Business, Cyber Security, Data Breach, Geopolitics, Information Security

Centry Cyber Security European Tour


Centry Ltd. and SECAPP, together with FINNSEC would like to cordially invite you to join Dave Ehman, Centry CTO and a global Cyber Security expert, and Dr. Kari Aho, Business Development Manager of SECAPP, for an exclusive presentation at the Helsinki Exhibition Center on September 27th, 2017!

Centry and Secapp_Helsinki Presentations

Please check out the above PDF link for more details on the event!

Business, Information Security, Risk Management

The Significance of Background Checks in Business

“Knowledge is power.”

This phrase might be a cliché, but it is one for a reason – its truth has not diminished over the centuries since Sir Francis Bacon published it.

In today’s market economy society, companies strive to optimize their business expenses, betimes cutting corners and costs that may have been better left untouched. Likewise, shorter-term strategic decision making based on quarterly models revolves around the need to obtain the highest possible value for the company’s share. However, with these priorities in the foreground, the importance of knowledge as a tool for decision making often gets left by the wayside.

Over the last few years, however, there has been a growing interest in both the acquisition and exploitation of information in organizational operating methods. Particularly in Western countries, we have been increasingly accustomed to focusing on background and security analyses of different stakeholder organizations.

All business parties, customers, partners, and subcontractors related to the business have an indirect impact on the company. The effectiveness of these stakeholders is related to, among other things, business price-quality profiles, the financial situation, ethics, reputation, executives, marketing, etc. Thus, the various parties involved in the business are all interconnected – in both good and bad ways.

It’s clear that all business with outside parties has some degree of risk. The good news, however, is that it’s possible to control this risk.

Do you know your partner?

Current international trading rules often require knowledge of the other party beneath what’s presented on the surface. Making an assumption based on surface-level information could lead to difficulty conducting business, or at worst, breaching sanctions. A high risk for businesses would be, for example, working with a company named on an international watchlist. An even greater risk for business-partners would be cooperating with various professional shell and/or criminal organizations. It can be said, therefore, that finding out the backgrounds of counterparties and third parties is an essential part the risk management process of a conscientious organization.

Company itself is responsible

The authorities should serve as a top guardian of organizations and companies to follow the rules of the game and operating limits. However, the company is usually responsible itself if a counterparty screening is carried out incompletely or completely neglected. This is a true challenge particularly in Scandinavia, where the business culture has been mainly based on “honesty”.

Don’t rely on the business partner to provide screening or reports, as these sources may be biased, incomplete, or simply neglected altogether. The organization that wishes to know information on another entity is the one that should take responsibility in organizing a background check.

Reputational losses are difficult to fix

The power of social media has raised a new threat to businesses in the last few years: reputational risks. These include, among others, factors related to moral values and environmental friendliness of companies, as well as numerous factors in the sustainable development of supply chains.

Information accessibility has also increased pressure on companies to operate ethically and in compliance with worldwide rules and regulations. Nowadays, reputational damage is a more significant threat to marketing with how fast information can spread. It is generally said that each lost customer relationship requires at least twice the marketing effort to earn the customer’s loyalty again.

Research processes have evolved

While companies have begun to take into account the significance of background checks as an essential function for business, service providers have continued to develop and modernize their research processes.

Reporting has also becoming increasingly clearer as a whole, evolving from a simple list of offenses or declaration of no known offenses to a case study – a story, which widens the perspective in a variety of ways. Among other things, these due diligence reports give information on shareholdings, upper management, organizational structure, adverse media articles, etc. These reports use verified, sourced data that is trusted by international business analytics providers.

It is also possible to include a separate field study, wherein the investigator physically travels to the target area to research local registers, conduct personal interviews, take photographs, and conduct other assignment-related studies agreed upon with the client.

Benefits of background checks

It is true that financial losses can be offset by insurance when damage has already taken place, but the stains on the company’s image and reputation are not affected by insurance policies.

Background checks make it possible to secure the business environment before the incident occurs. In the case of cost structure, background checks can be found to be more of an investment as opposed to an expenditure.

It can be invaluable to know the backgrounds and affinities of the stakeholders that influence the company’s operations. Even if the investigated entity is perfectly compliant and lawful, these types of reports can be helpful simply on a level of benefitting the business relationship with information and perspective. The best results with background checks and due diligence are often achieved when the process is outlined and integrated into the company’s entire business strategy.

This article was originally written in Finnish by Kimmo Loukonen, CX Manager of Centry Ltd. It was edited in English by Kristina Weber, Investigations Coordinator of Centry Ltd.


When VPNs Go Wrong

VPNs have become widespread over the past few years as their users have expanded from businesses utilizing them for information security to individuals seeking out ways to bolster their privacy or obscure their location.

The issue that arises from growing individual use is that there are more opportunities to be scammed, and some people with VPNs for personal use may not be able to distinguish between a reputable service and a charismatic, albeit malicious scam.

The biggest culprit among these are Free VPNs. These are alarming because they draw into question how the company offering the VPN can afford to run a safe and secure network of VPN servers with adequate support – these things are expensive and have fixed recurring costs. That means the company has to make money from another source, which may entail tracking information about your browsing activity to sell to third parties.

A VPN is supposed to secure and encrypt your data. If this tool was used with the intent to log your activity, it could monitor your IP address with time stamps, how long you use the service, as well as the websites you visit and other services you use. Even if you have somehow managed to find a Free VPN that truly secures your data, it could have other unwanted side effects such as plaguing your browser with ads, throttled bandwidth, and data caps among others. If these issues don’t seem threatening on the surface, one needs only to look deeper into them to truly assess whether or not it’s safe – for example, are those ads redirecting you to malicious websites? Are you able to work or use the internet with slow bandwidth? How quickly will you exceed the data cap?

One instance of a fake VPN scam is the story of MySafeVPN.

This story surfaced on Motherboard, where Nicholas Deleon first wrote about it after receiving a shady email message from the ‘Plex VPN team’, claiming that Plex had added a VPN service to its business known as MySafeVPN. It was marketed to preserve the privacy of North American users in the wake of the changes to US ISP permissions.

Deleon then wrote to Plex’s co-founder, Scott Olechowski, asking about the validity of this supposed new VPN service. Olechowski replied, “This is *absolutely not* a Plex affiliated service or offering,” and recommended using any other VPN service, as this one was obviously shady.

Plex was not the only target of this VPN scam. MySafeVPN posed similarly to other companies, including Boxee. Both Boxee and Plex suffered data breaches a few years ago, so it is possible that is how MySafeVPN was able to access the email list.

Another one of these examples is Hotspot Shield VPN, which is a free app and service that has been accused of spying on its users and selling the data. On August 7th, the Center for Democracy and Technology filed a complaint with the U.S. Federal Trade Commission alleging that Hotspot Shield VPN is violating its own privacy policy of providing ‘complete anonymity.’ Furthermore, Hotspot Shield was found to be using iframes in webpages to inject JavaScript code for advertising and tracking purposes and disclosing the names of user’s WIFI networks via the SSID, Internet MAC addresses, IMEI numbers, among other things. Basically, the VPN was leaking everything it was supposed to secure.

Trustworthy VPN services will not sell your information or cause you to be inconvenienced by slow network speeds or ads. The real VPNs can be immensely valuable, especially when connecting to Public Wi-Fi, where you are at risk for having information stolen. Simply reading the terms and conditions of a VPN service can be enough to help you distinguish between a reliable source and a scam.

This article was written by Kristina Weber of Centry Ltd. For any questions or comments, please don’t hesitate to contact us on any of our social media platforms! For more content like this, follow @CentryCyber on Twitter.