increase over the five it looked in to in 2008.
As the Financial Times highlighted on February 2, this information was obtained from Freshfields, a London legal firm, by means of a freedom of information request. Of the 30 businesses involved, overseas companies accounted for 15 per cent, up from 2.4 per cent last year. The increase comes at a time when the FSA has also significantly expanded the assistance it renders to foreign regulators. The Authority received 830 new requests for help in the 2008-09 fiscal year, up 27 per cent from 2007-08. While the FSA has not particularly targeted overseas companies, the increase is a natural outgrowth of the financial crisis, which exposed a number of cross-border frauds and failures and prompted regulators to start working more cooperatively, Freshfields said. “London is a financial centre and governments are under pressure to respond to the crisis. If they are all talking to each other, someone is going to do something,” Raj Parker, one of the law firm’s partners pointed out.
Britain’s rising international focus is being replicated around the world. The US Securities and Exchange Commission (SEC) asked for overseas assistance 774 times during the 2009 fiscal year, an increase of 30 per cent. In London, the FSA went to the Court of Appeal on February 2 to challenge a lower court ruling that limited its ability to gather documents for the SEC after senior officials from both regulators met the previous day to hammer out new areas of cooperation. “The global banking crisis will only have reinforced the resolve of the SEC and [Department of Justice] to hunt down those responsible for such activity. Regardless of the outcome of this hearing, this trend of close cooperation is here to stay and means that both businesses and individuals are at risk of lengthy investigations in both the US and UK,” said Neill Blundell, head of the fraud group at Eversheds, another legal firm.
Global Corruption Index: Which country is rated worst.
The 2009 survey of global corruption carried out by Transparency International, the German-based organization that annually ranks the performance of 180 countries, shows there’s no room for complacency. “At a time when massive stimulus packages, fast-track disbursements of public funds and attempts to secure peace are being implemented around the world,” it says, “it is essential to identify where corruption blocks good governance and accountability, in order to break its corrosive cycle.” Corruption, financial crime, anti-money laundering are the focus of this important survey which puts many developed and emerging countries under the forensic investigation blowtorch.
One country that’s redeemed itself is Australia, which has risen to eighth spot in 2009 from ninth in 2008. It held top spot in 2002, when it was considered the least likely nation in the world to allow corruption. That was before the exposure of dealings by the Australian Wheat Board with the Iraqi Government of Saddam Hussein. Transparency International’s latest Corruption Perception Index (CPI) has New Zealand replacing Denmark in top place. The CPI is a composite index that draws on 13 expert and business surveys to measure the perceived levels of public sector corruption in any given country. In the important regional breakdown of the Index, Australia ranked third for the Asia-Pacific, behind New Zealand and Singapore.
Overall, most of the 180 countries still scored under five on a zero-to-ten scale, with zero perceived as highly corrupt and 10 to mean low levels of corruption. The challenge, therefore, remains undeniable. Highest scorers in 2009 were New Zealand at 9.4, Denmark at 9.3, Singapore and Sweden at 9.2, and Switzerland at 9.0. Australia, Canada and Iceland came in at 8.7. Fragile, unstable states that are scarred by war and ongoing conflict rated lowest, with Somalia at 1.1, Afghanistan at 1.3, Myanmar at 1.4, and Sudan at 1.5.
Viral Email Destroys Career and Embarrasses Employer
By mid-December, many offices around the world are customarily infused with the Christmas spirit. But one young London woman got the fright of her life when she found that her contribution had suddenly taken on global dimensions. The British media ran with her story on December 12 and it rolled on from there.
It started when graduate trainee, Holly Leam-Taylor, planned an awards ceremony to name the most attractive men in her office. Thinking this would be a bit of tongue-in-cheek fun, she emailed a small number of female colleagues at City accountancy firm Deloitte asking them to vote. With nine categories such as “Fittest body” and “Boy most likely to sleep his way to the top”, her message certainly grabbed attention. So much so that the email was forwarded around the world, spreading like wildfire over the internet. Soon millions of people had read it. But it wasn’t such a laughing matter for her managers and less than 24 hours after sending the email, Ms Leam-Taylor felt obliged to resign. A graduate in management from Warwick University, she had joined Deloitte as a consultant analyst in August 2009 on an estimated $45,000 a year.
Speaking from the Surrey home where she lives with her parents, the 22-year-old said, “It was just a lighthearted joke to celebrate Christmas. It’s a complete shock that one email could spread like this and who would think it could get so far out of hand? In retrospect, it was a stupid thing to do but there wasn’t anything controversial or sexist in there. But if I could take it back I would and I will be so, so careful about sending any emails in future.” She hit the send button on her Christmas Awards email on Tuesday, December 8, and when she arrived at her office the next day found her inbox full. “It was crazy,” she said. “I had so many emails from all over the world saying I had made people’s day and that I’d put a smile on their face. I had loads of emails from men in the office nominating themselves for various categories and everyone thought it was hilarious. But once I realised it had been forwarded outside the office I realised both Deloitte’s and my reputation had been damaged so I decided to hand my notice in there and then.”
Ms Leam-Taylor sent her letter of resignation at 3.00 p.m. on Wednesday and left the office. She insists she was not asked to do so, but thought she should jump before she was pushed, adding that, “In all our contracts it says we mustn’t use our emails for personal use so I knew I was in breach of that.”
Another US Ponzi Scheme Hits the Dust
As The Wall Street Journal reported on December 3, a Minnesota jury has found the operator of a $US3.65 billion Ponzi scheme guilty of all 20 counts of wire fraud, mail fraud, money laundering and conspiracy, potentially consigning him to life in prison without parole. The racket dates back at least a decade.
At the time that 52-year-old Tom Petters was arrested in October 2008 and indicted two months later, the allegations against him amounted to one of largest Ponzi schemes in US history. But New York financier, Bernard Madoff, confessed a few months later to a much bigger fraud – an estimated $US65 billion – and is now serving 150 years in prison. Petters, a gregarious businessman, started out selling stereo equipment in high school and later became a liquidator of overstocked goods before his company ventured into retail-based fraud.
The US government has accused him of promising fat returns to investors who lent him money to purchase surplus merchandise, then resell it to big-box retailers such as Wal-Mart Stores and Costco Wholesale. But there were no such transactions and profits funded his ‘extravagant’ lifestyle, which included lavish homes in several states, a number of expensive boats, Mercedes cars and also a Bentley. Moreover, he acquired a number of legitimate companies, including Polaroid Corporation and Sun County Airlines. It all came crashing down in late 2008 when longtime Petters Company employee, Deanna Coleman, approached the US Attorney in Minneapolis. She laid out the nature of the fraud and her role in it, and agreed to wear a recording device that picked up damaging conversations with her boss and others in the following days. She later pleaded guilty to conspiracy to commit fraud, and testified for the government in the trial. In all, three co-workers and four business partners pleaded guilty to aiding the scheme and several testified against Petters.
During the trial, 42 government witnesses testified, compared with 12 called by the defence. Ms. Coleman’s tape recordings were key to the prosecutors’ case. In one of the tapes, Petters is heard saying, “This is one big [expletive] fraud.”
Guarding Against Corporate Fraud
The Indian outsourcing firm, Satyam Computer Services, which was the subject of the country’s biggest corporate fraud scandal in January 2009, has been hit with a tranche of supplementary charges. According to India’s Central Bureau of Investigation, the extent of the total fraud now stands at around $US3 billion. What the Bureau has revealed provides a salutary warning to any company in virtually any country that this could be happening right under your nose. If you suspect that might be the case, call in experienced professionals without delay. A wide variety of methods, ranging from detailed transactional analysis to computer forensics can be used by these experts to give you a clear picture of reality.
The original charges against Satyam’s former chairman revolved around his admission that he had misrepresented the company’s financial condition by inflating assets and understating debts. This included a fictitious cash balance of more than $US1 billion. He stunned India’s financial world when he made his confession. At the time, Satyam was rated as India’s fourth-largest information technology services group by revenue, with world-wide clients like General Motors, Nestlé and General Electric.
The new charges show that others at Satyam had been creating fake customer identities and generating fake invoices against them to boost revenue figures. They had also forged board resolutions and obtained unauthorised loans that were used to buy properties. Investigators have found over 1,000 such properties, purchased by the accused with the siphoned funds and involving 2,430 hectares of land as well as housing plots and building space.
Open Slather on Corporate Secrets
A new trans-Atlantic survey has confirmed what many suspected: staff moving on to another job will often take much more than their payout with them. While you can’t stop employees carrying your company’s intellectual property out in their heads, there is something you can do to protect yourself before they leave. Call in a team of professional experts to show you how state-of-the-art technology and the intricacies of computer forensics can be used to pinpoint what’s being downloaded prior to an employee’s departure. If you see redundancies on the horizon, act well in advance.
Nearly half of the financial sector workers surveyed in New York and London admitted that they would take with them sensitive corporate information if they were sacked. The survey, carried out by management specialists Cyber Ark in November, also showed that just over 40 per cent had already taken sensitive data with them to their new jobs. Just under 40 per cent said they would download such information pre-emptively if they sensed that their position was at risk. Over 30 per cent revealed that they would not hesitate to pass on sensitive corporate data if that were to be instrumental in their gaining employment for friends and relatives. Topping the information-stealing list was customer-related information – which in its own right could contain highly sensitive records – followed by product information and company strategy.
As frightening as these figures are, even more so was the fact that a quarter of the workers surveyed acknowledged that in light of the current economic downturn they felt less commitment and loyalty to their employer. As the UK director of Cyber Ark put it, “employee confidence has been rocked. Many workers are willing to do practically anything to ensure job security or make themselves marketable – including committing a crime.” Not surprisingly, 85 per cent of those surveyed recognised that it was illegal to download company information. Nevertheless, of those who admitted they would steal data some also stated that they would take passwords and any other information they needed in order to continue accessing the network of their previous employer.
Seven Danger Areas To Watch For In A Hi-Tech World
With new technologies being introduced into your business environment at a dazzling pace, it’s easy to overlook the extent to which the divide between your employees’ work time and their private lives and ambitions is increasingly blurred. Some corporate managers wonder whether they can any longer define where it is. One American CEO recently observed that it’s more like a seismic fault line that’s expanded into an ever-widening corridor.
Here are a number of areas where you need to be aware of what your employees are doing. If you’re not sure how to monitor their activities, call in a team of experienced professionals who are sensitive to the privacy and legal issues sometimes involved. Using sophisticated equipment and new techniques like computer forensics, they will analyse all of your electronic traffic, access to your databases, incoming and outgoing mobile and text communications, business transactions and other relevant dimensions of your corporate operations in order to provide you with a map of what’s really going on. Once that’s established, they can also help you grapple with what needs to be done.
1. The Mobile Employee.
The widespread use of 3G wireless broadband means that much of what used to be done in your office can now be carried out almost anywhere. Smartphones, for example, have all but replaced the need for an office with a fixed line. While BlackBerry has contributed greatly to satisfying our addiction to mobile email, the market for staying connected while you’re out and about has expanded enormously. In a similar way, notebooks are increasingly coming with built-in 3G wireless for internet access on the road. If you have a fair percentage of your staff constantly outside your office you need to know whether you’re getting value for money from them, be it in customer relations terms or through recruiting new clients. Do you have any idea where they are when they’re outside your office? There are ways of checking.
Hackers: Barbarians at Your Corporate Gate
The risk of hackers penetrating your company’s database and exposing your commercial secrets – if not some dirty linen as well – was brought home recently when the internal musings of Britain’s leading climate science research centre were laid bare. Thousands of private emails between top climate change scientists were made public, revealing the bitter disagreements over the cause of this contentious phenomenon. It’s like a paper trail from hell. Whether or not your company is involved in a controversial industry, make sure that hackers don’t plant malware in your system that allows them to monitor what you’re doing until they feel the time is right for a massive exposé. Computer forensics and a host of other state-of-the-art technology can save you from such an ignominious fate.
The climactic downpour in the UK, which included some 2,000 emails and 3,000 related documents, first appeared online on November 20, courtesy of an anonymous Russian server. While there’s nothing surprising about that, there is in the degree of spite that some of the communications display. One top man at the Climate Research Unit, based at the University of East Anglia, wrote in 2004 that he was “cheered” by the news that a prominent climate change sceptic in Australia had suddenly died of a heart attack. Another says he would like to meet his adversaries in a dark alley one night. Other experts refer to their colleagues in highly unflattering terms.
Scientists who support the theory of man-made climate change are lined up against their heretical opponents, each side armed to the teeth and ready to fight the War of Roses all over again. One rues the fact that his team can’t account for the lack of warming at the moment, which he sees as a travesty. He cites data published only a few months ago that shows that there should be even more warming. The data must surely be wrong, he suggests. The sceptics hurl missiles back, claiming that the emails are evidence of a conspiracy to bully into submission those who challenge the man-made hypothesis. With Copenhagen just around the corner, something is clearly rotten in the State of Denmark.
