RMA Presents PI 230 and PI 240 Training

Posted on 11, Dec | Posted by RMA

RMA presented two days of training to over twenty students in Raleigh, NC.

PI 230 was presented on Monday, December 10. Mike Epperly provided information on Legal Issues for Private Investigators. Marty Coolidge taught a course on Executive Protection. Billy Green presented Elements of Physical Security.

PI 240 was presented on Tuesday, December 11. Rusty Gilmore provided training on Computer Forensics for Investigators. Mike Epperly presented Compliance and Ethics II. Billy Green instructed students on Planning for Catastrophic Emergencies.

Effective January 1, 2012, all PPSB license holders must have completed 12 hours of approved continuing education credit to qualify for license renewal. RMA has developed training programs that are relevant to practice as a private investigator and protection and security professional and is offering these in one-day seminars across the state. Our goal is to provide opportunities for licensees to obtain the required CEU’s and to provide interesting and relevant instruction on protection and investigative topics. The next training sessions will be held on November 14 and 15 in Raleigh, NC. Students can register and pay online on the Continuing Education page of our website.

Continue reading

Employment Law: Can You Police Social Media?

Posted on 23, Oct | Posted by RMA

social mediaGuest blogger Mimi Soule specializes in employment law at the Soule Law Firm in Raleigh, North Carolina. This article was originally published on the website of Forrest Firm.

Lately, the National Labor Relations Board (NLRB) is taking a particularly active interest in employer polices regarding social media.

For those of us living and working in a Right-to-Work state like North Carolina (meaning that employees are not obligated to become members of a union organized in their workplace) where union activity may not be an everyday occurrence, the NLRB is not a familiar regulating administrative body. First and foremost, it is important for business owners to understand that, in general, the NLRB has the authority to regulate private-sector employers—with or without a union—with respect to matters directly or indirectly involving their employees’ right to form a union or discuss the formation of a union.

What does this have to do with an employer’s social media policy you ask? As you have likely read in the news, the NLRB recently issued several decisions citing employers for having overly-broad social media policies, which the NLRB feels restricted employees’ rights to discuss their working conditions—a right protected by federal law and which the NLRB feels unreasonably restricts employees’ ability to discuss the potential formation of a union.

Given these recent NLRB decisions, many employers felt that they were now prohibited from having a social media policy. This just isn’t accurate. Social media policies are indeed lawful; however, because of the recent NLRB decisions, the details of what an employer could regulate within its policy were anything, but clear.

So, what exactly can an employer regulate?

On May 30, 2012, the NLRB issued an Operations Management Memo that provided a summary of its recent decisions regarding social media policies, and, most importantly, at the end of the Memo, the NLRB provided a sample policy that it deemed lawful. A copy of the Operations Management Memo, dated May 30, 2012, is located on the NLRB website (http://www.nlrb.gov/news/acting-general-counsel-releases-report-employer-social-media-policies). Although the NLRB sample policy does not clarify all substantive matters, it does provide some additional and helpful guidance for employers:

  • Employers can continue to prohibit employees from posting information regarding an employer’s private, confidential information and trade secrets as well as confidential internal communications, such as business reports, policies and procedures.
  • Employers can prohibit their employees from representing in a post that they speak on behalf of the company. Employees can only express their own personal opinions.
  • Employers can require that employees be respectful, fair and courteous and to avoid posting statements that “could be viewed as malicious, obscene, threatening or intimidating, that disparage customers, members, associates or suppliers, or that might constitute harassment or bullying.”
  • Employers can require that employees be honest and accurate in their posts, to correct any known mistakes quickly, and never to post any information or rumors that the employee knows to be false about the company, any associates, members, customers, suppliers or competitors.
  • Employers can prohibit employees from posting comments that constitute “discriminatory remarks, harassment, and threats of violence or similar inappropriate or unlawful conduct.”
  • Employers can prohibit employees from using social media while at work or with employer-owned equipment.

For more information on this topic, please feel free to contact Mimi at msoule@soulelawfirm.com.

Mimi Soule is an established management counselor at Soule Law Firm in Raleigh, NC. She focuses her practice on assisting businesses with federal and state employment law compliance in an effort to mitigate litigation risks. Through her partnership with the Forrest Firm, Mimi advises our corporate clients on a host of employment relationship matters, including wage and hour compliance, family and medical leave, independent contractor classifications, handbook policies, effective hiring, firing and disciplinary procedures, and employment, release and non-compete agreements.

Mimi earned a bachelor’s degree in business from Wake Forest University, followed by her juris doctor degree at the Boston University School of Law.

Continue reading

Massachusetts Lab Scandal

Posted on 12, Oct | Posted by Christine L. Peterson, CPP, ISP

HonestyOn Saturday, September 29, 2012, the News and Observer covered the story of Annie Dookhan, a chemist at a Massachusetts drug lab. This story underscores some of the devastation that can result when an organization doesn’t follow basic security principles which require both screening and guardianship. The lack of screening and guardianship at the Massachusetts state drug lab has already resulted in the arrest of Ms. Dookhan, the resignation of the state’s public health commissioner, the potential incarceration of innocent victims, and a political and law enforcement nightmare. As this case moves forward, Massachusetts will spend millions of dollars in investigative costs and reparations, and there is the potential for criminals to be freed due to the actions of Ms. Dookhan. Massachusetts Attorney General Martha Coakley said “Annie Dookhan’s alleged actions corrupted the integrity of the entire criminal justice system.” That is an understatement.

Now I understand that the information in the media is just the tip of the proverbial iceberg, but what can we learn from the surface details that might have prevented this disaster?

Lesson #1: The importance of thorough background screening cannot be overstated.

Two opportunities are often missed. First, was there a pre-employment system in place to verify information that was provided by the applicant and to look for omissions? It has been reported that the organization believed Ms. Dookhan had an advanced degree but she did not. Did anyone verify this information?

Second, did the agency have in place a system in place to verify information that would have a direct bearing on an employee’s position or fiduciary responsibilities post-employment? Life does not end when employment begins. People grow, they change, and circumstances change. Life happens. Employees being promoted or given a change in status should also have an updated background investigation.

Lesson #2: Remember the 10-10-80 rule for fraud.

The general rule of thumb in fraud investigations is that 10% of people would commit fraud at any opportunity, 10% of people would not commit fraud no matter the circumstances, and 80% of people can be swayed one way or the other based on circumstances and conditions. According to the News and Observer story, the only motive that authorities have found so far is the desire of Ms. Dookhan to be viewed as a good worker. Was she part of the 10% or 80%? She’s probably part of the 80% who make decisions based on outside forces which are relative to that person’s situation.

Protection of agency or company assets requires guardianship in the form of oversight. What kinds of protocols in the form of policies and procedures were in place to keep this from happening? Is the same kind of thing happening with other chemists at the agency? Did she work in a bubble with no protocols or collaboration? Did she have no supervision? Were there no quality controls in place?

This article should be an “a-ha moment” for all of us in business, public or private. This is a classic example of a motivated person seeing an opportunity to gain position and presteige within an organization by manipulating the facts. The result is fraudulent information, destroyed lives, damaged careers, sullied reputations, and millions of tax and insurance dollars.

Continue reading

Keep pace with legal requirements as mobile devices inundate offices

Posted on 30, May | Posted by RMA

securing smartphonesBy Elizabeth Johnson
Originally published in Business North Carolina’s Law Journal, May 2012 issue

With 87% of employees confirming they use personal electronic devices for work, designing a workable “bring-your-own-device” program is probably overdue. BYOD is a tricky issue; 48% of companies claim they would never authorize employees to use personal devices for work, but 57% acknowledge that employees do it anyway. The wave of mobile devices has already flooded your offices. It’s time to figure out what to do about it.

Talent recruitment and cost concerns
Almost half of college students and young employees say they would accept lower pay in exchange for flexibility on device choice, social media and mobility, indicating it will be difficult to compete for new talent without adopting a BYOD policy. Your business may be able to save on device purchases and information technology support, but all that savings could be wiped away if a lost personal device results in a reportable security breach (average response cost is over $5 million) or if sanctions result because contents of the device are considered discoverable in litigation but cannot be produced.

Productivity and social media
Let’s be realistic: Your employees already use Facebook during work time, and blocking the site won’t help since we’ve already established that they use personal devices at work. Think of BYOD as a means to retrieve some of those lost hours. Seventy-two percent of employees regularly check their emails from personal devices outside normal business hours, and 42% check even when out sick.

If you enable BYOD, social media use may go up, but temper your zeal to prohibit or monitor that use. In recent years, employers have been repeatedly dinged by the National Labor Relations Board for overly broad social-media policies, were found liable for accessing employees’ social-media communication in unauthorized ways, and scaled back reviews of social-network sites due to Fair Credit Reporting Act liability. Employers should revisit their social-media policies to make sure they are not already running afoul of this rapidly evolving list of pitfalls.

Information security and compliance
Here are a few examples of the potential impact of BYOD on security and compliance:

  • Device loss or theft could result in a security breach that must be reported to regulators and affected individuals if personal information is involved and potentially to business partners if confidential information is involved. Loss of access credentials can jeopardize enterprise security.
  • Almost three-quarters of Americans report they have no malware protection on their mobile devices. You can almost hear data slithering off the devices.
  • Access controls are nonexistent or may be purposely defeated by employees who share their devices with their households.
  • Transmission security will be ad hoc or nonexistent if not provided by the enterprise. For health-care companies, financial institutions and other highly regulated industries, compliance challenges arise, such as encryption, access controls, authentication and password management.

Most of these controls are required even for less regulated industries, especially given the increased risks posed by BYOD.

Privacy concerns
Like it or not, employees have some privacy rights not impacted by your dusty old electronic-communications policy that undoubtedly warns they have no expectation of privacy when using your equipment. Although you can revise the scope for BYOD, your employee owns the device and is clearly entitled to make personal use of it. Similarly, that device essentially tracks their whereabouts 24/7 and reflects all manner of activities, such as websites visited, items purchased, books read, games played, photos taken, apps used and calls and messages sent and received. Your business needs to decide the extent to which it needs to know such information and plan accordingly.

e-Discovery and departing employees
Inevitably, if employees store work-related information locally, device retrieval may be necessary in legal discovery or when an employee leaves the company. For litigation, strict protocols providing for immediate preservation before employees modify or delete files are crucial. BYOD will add expense and delay to discovery and to the employee-departure process.

Get back in control
Having considered a variety of issues raised by an increasingly mobile workforce, let’s consider solutions that will put you back in control.

Security framework
Perhaps the greatest perils posed by BYOD are the security risks. There are several options to mitigate those risks, but some are better than others.

  • Good – device-level security. At minimum, require device-level security such as strong passwords, up-to-date malware protection, encryption, time-outs following inactivity and remote-wiping capabilities.
  • Better – mobile-device management. MDM essentially provides employees with a secure tether to the office from which they access resources remotely using an application on the device. MDM solutions improve upon simple reliance on device-level security by minimizing the risk of data loss and preserving data integrity and access control with containerized solutions.
  • Best – virtual-desktop infrastructure. With VDI, applications and data are stored centrally, unlike MDM where some data and apps live locally on the device. Maintaining secure access credentials and effective user authentication are paramount, but the device itself contains no work-related data to be lost or breached.

To determine which approach or mix of approaches is best, consider inventorying your business units, their activities and their use or proposed use of mobile devices. Units that need regular access to sensitive business or personal information and travel or work from home may warrant a more cautious approach.

Policy document
No matter how you address security, a written policy is needed to establish privacy boundaries and set security expectations. You also should review existing security policies to ensure you have not set contradictory requirements. Your social-media policy likely also deserves an update once BYOD is in place. Training and reminders are useful to help employees remember the requirements and risk and will help your organization establish legal compliance.

Terms of use
When your organization does not own user devices, strong and effective terms of use are necessary to preserve your rights. Key terms include the employee’s agreement to adhere to security requirements, immediately report potential breaches, submit to compliance audits and allow the employer to wipe the device without prior notice if the device poses a security threat to the organization.

These suggestions only temper the risks posed by BYOD. Ensuring that your organization is prepared to deal with worst-case scenarios, particularly security breaches, is still necessary. With careful planning and implementation, the gains inherent in BYOD should outweigh the risks.

Elizabeth Johnson’s practice in the Raleigh office of Poyner Spruill focuses on privacy, information security and records management. Her comprehensive, practical approach to privacy law is reflected by the diversity of her clients, which hail from a variety of industries including health care, financial services, insurance, retail, telecommunications, utility, technology, consumer goods and client services. She received her law degree from Duke University.

Continue reading

Yahoo chief executive Scott Thompson steps down

Posted on 15, May | Posted by Tasha D. Dyson

Based on experience with some of our clients, there seems to be an assumption that applicants for C-level positions are somehow immune from falsifying information and are above reproach. The assumption seems to be that since an applicant has worked at “Alpha Company”, there is no need for “Beta Company” to do a thorough background investigation. The faulty logic is that Alpha would not have hired him unless his background was clean, so Beta can rest assured.

Did anyone do a background investigation before hiring Mr. Thompson? Probably not. Mr. Thompson had previously worked at the executive or upper management level at Paypal, Inovant (a subsidiary of Visa), and Barclays Global Investors. Although the reasons for his departure also included a company in transition and possible health reasons, the accusations of a falsified resume is what made headlines.

Trust, but verify. For the cost of one education verification search (about $10 to $30), Yahoo now needs a new CEO and four other executives who approved his hiring.
Yahoo chief executive Scott Thompson steps down
The chief executive of tech firm Yahoo has stepped down amid accusations he included a fake computer science degree on his CV.

Scott Thompson was replaced by Yahoo’s global media head Ross Levinsohn.

Yahoo shares rose 1.7% on Monday morning as news of the changes hit the trading floor.

The firm is also reportedly close to agreeing a truce with activist shareholder Daniel Loeb, who discovered Mr Thompson’s mistake.

Mr Loeb, a hedge fund manager who lobbied for Mr Thompson’s dismissal, is set to be appointed a company director.

He will also be able to appoint two other new directors, while Yahoo has named Fred Amoroso as the new chairman of its board.

On Monday the Wall Street Journal reported that Mr Thompson, 54, told Yahoo’s board late last week he had been diagnosed with thyroid cancer.

Mr Thompson was diagnosed in recent days and is due to begin treatment, the newspaper said, adding that discovery of the illness had influenced Mr Thompson’s decision to resign.

No confirmation of the report was available.

Cost-cutting

Yahoo has already acknowledged that Mr Thompson, who took up his post in January, does not have a computer science degree.

When the news emerged Yahoo initially defended its chief executive, calling the discrepancy on his resume an “inadvertent error”. But it then came under mounting pressure from shareholders, employees and corporate governance experts to investigate the matter.

Mr Thompson’s exit comes amid broader reorganisation within the troubled internet giant, which has seen four full-time chief executives over the last five years.

The chairman of the board, Roy Bostock, and four other directors are leaving the company immediately. All of them had approved the hiring of Mr Thompson.

In addition to the three seats allocated to Mr Loeb and his board appointees, Michael Wolf, a former executive at MTV Networks, and Harry Wilson, a restructuring expert, are to join the board.

Mr Levinsohn, who takes over as interim head of Yahoo, acknowledged the disruption in an internal letter to employees.

“This may seem like a great deal of news to digest, but as you are all keenly aware, Yahoo is a dynamic, global company in a dynamic, global industry, so change – sometimes unexpected and sometimes at lightning speed – is something we will continue to live with and something we should embrace,” he wrote.

Upheaval

Mr Levinsohn is expected to address Yahoo employees at a meeting on Monday afternoon.

In April the company announced plans to make 2,000 employees redundant, a cutback of about 14% of staff, in an effort to save $375m (£233m) a year.

Mr Thompson also had plans to shut down or sell off about 50 of Yahoo’s products and services.

Before joining Yahoo Mr Thompson served as president of online payments firm PayPal from 2008.

He took over as chief executive from Tim Morse, who had held the Yahoo role on an interim basis after Carol Bartz was sacked in September 2011.

Besides its search engine, Yahoo’s key products include Yahoo News, photo-sharing site Flickr and a webmail platform.

But the company has struggled to match the advertising revenue generated by rivals Google and Facebook.

Yahoo’s stock has languished since it passed up a $44bn takeover bid from Microsoft in 2008.

Continue reading

Government Files First Criminal Charges In BP Oil Spill

Posted on 25, Apr | Posted by Michael R. Epperly, Esq.

As businesses have evolved and grown, so have the ways we communicate. It is no longer as simple as a letter, meeting, or a phone call. We send emails, have video chats, communicate with instant messages, and send text messages at an exponential rate. Have you ever stopped to consider how your company would respond to a preservation letter or discovery request covering every communication device in the company? More importantly, have you ever considered how effective your response would be?

In April, the first criminal charges were handed down in connection with the 2010 BP oil spill. Interestingly, they are not related to any of the acts that led to the explosion. Rather, they relate to the failure of a BP engineer to preserve text messages related to his observations following the explosion. This engineer is now charged with criminal obstruction of justice. The facts that led to these charges are summarized here.

It is times like this where we have the opportunity to learn from others mistakes. Reevaluate how communications between employees, management, and customers takes place in you environment. Determine from your legal counsel if new policies need to be written for maintaining emails, text messages, and other forms of communication and for how long. Finally, identify a consultant who can help collect this data should the need arise.

Government Files First Criminal Charges In BP Oil Spill
By Eyder Peralta

“The first criminal charges in connection with the BP oil spill have been filed against a former BP engineer named Kurt Mix,” NPR’s Carrie Johnson reports exclusively.

Carrie just told our Newscast unit that Mix has been charged with obstruction of justice for allegedly deleting text messages after the spill. The texts were related to the amount of oil gushing into the Gulf. Mix will make his first appearance in court today.

Carrie adds that there has been an expectation that criminal charges would be brought against individuals, but this is the first person charged since the spill happened two years ago.

These are preliminary charges and a law enforcement official says there are more charges to come, Carrie reports.

Update at 12:59 p.m. ET. Operation Top Kill:

The Justice Department has now made the arrest and charges public, issuing a press release on its website. Essentially the Justice Department claims that Mix, who at the time was “a drilling and completions project engineer for BP,” deleted hundreds of text messages even after he was notified that he was legally obligated to preserve them.

In one instance on Oct. 4, 2010, Justice claims that Mix allegedly deleted about 200 messages exchanged with a BP supervisor. In it, Mix admits that a maneuver called Top Kill, in which BP injected heavy fluids into the well to try to stop the flow of oil, was failing.

“Too much flowrate – over 15,000,” one of the text messages read, according to Justice, which also said some of those messages were recovered forensically.

At time, Justice adds, BP’s public estimate was 5,000 barrels of oil per day, “three times lower than the minimum flow rate indicated in Mix’s text.”

The Justice Department says if Mix is convicted of the charges he faces a maximum penalty of 20 yeas in jail and a $250,000 fine for each of the two counts of obstruction of justice.

Continue reading

Digital Message Resonance and Its Impact on Economic Advantage

Posted on 25, Apr | Posted by Christine L. Peterson, CPP, ISP

Using Social Media Monitoring and Analytics to Protect Human Capital, Company Property, and Your Brand

Social Media is a relatively new term that has become ingrained in our consciousness and language, but do you know what it means or encompasses? If you answered no, then you are in the majority. Everyone talks about Social Media, but few really understand it. Here is what Wikipedia, itself a social media site, has to offer us on the subject:

Definition: Social media includes web-based and mobile technologies used to turn communication into interactive dialogue. Andreas Kaplan and Michael Haenlein define social media as “a group of Internet-based applications that build on the ideological and technological foundations of Web 2.0, and that allow the creation and exchange of user-generated content.” (Source: Wikipedia)

As the Wikipedia authors explain, social media interaction is not just conversation: it is the
“super-set” of social dialogue. Social media is not news – it is a data set that describes public consciousness. “Enabled by ubiquitously accessible and scalable communication techniques, social media has substantially changed the way organizations, communities, and individuals communicate.” (Source: Wikipedia)

The Forms of Social Media

As the experts have outlined the subject, social media technologies take on many different forms including magazines, Internet forums, weblogs, social blogs, microblogging, wikis, podcasts, photographs or pictures, video, rating and social bookmarking. By applying a set of theories in the field of media research (social presence, media richness) and social processes (self-presentation, self-disclosure) Kaplan and Haenlein created a classification scheme for different social media types in their Business Horizons article published in 2010. According to Kaplan and Haenlein there are six different types of social media: collaborative projects (e.g., Wikipedia), blogs and microblogs (e.g., Twitter), content communities (e.g., YouTube), social networking sites (e.g., Facebook), virtual game worlds (e.g., World of Warcraft), and virtual social worlds (e.g. Second Life). Technologies include blogs, picture-sharing, vlogs, wall-postings, email, instant messaging, music-sharing, crowdsourcing and voice over IP, to name a few. Many of these social media services can be integrated via social network aggregation platforms.

What Does Social Media Mean To You?

Social media has changed and continues to change the world as we know it. Is that true? Let’s consider the facts:

Service Users or members Content, data, or usage
Facebook 845 million active users 50% log in on any given day
Twitter 140 million users; 460,000 join daily 340 million tweets daily
LinkedIn® 150 million registered users Roughly 2 new members every second
YouTube™ 800 million unique users per month Over 4 billion videos are viewed a day
Flickr ® 51 million registered members More than 6 billion images
Google+™ 25 million users About 1 million visits per week
Wikipedia® 16 million users, 300,000 editors Hosts 19 million articles
Data current as of April 2012.  
   

Including the thousands of other chat rooms, blogs, forums, newsgroups, and user groups, there are millions of additional social media users around the world. The people who are utilizing social media are your employees, customers, competitors, family, friends, activist groups, governments, and others. This technology is so powerful that it is used for everything from keeping in touch with friends to starting revolutions.

In this white paper we will discuss the state-of-the-art technology and tools that monitor social media for business intelligence purposes, including but not limited to the identification and monitoring of threats to the business and its personnel. Some organizations have already begun to harness the power of this technology in an attempt to exploit a market that is more often than not misunderstood.

While Google Alerts™, Google Web Search™, and low-level social media monitoring tools are of some use as a research aid in risk management, the most professional tools in this area are highly advanced and focus on analyzing information in near real-time from sources on the web.

Why are you in business?

As a business manger or owner, your business exists today because your customers’ expectations are in alignment with the value proposition or economic advantage that they expect to receive as part of the transaction with your firm. What is your value proposition or economic advantage?

  • Proprietary information (secret sauce)
  • Intellectual property
  • Customer/project information
  • Plans and specifications (marketing, R&D, financials)
  • Logistics
  • Human capital, “talent and experience”
  • Brand and reputation
  • Partners and suppliers
  • Physical assets

We know that businesses are leaking economic advantage every day through elicitation and social engineering, the exploitation of cyber vulnerabilities, and internal and external theft and sabotage. Traditionally, leakage has been in the form of a verbal, written, or e-mail disclosure which can and does wreak havoc for businesses every day. The new paradigm of leakage uses social media to communicate a message to an exponentially larger audience at the touch of a button. This is digital message resonance – or the ability of a message to continue propagating or resonating across the Internet and social media sphere long after the initial message was sent. Leakage in the traditional sense can have devastating effects, but it moves slower and is easier to track and contain. In the new era of digital message resonance, a single message can be transmitted to literally millions of people around the globe in a matter of seconds or minutes.

Traditional Model of Leakage New Paradigm of Leakage
   

As a security, HR, marketing, management, or finance professional, you may believe that a comprehensive security and compliance program utilizing traditional methods of perimeter control, access control, lighting, casual surveillance, security communications, identification, accountability, and training should apply to this new threat. To that, we would also agree – to a point. The traditional tools are critical to the protection of economic advantage and company assets. We would also assert that the world has changed. There are additional security threats and tools to mitigate those threats, but they are cutting-edge and have to remain dynamic. Can your business afford to take a “wait and see” position with respect to social media?

Beyond Monitoring: The Next Step

Social Media Business Intelligence, as applied to business groups, refers to the tools and practices used by organizations to aggregate social media data, gathered via social media monitoring tools and social analytics engines, with existing data and integrate with systems of records and real-time analytics engines. The results are actionable insights that provide businesses with new information on their customers, products, competitors, employees, and even their marketing campaigns that can be used to protect assets and economic advantage while improving the value proposition offered to customers and potential customers. Using this information to proactively predict and anticipate customers’ needs while protecting assets in near “real time” is the value of Social Media Business Intelligence.

The RMA solution allows you to scour the web for mentions of your company and effectively analyzes, processes and stores this data to implement it with existing business processes. It enables businesses to harness the power of social media to support corporate compliance, current threat intelligence, operational security, and event security. At the same time this information will assist management across departments and division to better understand their “value add” proposition with their customers, employees, vendors, community as it relates to their economic advantage.

The RMA solution uses social media business intelligence software to monitor what people are saying about your business in social media, primarily for the purpose of anticipating and mitigating security threats before they occur and for responding to security related issues effectively and efficiently to minimize losses and maximize productivity. At the same time, it can also be used to monitor what people are saying about your brand, industry, and competition.

The RMA solution uses intelligence gathering software that computes dozens of dimensions including sentiment, passion, volume, and much more. It provides access to business intelligence that will allow you to lead – not follow – the conversation and fix those small issues before they grow into big problems.

Summary

Social media and web-based analytics provide powerful tools to conduct 24/7 monitoring of existing and emerging threats for Risk Management Associates, Inc. clients.

The RMA solution provides “cutting-edge” scalable technology and analytics. Technology cannot replace training and experience, but it does create an effective method of gathering pertinent information quickly that can be validated and or discounted effectively.

Your businesses can then harness the power of social media to manage corporate compliance, current threat intelligence, operational security, and event security.

Data gathered can be communicated for application across departments and divisions. The RMA solution provides current intelligence that has applicability in multiple departments and divisions within the organization. This provides better understand of “value add” proposition with their customers, employees, vendors, community as it relates to economic advantage.

The RMA solution uses intelligence gathering software that provides clients with an additional tool to protect and demonstrate compliance in this age of digital resonance. Economic advantage like reputation is elusive and once lost very difficult to reclaim. The RMA solution provides an additional tool and layer of security. It provides access to current business intelligence that allows leaders to lead – not follow – the conversation, fix those small issues before they grow into big problems, and preserve evidence that has a short life span.

Risk Management Associates, Inc. utilizes the best technology and the best practices in web-based and social media monitoring, analysis and business intelligence. We look forward to answering any questions you may have about the topics presented in this paper or other security issues that are important to you.

Continue reading

FedEx Settles Charges of Causing, Aiding and Abetting Unlicensed Exports

Posted on 2, Mar | Posted by Christine L. Peterson, CPP, ISP

cargo planeIn 2010, Michael R. Epperly, Esq. who heads RMA’s Corporate Compliance consulting arm, wrote an insightful article that addressed the corporate compliance challenges that American companies face in the global marketplace. Through his experience as legal counsel, investigator, and consultant he is acutely aware of the importance of a solid corporate compliance program to an organization and the penalties that can result from not having an effective program. In today’s business environment, your company’s corporate compliance program also needs to include vendors and partners.

To read Mike’s original article, go to Corporate Compliance & Ethics.

FedEx Settles Charges of Causing, Aiding and Abetting Unlicensed Exports

WASHINGTON – The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) announced today that FedEx Express (FedEx), Memphis, TN, has agreed to pay a $370,000 civil penalty to settle allegations that it committed six violations of the Export Administration Regulations (EAR) relating to FedEx’s provision of freight forwarding services to exporters.

BIS alleged that on two occasions in 2006, FedEx caused, aided and abetted acts prohibited by the regulations when it facilitated the attempted unlicensed export of electronic components from the United States to Mayrow in Dubai, United Arab Emirates. The exports to Mayrow were thwarted when delivery was halted at BIS’s direction. On June 5, 2006, BIS had issued a General Order imposing a license requirement with a presumption of denial for the export or reexport of any item subject to the EAR to Mayrow General Trading and related entities. The General Order was issued based on information that Mayrow and the related entities were acquiring electronic components and devices that were being used in Improvised Explosive Devices deployed against Coalition forces in Iraq and Afghanistan.

BIS also alleged that in December 2005, FedEx caused, aided and abetted acts prohibited by the regulations when it facilitated the unlicensed export of flight simulation software to Beijing University of Aeronautics and Astronautics, a/k/a Beihang University, an organization listed on the U.S. Department of Commerce’s Entity List and located in the People’s Republic of China. The Commerce Department’s Entity List contains a list of names of foreign persons – including businesses, research institutions, government and private organizations, and individuals – that have been determined through an interagency review process to have engaged in activities contrary to U.S. national security and/or foreign policy interests. These persons are restricted from receiving items subject to U.S. jurisdiction.

Lastly, BIS alleged that on three occasions in 2004, FedEx caused, aided and abetted acts prohibited by the regulations when it facilitated the unlicensed export of printer components from the United States to end users in Syria. Facilitating the export of commodities to Syria without the required U.S. Department of Commerce export license was prohibited under General Order No. 2 as set forth in Supplement 1 to part 736 of the EAR.

The Commerce Department Assistant Secretary for Export Enforcement David W. Mills said, “It is vital that every stakeholder in the U.S. exporting chain remain vigilant in its efforts to prevent prohibited transactions that may be detrimental to our national security, and each will be held accountable if it fails to do so.”

Continue reading

When Employees Leave, Data Should Stay

Posted on 16, Feb | Posted by Russell W. Gilmore, CISSP, CISM, EnCE

laptop with a padlockAs a security consultant, quite often I am asked to assist with the hiring and termination of employees. The hiring process generally includes background checks, reference interviews, and financial history, along with other information. My involvement in the termination process is as a third-party observer and advisor. As a computer forensics expert and consultant, I am often called in sometime after the termination process to make a forensic image (or exact duplicate) of the terminated employee’s hard drive. This usually occurs as a result of a threat expressed by the ex-employee to file some sort of legal action. Each time I imagine how much time and money could be saved if an image of the computer hard drive had been created before the employee was terminated and/or shortly thereafter.

In some cases, I am asked to image a computer used by an ex-employee months ago. Quite often, the computer is currently being used by another employee. Computer forensics can recover deleted data. If several different employees have used the same computer it is more difficult to show or even prove who deleted the data. Even though relevant information can be recovered, this type of scenario is not optimal.

According to the EEOC, in cases filed with their agency from 1997 to 2010, monetary distribution excluding those obtained through litigation went from $176 million to $319 million. During this same period resolutions stayed at the same level, approximately 104,000. The number of cases is not increasing, but the costs are.

This does not include the cost of legal fees as a result of the EEOC filing or lawsuit. Most companies have become very proactive in regard to employee hiring, but we don’t see this as often in the termination process.

As a computer forensics examiner, I see opportunities for companies to preserve data and protect themselves and even the employee prior to the termination process or as part of the termination procedure itself. When it is evident that an employee must be terminated, steps should be taken to image the computer or devices used by the employee, even if a future computer forensic analysis is not needed. It may even be beneficial to image the computer prior to termination and again after termination. I have often been called to recover data deleted by an employee after they have learned of their impending termination.

I also recommend that an outside consultant conduct the forensic imaging. This can protect the employer from the accusations of manipulating the data in their favor. You may ask, “Why can’t the ‘IT guy’ just make a copy of the computer hard drive?” A copy does not collect much of the deleted data. Unlike a forensic image, a copy is not an exact replica of the computer hard drive. Making a copy can change file information. Finally, a copy cannot be authenticated and verified months or even years later.

Continue reading

Don’t Click that Link!

Posted on 6, Jan | Posted by Christine L. Peterson, CPP, ISP

NCMS (National Classification Management Society) is a society that provides training and guidance to private sector firms who are industrial contractors to the federal government on classified contracts. As a member of the national organization and the Carolinas Chapter, RMA has access to some excellent and timely training. “Don’t Click That Link!” came from another member and is a good reminder for all of us as individuals and as companies that we each have a part to play in our own security and the protection of our company’s assets. The FBI estimates that every year billions of U.S. dollars are lost to foreign and domestic competitors who deliberately target economic intelligence in flourishing U.S. industries and technologies, and who cull intelligence out of shelved technologies by exploiting open source information. This is a good reminder that there are plenty of scam e-mails out there. The human element is always the weakest link in the protection of assets both personal and professional.

Keep yourself safe from online scams. Don't click that link!

  • The dancing reindeer in the E-Holiday Card is not worth the viruses and spyware that will be installed.
  • Your bank account has not been closed…but if you’re worried, go to your bank’s website and log in properly.
  • You did not win the lottery…not in this country, not in any other country.
  • You did not violate Facebook’s policies and your account will not be suspended.
  • No one is going to share their inherited millions with you.
  • No one is going to pay you, or give you free stuff, to be a “Secret Shopper”.
  • You are not going to make millions working from your home computer three hours a day.
  • Your grandchild (child, nephew, neighbor, friend’s dog, whatever) is probably NOT in desperate trouble (overseas, out of state, on the moon, whatever). If in doubt, call someone – another relative, the police, a local hospital – to VERIFY before offering any kind of payment to “help”.
  • You did not win a free gift card. Really, you didn’t.
  • The Better Business Bureau did not receive a complaint about you.
  • The airline will NOT send an e-mail with a link so you can print your boarding pass.
  • You CAN watch the video for 15 seconds, but don’t!

spam folder

Sometimes, harmful e-mail is obvious. 

Sometimes it’s not.

Unless it’s from a known and trusted source, do NOT click on any link, open any attachment, call any phone number, or follow any instructions from an e-mail or even from a posting on a social networking site. You never know what may be lurking!

Continue reading
« Older entries

Blog Topics

Tag Cloud

access control Anti-terrorism/Force Protection ATFP background investigations background screening blast mitigation business continuity campus security Clery Act community improvement computer forensics corporate compliance CPTED crime crime prevention through environmental design criminal record checks crisis management disaster planning embezzlement employee theft executive protection fraud information security integrated security investigation key control lighting mail and package screening mail bombs master plan package bombs personal security planning policies premises liability procedures security plan security program small business system design technology theft training vulnerability assessment workplace violence
Sign up to receive our Email Newsletter