Risk Management Associates, Inc. Investigation » Risk Management Associates, Inc.

Where’s Your Wallet?

Posted on 31, May | Posted by Kevin M. McQuade, CPP

wallet Identity theft is talked about constantly, and when it happens to someone, their response is normally “I don’t know how this happened to me”. Sometimes it is just too easy.

On a recent business trip – to a security conference no less – as we walked into a restaurant for breakfast we passed an empty booth with no one close to it. In the booth was a woman’s purse, open and just waiting to be taken.

Shortly after that, we boarded the bus that transports us to the security conference. When I took my seat, I looked over to the seat beside me. There was a man’s wallet just lying on the seat next to his backpack. The owner of these items – who works for a large security integration company – was sitting in the seat in front of his belongings. It would have been very easy to take either the wallet or the bag without his knowledge.

Maybe because this was a bus full of security professionals going to a security conference, this individual thought he was safe. He was this time, but he may not be the next time.

Let’s not make it any easier for those who insist on stealing your identity. Keep your purse, wallet, credit cards, and other items secured at all times and not left for someone to take.

No Full Names Please

Posted on 3, May | Posted by Tasha D. Dyson

We have a client (let’s call them Sub) who is obtaining criminal history information as part of their compliance to another company (let’s call them Prime). Prime states that Sub should “Provide a criminal record check with the applicant’s full legal name.” Sub contracted with RMA to provide that information.

When we search, we don’t limit our results to the full legal name. Here’s our standard process:

We search using the first name and last name. When we see a matching date of birth, we look more closely.
We search using first name, last name, and middle initial. When we see a matching date of birth, we look more closely.
We also search for previous names (if we know them) such as maiden names or previous married names.
When we find a potential match, we then start looking at other information such as address, full or partial SSN, or driver’s license number.
If a record matches on three or more pieces of known information, we report it.

Sub, our client, submitted the information to Prime, but the results were rejected because the search did not use “the applicant’s full legal name.”

Here’s the problem: When you limit the search to a subject’s full legal name, you will probably miss matching records.

Let’s say your subject is Katherine Marie Petersen, and her maiden name is Saunders. Using the records from NC Administrative Office of the Courts as an example, records matching your subject could be listed as:

Petersen, Katherine
Petersen, Katherine, M
Petersen, Katherine, Marie
Petersen, Katherine, S
Petersen, Katherine, Saunders
Saunders, Katherine
Saunders, Katherine, M
Saunders, Katherine, Marie

In addition, there could be matching records based on misspellings or abbreviations, such as:

Peterson for Petersen
Sanders for Saunders
Mary for Marie
Kathy, Kath, or Kat for Katherine

The information contained in the record depends on how it was originally entered by the officer or the clerk. In general, the older the record, the more likely it is to be inaccurate or incomplete.

The whole point is to be as accurate as possible about the applicant’s criminal history. This requires widening our search possibilities, including searching maiden names and previous married names, not just the “full legal name.”

Marty Coolidge Named Investigations Manager

Posted on 29, Apr | Posted by RMA

RMA is pleased to announce that Martin F. Coolidge has been named Investigations Manager.

Marty comes from a 26 year law enforcement and security operations and management career with the skills learned from operations, supervising and executive management. Marty has been a security consultant and investigator for Risk Management Associates, Inc since 2009.

Marty’s expertise includes high risk terminations, project management, personal protection assessment and operations, operational security analyses, interviewing and statements, policy and procedure analysis and development, and submission of detailed project and investigative reports. He teaches PPSB-approved training courses to security personnel and private investigators.

Marty is a former Under-Sheriff, County Police Captain and Police Instructor. As Captain, he supervised a County Police Force, a Criminal Investigations Division, a multi-jurisdictional Drug Enforcement Task Force and a Collision Reconstruction Unit. As Under-Sheriff, Marty was second in command of a busy upstate NY Sheriff’s Office and directed the activities of a correctional facility, police division, courthouse and government offices security detail, civil division and E911 emergency communications division.

RMA Presents Continuing Education Training

Posted on 15, Apr | Posted by RMA

RMA presented six hours of training to students in Raleigh, NC. Rusty Gilmore provided training on Computer Forensics. Billy Green presented A Pragmatic Approach to the Terrorist Threat. Tasha Dyson taught a course on Report Writing and Documentation. Mike Epperly provided information on Legal Issues for Private Investigators.

Each of these classes is new or has been updated in 2013. All classes have been approved for credit through PPSB.

Effective January 1, 2012, all PPSB license holders must have completed 12 hours of approved continuing education credit to qualify for license renewal. RMA has developed training programs that are relevant to practice as a private investigator and protection and security professional and is offering these in one-day seminars. Our goal is to provide opportunities for licensees to obtain the required CEU’s and to provide interesting and relevant instruction on protection and investigative topics. The next training sessions will be held on June 10 in Raleigh, NC. Students can register and pay online on the Continuing Education page of our website.

Social Engineering

Posted on 30, Jan | Posted by Christine L. Peterson, CPP, ISP

intruder In the last 30 days, a single individual in the Raleigh/Durham area has managed to bypass the security protocols at two area companies and two government facilities. (Read more about that here.) Recently, I attended an invitation-only business reception at a local restaurant when an uninvited guest joined the group and began networking when she clearly did not belong. In both cases the individuals were successful in penetrating the closed spaces by acting like they belonged until such time that it was realized that they did not.

We are not talking about facilities that don’t understand the principles of security, a comprehensive security program, or layers of security. They get it, and they have solid security programs and protocols. How could this happen, and how can we stop it from happening again?

Answering these questions and addressing the conflicting forces in the workplace that lead to security breaches of this type requires an understanding of human nature and the laws of complacency and diminishing returns. First we need to begin with Billy Green’s Security 101 lesson that does such a good job describing the concept of security. Security is protection from injury or loss caused by the deliberate actions of people. It all boils down to people and intent, and this is true whether we are talking about physical security or cyber security. In these recent events, there was a motivated person who wanted something (physical asset, intelligence, electronic assets, damage to reputation) and believed he had a good chance at being successful in attaining it without negative consequences.

What he wanted is irrelevant, and we should instead focus on how access was obtained in order to identify vulnerabilities and anticipate future events.

According to the Information Bulletin put out by the North Carolina Information Sharing and Analysis Center (NC ISAAC), the individual was confronted by security and escorted off the premises. In addition it is believed that the individual either entered a door by following closely behind an employee of the company/agency who had the appropriate access (piggy-backing) or used social engineering techniques to gain entry into areas that were controlled spaces.

Social engineering is the art of manipulating people into performing actions or divulging confidential, sensitive, or controlled information. In the workplace it is a method of trickery or deception for the purpose of gathering information, committing fraud, or gaining access to computer systems or other assets. The effective social engineer is an astute student of human nature and adapts to the environment to develop a level of trust and capitalize on human vulnerabilities and nature. (Source: Wikipedia)

None of us is completely immune to social engineering because as human beings we tend respond to stimuli in predictable ways depending on our age, experience, training, and other characteristics, and that is what the social engineer is counting on. In addition, the social engineer is most successful if they are adept at changing their manner and demeanor based on the situation. Studies show that a female voice is more effective in generating information from men, and a young inexperienced employee will be more responsive to someone who appears to have authority. How someone dresses, how they behave, what accessories or equipment they carry – all of these non-verbal features affect the response a social engineer is going to get.

assorted badges The ability of an employee to easily separate those who belong within the work environment and those who don’t is a powerful tool to counter the attempts by an outsider. If only visitors wear identification badges, they can “become” an employee simply by removing their badge. If contractors are not required to wear badges, someone just needs to look like a contractor to easily blend in with the population.

The social engineer will use their persuasive skills to convince someone to give them what they want. The same traits that you may value in your employees are tools for the social engineer including:

Good customer service and helpful responses
Belief that most people are good and are looking for good
Fear of being made to look foolish or the desire to belong
Efficient, bypassing security protocols to get more done faster
Assumption that everyone thinks like I do (if I obey the rules than everyone else will too)

Effective social engineering countermeasures begin with first understanding human nature and how the law of diminishing returns will affect your employees’ responses to security events. Over time, human beings who have been oriented or trained in certain concepts or expectations will reach a certain level of performance followed by a decline in effectiveness or an increase in complacency.

In order for a company to have a chance of protecting critical assets, security awareness training and reinforcement needs to be continual process.

George Bernard Shaw once said that “The single biggest problem in communication is the illusion that it has taken place.” It is not reasonable to expect that employees will understand their responsibilities as they pertain to company assets based on a single briefing on security at orientation. Security programs protect the reputation, people, and hard and soft assets of the company that provide the income generation for the business to exist.

Has your management communicated to its stakeholders that the security program exists to protect them and the company’s ability to compete?

Employees expect there to be a method to lock their office, suite, or building. Other security tools such as lighting, cameras, and access control devices are the norm in today’s workplace and are elements of a comprehensive security program.

Do your employees recognize that they play a key role in the company’s security program and their own protection? Or do they view security as a game that someone came up with to make their job more difficult?

The security breaches described in this article were recognized by quick acting people who understood their responsibilities in the protection of the assets. Some of them were security professionals but in most cases of social engineering, it will not be your security employees who are approached by someone trying to elicit information. The employee who will “give away the farm” in most cases will be someone who is trying to do a really good job for the company by providing information or a good customer experience, responding to a command, enhancing their value, or looking for a way to move up in the organization by helping someone out. The moral of this story is security is everyone’s business. Good security begins with understanding what the company’s assets are and sharing the responsibilities for protecting them with all the stakeholders through awareness, training, responsibility, and accountability.

Check Their References

Posted on 10, Jan | Posted by Tasha D. Dyson

application I was working on a background investigation for a client recently, and I was reminded of a valuable lesson. (By the way, names and identifying information have been edited in this story, but the circumstances and situations have not.) When we verify employment, normally companies only provide dates of employment and position held. Sometimes companies will tell you whether the applicant would be eligible for rehire, but some companies prohibit releasing this information.

The applicant is seeking a professional, white-collar position. On the face of it, he seems to be a “stand-up” guy. He speaks well and presents a good image. His résumé says all the right things. He listed his previous employer on his application and indicated that his previous employer could be contacted as a reference. He even listed his previous employer as an additional professional reference.

Would you hire him, or would you want to know more?

The applicant listed three former employers. The most recent employer was a small business, so when I called to get information, I was directed to Mr. Smith. Mr. Smith is one of the owners of the business, and he was also the former direct supervisor of the applicant. I asked him to confirm dates of employment and job title, and the information matched what the applicant had provided.

When I asked if the applicant would be eligible for rehire, Mr. Smith said, “Not a chance in hell.”

When asked for a reason, Mr. Smith said, “Sucked. Lied – lied about his abilities.” When asked if he wanted to provide additional detail, Mr. Smith said, “I can’t without cursing and getting really angry.”

This is why we check references.

What is Sextortion?

Posted on 19, Nov | Posted by Michael R. Longmire, MPA

text conversation Sextortion refers to the category of sexual exploitation in which threatened release of sexual images or information is the means of coercion (Source: Wikipedia).

In recent months, we have been hired to assist clients who have made the mistake of hitting the send button and wishing there was some way to “get that photo back.” These cases normally involve men who for one reason or another engage in progressively suggestive text messaging or other digital communications with someone they believe to be an interested female, only later to find themselves paying to keep the communications from being circulated on the Internet or to friends and family members.

Typically, there is no actual intimate contact, and the request for money starts with a small loan sent through a coded Western Union payment. These amounts incrementally increase, as do the threats to expose the client’s indiscretions if the demands for payment are not met.

Federal and local law enforcement report an alarming increase in these criminal extortion cases, but find the victims unwilling to pursue criminal charges. More alarming are those cases where the victims are minors enticed in to actual sexual encounters with a pedophile who threaten them after posing as a peer interested in exchanging photos.

Successful investigations require the use of computer forensics, intelligence gathering, surveillance, and effective interviewing skills… and the greed of the suspect who will continue the sextortion until deterred.

Employment Law: Can You Police Social Media?

Posted on 23, Oct | Posted by RMA

Guest blogger Mimi Soule specializes in employment law at the Soule Law Firm in Raleigh, North Carolina. This article was originally published on the website of Forrest Firm.

Lately, the National Labor Relations Board (NLRB) is taking a particularly active interest in employer polices regarding social media.

For those of us living and working in a Right-to-Work state like North Carolina (meaning that employees are not obligated to become members of a union organized in their workplace) where union activity may not be an everyday occurrence, the NLRB is not a familiar regulating administrative body. First and foremost, it is important for business owners to understand that, in general, the NLRB has the authority to regulate private-sector employers—with or without a union—with respect to matters directly or indirectly involving their employees’ right to form a union or discuss the formation of a union.

What does this have to do with an employer’s social media policy you ask? As you have likely read in the news, the NLRB recently issued several decisions citing employers for having overly-broad social media policies, which the NLRB feels restricted employees’ rights to discuss their working conditions—a right protected by federal law and which the NLRB feels unreasonably restricts employees’ ability to discuss the potential formation of a union.

Given these recent NLRB decisions, many employers felt that they were now prohibited from having a social media policy. This just isn’t accurate. Social media policies are indeed lawful; however, because of the recent NLRB decisions, the details of what an employer could regulate within its policy were anything, but clear.

So, what exactly can an employer regulate?

On May 30, 2012, the NLRB issued an Operations Management Memo that provided a summary of its recent decisions regarding social media policies, and, most importantly, at the end of the Memo, the NLRB provided a sample policy that it deemed lawful. A copy of the Operations Management Memo, dated May 30, 2012, is located on the NLRB website (http://www.nlrb.gov/news/acting-general-counsel-releases-report-employer-social-media-policies). Although the NLRB sample policy does not clarify all substantive matters, it does provide some additional and helpful guidance for employers:

Employers can continue to prohibit employees from posting information regarding an employer’s private, confidential information and trade secrets as well as confidential internal communications, such as business reports, policies and procedures.
Employers can prohibit their employees from representing in a post that they speak on behalf of the company. Employees can only express their own personal opinions.
Employers can require that employees be respectful, fair and courteous and to avoid posting statements that “could be viewed as malicious, obscene, threatening or intimidating, that disparage customers, members, associates or suppliers, or that might constitute harassment or bullying.”
Employers can require that employees be honest and accurate in their posts, to correct any known mistakes quickly, and never to post any information or rumors that the employee knows to be false about the company, any associates, members, customers, suppliers or competitors.
Employers can prohibit employees from posting comments that constitute “discriminatory remarks, harassment, and threats of violence or similar inappropriate or unlawful conduct.”
Employers can prohibit employees from using social media while at work or with employer-owned equipment.

For more information on this topic, please feel free to contact Mimi at msoule@soulelawfirm.com.

Mimi Soule is an established management counselor at Soule Law Firm in Raleigh, NC. She focuses her practice on assisting businesses with federal and state employment law compliance in an effort to mitigate litigation risks. Through her partnership with the Forrest Firm, Mimi advises our corporate clients on a host of employment relationship matters, including wage and hour compliance, family and medical leave, independent contractor classifications, handbook policies, effective hiring, firing and disciplinary procedures, and employment, release and non-compete agreements.

Mimi earned a bachelor’s degree in business from Wake Forest University, followed by her juris doctor degree at the Boston University School of Law.

Massachusetts Lab Scandal

Posted on 12, Oct | Posted by Christine L. Peterson, CPP, ISP

Honesty On Saturday, September 29, 2012, the News and Observer covered the story of Annie Dookhan, a chemist at a Massachusetts drug lab. This story underscores some of the devastation that can result when an organization doesn’t follow basic security principles which require both screening and guardianship. The lack of screening and guardianship at the Massachusetts state drug lab has already resulted in the arrest of Ms. Dookhan, the resignation of the state’s public health commissioner, the potential incarceration of innocent victims, and a political and law enforcement nightmare. As this case moves forward, Massachusetts will spend millions of dollars in investigative costs and reparations, and there is the potential for criminals to be freed due to the actions of Ms. Dookhan. Massachusetts Attorney General Martha Coakley said “Annie Dookhan’s alleged actions corrupted the integrity of the entire criminal justice system.” That is an understatement.

Now I understand that the information in the media is just the tip of the proverbial iceberg, but what can we learn from the surface details that might have prevented this disaster?

Lesson #1: The importance of thorough background screening cannot be overstated.

Two opportunities are often missed. First, was there a pre-employment system in place to verify information that was provided by the applicant and to look for omissions? It has been reported that the organization believed Ms. Dookhan had an advanced degree but she did not. Did anyone verify this information?

Second, did the agency have in place a system in place to verify information that would have a direct bearing on an employee’s position or fiduciary responsibilities post-employment? Life does not end when employment begins. People grow, they change, and circumstances change. Life happens. Employees being promoted or given a change in status should also have an updated background investigation.

Lesson #2: Remember the 10-10-80 rule for fraud.

The general rule of thumb in fraud investigations is that 10% of people would commit fraud at any opportunity, 10% of people would not commit fraud no matter the circumstances, and 80% of people can be swayed one way or the other based on circumstances and conditions. According to the News and Observer story, the only motive that authorities have found so far is the desire of Ms. Dookhan to be viewed as a good worker. Was she part of the 10% or 80%? She’s probably part of the 80% who make decisions based on outside forces which are relative to that person’s situation.

Protection of agency or company assets requires guardianship in the form of oversight. What kinds of protocols in the form of policies and procedures were in place to keep this from happening? Is the same kind of thing happening with other chemists at the agency? Did she work in a bubble with no protocols or collaboration? Did she have no supervision? Were there no quality controls in place?

This article should be an “a-ha moment” for all of us in business, public or private. This is a classic example of a motivated person seeing an opportunity to gain position and presteige within an organization by manipulating the facts. The result is fraudulent information, destroyed lives, damaged careers, sullied reputations, and millions of tax and insurance dollars.

Front Page News for All the Wrong Reasons

Posted on 15, Aug | Posted by RMA

Workplace Violence Headline Over the last couple weeks we have had too many examples of workplace violence and the devastation and the long-term impact it has on the business and the community. As security consultants, we partner with clients to protect their assets, and two of the most critical assets that any company has are its people and its reputation/brand. With that said, there is no crystal ball or magic pill that will allow us to predict these events with any certainty, but there are steps that every company can take to protect itself and its employees from becoming front page news for all the wrong reasons.

As employers, we all know the realities of the economic recession that has gripped the US and global markets since 2008 with a resulting decline in GDP growth, record high unemployment, and the bursting of the housing market bubble. Since 2008 many businesses have prospered, but times have been tough. At the same time, the technological revolution has created opportunities and changes in the workplace at an exponential pace, just as the industrial revolution changed the world. Lastly we have been at war for ten years on multiple fronts. That has required the deployment of men and women in the military and a heavy reliance on our employees who serve in the National Guard.

How does this affect our current and future employees and the decisions they make in and out of the workplace? What are the risks to your workplace that an employee will reach a “tipping point” that will lead to violence? I believe that in every organization there will be some employees who are more impacted by these and other stressors in their daily lives. Since “suffering is almost always a consequence of trauma” (Facilitating Posttraumatic Growth: A Clinician’s Guide) and a person may have experienced major problems before the current crisis, we must be prepared for reactions ranging from raw to numb.

Part of the challenge of dealing with people in crisis is recognizing that they may have overwhelming physical and emotional reactions to their challenging circumstances. We are accustomed to people getting mad or crying when life throws them a curve ball. What we aren’t used to are some of the more severe reactions which can wreak havoc in a workplace.

In After the Shock: A Survivor’s Guide to Tough Times, Becky Sansbury lists many ways that crisis can manifest itself in people’s lives. Here are a few:

• Lack of focus or concentration
• Extremes of blaming others completely or “collapsing” under total guilt
• Headaches – mild to severe
• Ego sensitivity – feeling attacked, misunderstood; need to defend self
• Distrust of self and/or others
• Overarching need for sense of control, stability or normality

The point is that we are all influenced by our environment and that can be reflected in the workplace positively and negatively. Education and communication is critical component of life and business. For example if asked, most people consider workplace violence to be a disgruntled person with a gun. The National Institute for Occupational Safety and Health (NIOSH) defines workplace violence as “violent acts (including physical assaults and threats of assaults) directed toward persons at work or on duty” (DHHS (NIOSH) Publication Number 2002-101) Workplace violence acts are violent acts or threats of acts directed at employees by other employees, family members of employees, customers of the business or organization, and random outsiders. The Occupational Safety and Health Act of 1970 mandates that all employers have a general duty to provide their employees with a workplace free from recognized hazards likely to cause death or serious physical harm (OSHA 3148-01R 2004). Whether violence comes from someone known or unknown, education and communication can make all the difference in your business and for your employees.

Security is the protection of one’s assets from intentional actions of people with the intent of inflicting harm or damage. Protection of critical assets requires an integrated program that includes the people, processes, and technology. In the case of workplace violence, the first step is a written zero-tolerance policy that is effectively communicated using the organization’s website, signage, orientation, and on-going training. Communication is the key to an effective workplace violence program. Supervisors have the most direct contact with employees, so they should receive additional awareness training that focuses on communication and recognizing the signs that an employee is at risk due to internal or external stresses. Employees need to have a confidential method for reporting concerns and should be encouraged to do so if they feel that an employee is dealing with stressors that could negatively affect their decision making or are talking about doing harm to people, property, and/or themselves. Supervisors and managers need to have the necessary tools to evaluate and address valid concerns.

The second line of defense from an incidence of workplace violence is a pre-employment background screening program. In other words, don’t hire employees who have a history of violent behavior. This requires a background screening process that goes beyond criminal records checks and looks at the candidate’s character and reputation. Many companies are reluctant to share much information but will often verify employment dates and sometimes will state whether the employee is eligible to be rehired. Employers should try to talk with former supervisors where possible and definitely with references provided by the candidate and those developed during the background inquiry. Remember, people will omit negative information before they lie. Applications should be required for all positions and should only be accepted when complexly filled out. Applications should require a signature from the applicant stating that the statements are complete and truthful. All information on the application should be independently verified.

It is important to remember that even if a company does everything right with respect to per-employment screening, there are times when good people make bad decisions. Life is complicated, both inside and outside the workplace. Statistics suggest that 50% of all marriages end in divorce. Drugs, alcohol, and stress change the way that humans respond to their surroundings. Personal failures, professional failures, health concerns, money issues, and perceived expectations are all stressors – and the list goes on and on. If one in four women will be the victim of domestic violence in her lifetime, the opportunity for domestic violence to impact the workplace is a real threat. People who commit violent acts do so for a wide range of reasons. For some it may seen as the only way out or as an opportunity to become famous (or infamous). Some people seek a way to draw attention to a personal problem, to correct a perceived wrong, or to end personal pain. The challenge is to recognize the signs and respond with solutions that mitigate the risk and potential harm and disruption in the productive workplace.

As a security professional, when we look at a facility or a campus, we want to know how people get in, how they get out, and how they know who belongs and who doesn’t belong. This is important to the protection of all assets whether they are talent, physical or intellectual property, visitors/guests, processes/equipment, or brand. The more valuable the asset is to the business, the more layers of security it should have around it in the form of people, processes, and technology. In preventing workplace violence incidents, the critical areas that every business should evaluate are access control, communication, and the responses management expects employees to take prior to and during an event. Does the company have an emergency management and response plan? Have the plans been tested? Real life events are not the time to learn that the plan does not work well enough to protect life and property in the workplace. Have you built relationships with the local law enforcement and emergency responders that you will be depending on for in a workplace event?

Companies should organize a threat assessment team that includes supervisors and other company professionals (HR, General Counsel, Security, etc.). This provides the means and expertise to evaluate concerns and respond to them in a deliberate way instead of with a reactive “knee jerk” response that may be ineffective or ill advised. This team would be responsible for identifying people who may be at risk and determining what steps – if any – the company should take with respect to the threat. The response could include but not be limited to counseling, training, job change, schedule change, or referral to an employee assistance program (EAP).

Life’s challenges affect everyone differently, and none of us are immune. With adequate support and enough time, most employees who are going experiencing trauma and crisis will weather the storm. It is important to remember that as the world changes, people change. Their circumstances and pressure change but their ability to cope and respond may also change.

Statistically, we know that some businesses have a higher probability of workplace violence events. According to most sources, taxicabs drivers, law enforcement officers, gas station workers, and security guards are at the greatest risk of workplace homicide. The vast majority of workplace violence events will be violent non-fatal assaults. Nearly half of them will be directed at health care, social services, and related occupations. With an enforced zero-tolerance policy, effective communications and training, and appropriate support and controls in place, most businesses will never have to deal with a workplace violence event. The criticality or effect that a workplace violence event has on a company, employees, families, brand, and community is difficult to overstate. Most of us can name several incidents in recent history at a variety of workplaces. Protect your employees, business, and brand by putting in place a workplace violence program that is the right mix of people, processes and technology.

« Older entries

Investigation - Risk Management Associates, Inc.