866-629-3757

Free Consulation

Call 866-629-3757

Archive for the ‘Business Security’ Category

Understanding and Preventing Economic Espionage

March 31st, 2015 | Business Security, Cyber, Government, Security | 0 Comments

Dramatic illustration of corporate economic espionage.

April 1, 2015

By Stephanie Kent
Investigative Research Assistant

Now more than ever, American industry is a focal point for foreign intelligence services, economic spies and criminals at large. Today, nearly all critical business and technology information is accessible through the cyber environment, giving all adversaries a faster, safer and more efficient way to penetrate the foundations of our economy. Their criminal endeavors compromise trade secrets, intellectual property and technological developments that are not only essential to our businesses, but also to national security. It’s imperative that large and small companies understand the gravity of economic espionage, as it is highly prevalent and threatening in today’s high-stakes competitive business world.

What constitutes economic espionage?

In general terms, economic espionage is the unlawful or clandestine targeting or acquisition of sensitive financial, trade or economic policy information; proprietary economic information; or technological information.1

The Economic Espionage Act of 1996 (EEA), Title 18 U.S.C.§§ 1831-1839, defines the term “economic espionage” as the theft or misappropriation of a trade secret with the intent or knowledge that the offense will benefit any foreign government, foreign instrumentality, or foreign agent. The act of receiving, purchasing, or possessing a trade secret known to have been stolen or misappropriated, as well as any attempt or conspiracy to commit economic espionage are punishable as a federal crime under the EEA.2

Why should I be concerned about economic espionage?

The FBI estimates billions of U.S. dollars are lost to foreign adversaries each year. These foreign competitors deliberately target economic intelligence in advanced technologies and flourishing U.S. industries. Costly data theft litigation, loss of business, drastic depreciation of corporate value and negative publicity are merely a few reasons to be well-educated on economic espionage. All organizations possess confidential data — “trade secrets” — such as personal employee information, consumer lists, financial details, research reports, etc. In the face of industrial espionage, such sensitive proprietary information could potentially threaten business profits, numerous jobs, and our economy as a whole. Much of this classified information is critical to our national security and research projects, thereby posing potential damage on a national scale.

For example, in the research and development phase of government project bidding, millions of dollars are spent in order to determine optimal production methods, material costs, and amount of labor necessary for the bid. If this intelligence is leaked, overseas business competitors (including those in ally countries) will gain an enormous and unjust advantage. According to Compliance Training Group, frequently targeted industries are private and educational institutions that aid U.S. Government projects, in addition to those that “conduct research on high-tech industrial applications, information technology and aerospace projects.”3 Corporations that carry out their own research and development and allocate money to manufacturing process experiments are always at risk for espionage.

What methods are used to conduct economic espionage?

According to the FBI, foreign competitors function under three categories to devise an elaborate network of spies:

 1. Aggressively target present and former foreign nationals working for US companies and research institutions;
 2. Recruit and perform technical operations to include bribery, discreet theft, dumpster diving (in search of discarded trade secrets) and wiretapping; and,
 3. Establish seemingly innocent business relationships between foreign companies and US industries to gather economic intelligence including proprietary information.
4

What are the legal ramifications for committing economic espionage and theft of trade secrets?5

Whether you call it economic espionage, industrial espionage, theft of trade secrets or corporate espionage, it is a federal criminal offense as defined by the Economic Espionage Act of 1996. There are two main sections of the Act: 18 U.S.C. § 1831 (a) criminalizes the theft of trade secrets to benefit a foreign power, company or individual; 18 U.S.C. § 1832 (b) criminalizes domestic theft for commercial or economic purposes. Theft, unauthorized use, purchase and/or possession, attempting to commit the aforementioned, and conspiring are all considered violations of both sections. Although the definitions are nearly interchangeable, the statutory penalties differ slightly.

Under Economic Espionage (18 U.S.C. § 1831 (a)):

  • Individual: Up to 15-year imprisonment and/or a maximum fine of $500,000.00
  • Organization: Up to $10 million fine

Under Theft of Trade Secrets (18 U.S.C. § 1832 (b)):

  • Individual: Up to 10-year imprisonment and/or a fine (unknown amount)
  • Organization: Up to $5 million fine

How to Recognize Signs of Economic Espionage:

First and foremost, you must heed potential warning signs of espionage, particularly within your business. The following may be indications of an individual engaging in espionage acts:

 1. Employee may suddenly have a change in ideology, developing a cynical and negative view of the company, its key people or even the U.S. Government.
 2. Individuals trying to obtain unauthorized information may arrive for work early, work through lunch or stay late to gain access to information without raising suspicion.
 3. Individuals involved in long-term espionage will avoid taking vacations in fear of their activities being discovered during their absence.
 4. Uncharacteristic or extravagant employee spending on travel, houses, cars, etc.
 5. Be wary of disgruntled employees, who are often motivated by revenge.
 6. Blackmail is a possible factor when an executive is trapped in a shameful or compromising position.
 7. Romance and sexual relationships seem cliché, but nonetheless are real methods employed to access confidential information.
 8. Addictions such as gambling, drugs, and sex can lead to compromising situations and, ultimately, the theft of sensitive information.
 9. Information loss takes place not only within the organization, but also through suppliers and customers who have access to your company data.

What are some economic espionage countermeasures?

 1. Recognize the threat (see above).
 2. Identify which information is to be protected, and across what time span.
 3. Identify and determine the monetary/competitive value of all trade secrets in case information is stolen and you need to effectively prosecute and recover the damages.
 4. Devise and enforce a definable plan for protecting trade secrets and reviewing the status of specific safeguards (perhaps some data no longer require protection).
 5. Ensure that confidential information is marked appropriately and that your staff understands this requirement.
 6. Properly store physical trade secrets in secure, authorized areas.
 7. Utilize necessary disposal procedures and effective disposal equipment to shred, delete and destroy confidential data when no longer needed.
 8. Conduct pre-employment and sporadic background investigations of all who have access to company’s sensitive information.
 9. Implement regular security training for employees, along with mental health and job activity screenings of employees.
10. Utilize an internal threat program.
11. Proactively report suspicious incidents before your proprietary information is irreversibly compromised.
12. Your Information Technology system should be designed to prohibit access to sensitive materials and to trace and immediately report potential breaches of security.

To obtain additional information, report suspected violations, or schedule a briefing regarding economic espionage, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation or visit us online at www.jsainvestigations.com.

Sources:
1https://www.law.cornell.edu/wex/economic_espionage

2http://www.economicespionage.com/EEA.html

3http://www.compliancetraininggroup.com/training/espionage-prevention.html

4http://www.fbi.gov/about-us/investigate/counterintelligence/economic-espionage

5https://fas.org/sgp/crs/secrecy/R42681.pdf

Stay Low: Tips for Preventing Social Media Cyber Crime Victimization

March 11th, 2015 | Business Security, Cyber, Privacy, Security | 0 Comments

Social media cyber crime photo 1.

March 11, 2015

By Stephanie Kent
Investigative Research Assistant

Social networking websites have not only revolutionized social connectedness, but they have generated a powerful new means of advertising and marketing for small businesses and entrepreneurs. Although it may sound like the ideal medium through which to connect with old friends or engage masses of new customers, social media may be the single thing that will cost you your identity, wealth, business and reputation. Like anything that appears ‘too good to be true,’ social media can have irreversible negative consequences if users do not take the appropriate precautions. The number of con-artists, cybercriminals, and other fraudulent actors who exploit online social networks for iniquitous purposes continues to increase rapidly.

In December, 2013, security experts discovered a cache of approximately 2 million pilfered passwords to popular social media websites. Hackers across the globe had stolen usernames, passwords and credentials through 326,000+ Facebook accounts; ~60,000 Google accounts; 59,000+ Yahoo accounts and ~22,000 Twitter accounts.¹ Today, more than 600,000 Facebook accounts are compromised daily (that’s ~219 million jeopardized Facebook accounts a year)!²

According to the FBI, cybercriminals who exploit social networks can typically be divided into two tactical groups.³ The first employs computer savvy hackers who are well-practiced in writing and altering computer code to gain access or install undesired software on your device. The second group uses “social engineers” who exploit personal relations through social networks such as Facebook, Twitter, Instagram, LinkedIn, etc. These hackers use the World Wide Web to gather information about a person through his or her history of statuses, photos, comments, tweets, online interactions, and other personal information they’ve posted. With this abundance of intimate knowledge about the victim, social engineers know exactly how to assume the target’s identity and manipulate people into getting through all types of security walls. They frame their stories as to appear totally harmless and legitimate, and with the help of human naivety, they often succeed. Falling for this type of seemingly harmless social media scam could be extremely damaging not only for a personal victim, but also for the organization that employs that victim.

To avoid becoming an easy target of social media cyber crime, refer to the simple steps listed below.

How to Better Protect Yourself on Social Media:

1. Create a Strong Password for Every Account

Although hackers may seem like masterminds, nearly 16,000 of the compromised Facebook accounts mentioned above used the same simple password, ‘123456’! These users may as well have gone on vacation, left the house key on the doorstep, and put their passport, wallet, and birth certificate inside the door! Make your password at least 10 digits long, with a combination of various numbers, symbols and letters (include capitals and lower-case). Avoid using the same password for multiple websites because once your universal password is decrypted, every account you own is easily accessible to the hacker.

2. Change Your Facebook Settings to “Friends Only”

View your privacy settings on your Facebook account. Make sure your default privacy setting is not set to public (along with posts and photos you publish on your wall). If you have set it to “Custom,” be sure you are aware and comfortable with any “Networks” with which you’re sharing data.

3. Be VERY Wary of Who You Add as a Friend or Contact on Facebook, LinkedIn, etc.

Many accounts are created under false pretenses in order to gain your information upon your acceptance of the friend invite. If the person inviting you to connect via social media has very few friends or connections, or has published limited information about him or herself, exercise caution! This is probably not someone you know. Even if the person shows one or two mutual friends, ask those friends of yours how they know this person before accepting the individual as your own friend. Remember, social engineers are very clever and will use whatever photos, info and aliases they can to access your profile publicly. Never add people to your social media that you do not surely know and trust with ALL of your posted information!

4. Avoid Posting Personal Information on All Social Media Venues

It is important to note that once something is posted to any social networking website, it is no longer private. Even when you enable the highest security settings on your accounts, your information can certainly be leaked on the Internet! It’s true that the “friends only” setting will help protect you, but the more information you post to social media, the more likely you are to become a target for hackers. The more info you share online, the easier it is for hackers to impersonate you and deceive your contacts into sharing their own information, downloading malware, or providing access to restricted sites, thus feeding the vicious cycle of cyber crime! Avoid posting your personal phone number, birthday, address and email on Facebook. Your Facebook contacts can always send Facebook messages to contact you privately, and if you are close enough to be Facebook “friends” they would most likely have your other personal info anyway.

5. Avoid Dropping Pins with Your Device’s GPS on Social Media

Allowing people to pinpoint exactly where you are in the world at a specific time is not the wisest idea when trying to stay safe from criminal activity (whether cyber or not)! You may as well post a sign on your front door saying “At the international airport, going to be in Europe for two weeks… make yourselves at home!” Just don’t do it. Either privately inform your friends about the upcoming trip, or wait until you have returned to post about it.

6. Password Protect All of Your Devices

Yes, folks, that means your Macs, your PCs, your tablets, your iPads, your iPhones, your Androids, your iPods, your Blackberrys, and every other device under the sun that connects to Wi-Fi! Not only password protect them, but get those creative juices flowing beyond ‘123456.’

7. Put a Google Alert on Your Name4

This is a very easy way to be aware of what’s being posted about you online. It takes under a minute to do. Go here: https://www.google.com/alerts and enter your name and variations of your name with quotation marks around it. Finished!

8. Log Out Of Your Online Accounts When You’re Finished Using Them

Not only does this help reduce the chances of being tracked as you surf the Web, it prevents the next person who uses that computer from loading one of your accounts and snooping. This is especially important when using a public computer. Remember, ‘x’ing out of a page does not mean you are logging out! People often forget this and suffer the horrible consequences of personal invasion.

9. Turn On 2-step Authentication in Gmail

One small step for a Gmail man, one giant leap for his Gmail security! 2-step authentication requires that you enter a code (that’s sent to your phone) each time you attempt to access your account from a new device. Therefore, even if the malicious type decodes your password, they won’t be able to sign into your account from an unauthorized device.

If you believe that either you or your organization has been victimized by cyber-criminal behavior, contact Jennings Smith Associates toll-free today at 866-629-3757 for a free consultation, or visit us online at www.jsainvestigations.com. All inquiries are strictly confidential.

References:

1http://www.dailymail.co.uk/news/article-2518540/Facebook-Twitter-hackers-steal-passwords-2m-social-mediaaccounts.html
2http://www.insecpro.com/index.php/articles/cyber-crime-statistics
3http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks
4http://www.forbes.com/pictures/gdfd45efkm/put-a-google-alert-on-your-name/

Security Audits and Assessments

May 17th, 2013 | Business Security, Security | Comments Off on Security Audits and Assessments

Surveillance camera monitoring station.

Jennings Smith Associates provides comprehensive physical facility security audit and assessment services conducted by local, licensed and highly credentialed security professionals in New York, New Jersey, Connecticut and throughout the United States.

Our experts utilize proven facility audit tools in reviewing your organization’s ability to react and respond to site-based emergencies. These audits and assessments result in identification of deficiencies of physical security and safety issues so that a systematic approach to resolving the deficiencies may be implemented on a priority basis.
We provide broad-based training to support an overall safety, security and emergency management program. Our instructors are exceptionally effective and well credentialed with certifications from ASIS and a host of other Professional Certification boards and organizations. Our training modules range from Crisis Management Planning and Implementation and mandated Workplace Violence training to basic Personal Employee Safety courses.

We are aware that the end-to-end security audit and assessment is not an endeavor that any executive, business owner or IT manager looks forward to. However, it is also absolutely essential in order to properly ensure that any business is complaint with State and Federal workplace safety and security statutes.

You've got questions. We've got answers. Call 1-866-629-3757 to speak to a private investigator or security consulant.Jennings Smith conducts vulnerability surveys in a number of critical business areas: including, but not limited to visitor management, cyber and IT operations, transportation and shipping, site-based security force deployment, mail and package handling, access and identification security. We conduct the most comprehensive examination of all security protocols and procedures currently adopted in the company’s Emergency Operations Plan to determine if your business is compliant with OSHA and NFPA regulations.

While we do address physical safety issues and respond to site-based emergencies, our security audits have adapted with the evolving needs of businesses to protect against risk and respond and react to protect its people and property. With increasing threats to seemingly secure company data, Jennings Smith Associates prioritizes business-information security. Through our security audits, JSA uses long-lived investigative techniques as well as the most advance investigative tools to uncover any weaknesses that exist in your business’s information technologies, security strategies, employees and other critical areas. This thorough assessment will ultimately help you find and implement more efficient ways to protect your confidential company information. It will also better educate your business on the importance of better security, safety, and emergency management, the function and processes of the recommended technologies, and the actual deployment and maintenance of specific security systems.

Security Audit Practices

Jennings Smith Associates provides industry aligned audit and assessment tools and best practices to gain the most comprehensive examination of your business’s current security and safety program. JSA does not limit itself to vulnerability scans, or to the calculated examination of operating systems and high tech security settings. Our team conducts one-on-one interviews of personnel as well as in-depth research of the company’s historical incident and loss reporting. Evaluation of current security policies and procedures is also highly prioritized in our audit practices. After assessment of a company’s current security and safety EOP program, our team determines its overall effectiveness in facing ongoing and future threats.

Aftermath of a JSA Security Audit and Assessment

Upon the conclusion of our security audit and assessment, our team of experts brief key stakeholders in your organization on our findings and recommendations for remediating any noted deficiencies. We then provide your organization with a clear step-by-step process to mitigate the deficiencies by use of a prioritize tasking system. Jennings Smith Associates will take you through each step in order to implement the most cost effective changes. The JSA security audit and assessment will fully evaluate your security strategies and practices, and make all changes necessary in order to ensure compliance with Federal and State statutes and regulations. Our process ends when we have established a foundation of constant preparedness for your business that will allow it to preclude and or prevent any threats to your company’s employees, facilities and assets.

For a free security consultation call 866-629-3757, or visit the Contact Us page. We look forward to hearing from you.

Executive Protection and Personal Security Services

May 17th, 2013 | Business Security, Security | Comments Off on Executive Protection and Personal Security Services

JSA personal security services photo.

Jennings Smith Associates: Your Personal Security Team

Today we live in a time when we all need to be aware of our personal security, whether at work, at home, or while enjoying vacation time with our loved ones. Truth be known, even the best security systems cannot entirely protect us from a determined criminal. We must therefore develop personal security plans to preclude or prevent being victimized by those who intend to do us harm. Calling 911 is not a plan, but a call for help in an emergency situation. Depending on any number of factors, it could take the police several minutes or longer to respond to a call or an alarm.

Our team of experienced, highly qualified and credentialed security consultants at Jennings Smith Associates can provide a certifiably effective risk analysis and assessment to determine your specific vulnerabilities. Based on our assessment, a Personal Security Plan is developed to mitigate identified threats, and protective protocols and procedures are recommended to address each client’s specific safety and security needs.

You've got questions. We've got answers. Call 1-866-629-3757 to speak to a private investigator or security consulant.
Our strategy is not simply to act as a “bodyguard” service for you and your family. Rather than solely responding to threats as they present themselves, our focus to deter and reduce all potential threats before they are ever realized. This requires an extreme amount of foresight, which is a quality that our seasoned professionals have skillfully developed through over three decades of experience in personal security and executive protection.

Our team specializes in advanced planning and preparation, and has various internal connections with local authorities, allowing us to be in close and constant communication with law enforcement agencies whether at work, at home or while traveling. Jennings Smith Associates possesses all the skills necessary to provide you, your company, and your family with a team of skilled operatives to develop and execute a plan for protective services.

When would you want to seek personal security services?

There will inevitably be occasions when you desire additional protection, whether at work, at home, or to protect your family. Below is a list of instances in which it would certainly behoove you to seek professional protection:

  • You are about to terminate a difficult, unproductive or unstable employee
  • You feel the need to insure employee safety during trying times
  • You are directly or indirectly receiving criticism from a disgruntled employee or former employee
  • You have been victimized or harassed by a 3rd party
  • You have been a victim of stalking or other types of surveillance by a known or unknown individual
  • You simply desire peace of mind when you have that “gut feeling” that you may be in danger
  • You are leaving town on a business trip and want to insure the safety of your family while you’re away
  • You are having a special event at your home or other location and want to insure and protect the privacy of you and your guests
  • To insure that your home and valuables are safe during your absence
  • You are a high-profile figure, or a relative of a high-profile figure (e.g. corporate CEO, CFO, high-profile athlete or celebrity, radio or television personality, a high net-worth individual, etc.)

If any of these scenarios apply to yourself or your family, the answer may be an armed or unarmed Personal Security Detail. Jennings Smith Associates comprises a national network of experienced and certified security professionals that will meet your needs in providing well-qualified and trained security personnel for either short- or long-term assignments.

If you have any questions about our Executive Protection and Personal Security Services, call Jennings Smith Associates toll-free today at 866-629-3757 or contact us online for a free consultation. We look forward to hearing from you.

3 Strategies for Dealing With a Social Media Disaster

April 30th, 2013 | Business Security, Privacy | 0 Comments

Almost every business nowadays have a Facebook page, Twitter account, YouTube Channel, and more which is great for marketing, but you need to be extremely cautious when you put out all that information about your business.

Social Media Disaster

Some companies choose to hire someone in-house to manage their digital marketing and others choose to outsource their digital marketing to a firm or contractor externally, but the truth is, you need to be precautious no matter what. Check out our three highly recommended strategies for dealing with social media:

Watch Employee Behavior

When you handing off content management to another person either in-house or externally, you need to be extremely careful. You need to ensure that the person is responsible enough to produce valuable and appropriate content. Social media is great for building up a positive reputation, but when things go wrong, social media can also ruin a reputation very easily, so you’ll want to ensure the person is able to positively build your reputation.

Watch Legalities

Social media networks are a great way to introduce great new offers, deals, coupons, and more, but if you happen to have one slight glitch in your deal or offer, it could cost you. Unfortunately many businesses find themselves caught up in this mess of “false advertising” and although it’s almost always unintentional on the business’s side, it opens a legal gateway for consumers to get their revenge. So just ensure you cover ALL legal aspects when offering a deal, coupon, or offer.

Keep Security Up – to-Date

You might think “What does this have to do with social media?” – but it greatly impacts your social media security. If you accidentally allow your computer security get out-of-date and therefore, have ineffective security on your computer system, it opens a gateway to ALL of your usernames and passwords. We had one case where a business simply forgot that their computer system’s security had expired, and their Twitter login credentials were stolen – this resulted in someone beginning to post extremely inappropriate tweets which greatly damaged the companies reputation when their over 10,000 followers saw these inappropriate tweets. So ensure ALL security is always up-to-date.

Don’t forget to visit our website at JenningsSmith.com and follow us on Twitter @JenningsSmith

  • Jennings Smith Associates Professional Certifications

    • Professional Certified Investigator (PCI), ASIS International
    • Certified Protection Professional (CPP), ASIS International
    • Physical Security Professional (PSP), ASIS International
    • Certified Homeland Security Level 5 (CHS-V), American Board for Certification in Homeland Security
    • Certified Business Continuity Professional (CBCP), Disaster Recovery Institute International
    • Certified Healthcare Safety Professional (CHSP), Board of Certified Hazard Control Management
    • Certified Healthcare Emergency Professional (CHEP), Board of Certified Hazard Control Management
    • Certified Safety & Health Manager (CSHM), Institute for Safety and Health Management
    • Certified Hazard Control Manager (CHCM), Board of Certified Hazard Control Management
    • Certified Forensic Consultant (CFC), American College of Forensic Examiners International

    Certifications Continued

  • NEW SERVICE OFFERING

    Cyber Forensic Investigations

    JSA's cybersecurity experts are ready to assist you with a complete array of cybercrime protection, data recovery, and evidence collection services. Cyber forensic Investigations include: unauthorized data access; PII (personal identifiable information) exposure; IP (intellectual property/proprietary information) theft; employee social media/email/messaging abuse; ransomware data corruption; and more.

    Cyber Forensics Continued

  • Share

    Share
  • Major Credit Cards Accepted