Common Security Dos and Don’ts

internet screen security protection

Photo by Pixabay on Pexels.com

Security vulnerabilities pose a major threat to organizations. Breaches can be costly both in terms of finances and reputation. So what are some ways that businesses can take initiative in protecting themselves against some of the most common security threats?

Do screen job applicants and third parties

Comprehensive background checks and due diligence are extremely important to getting the whole picture of an applicant or a third-party business relationship. Without going through this process, you expose your business to countless threats.

Typical background checks may verify an applicant’s residence and professional history, where a comprehensive investigation including social media can identify more subtle connections that would alter the risk recommendation. If your business does not have the resources to do this on its own, we can help you with our team of professional investigators. Don’t hesitate to reach out!

For more on this subject, be sure to read our article on The Significance of Background Checks in Business.

Do come up with a robust security policy

Your organization’s security policy should cover procedures for preventing, detecting, and acting upon misuse, as well as guidelines for conducting due diligence. These should be crafted with a plan for investigating insider breaches as well.

A good security policy also contains risk management processes. Check out our guide here on the basics of forming a risk management plan.

Don’t overlook the threat of malicious emails

Your organization might go to extremes to secure their email system, and yet it remains one of the most vulnerable links in the chain. All it takes is for one person to inadvertently click on an malicious link or attachment to infect all the computers in the office.

A good rule of thumb is to never open a link or attachment if you don’t recognize the sender, and ensure that your employees are trained in recognizing this type of scamming/phishing behaviour. For help in training your employees on this, don’t hesitate to reach out to our cyber security team.

For more content like this, subscribe to our blog for regular updates in the security industry. If you have any questions or comments, feel free to reach out to us on Twitter @CentryLTD

Centry Opens New Office in Mexico City!

el-angel-de-independencia--mexican-landmark-552812595-59863bb2519de2001116a0d0

We are pleased to announce the expansion of Centry Global to Mexico!

Our new office is now open, located on the 17th Floor Torre Magenta, Paseo de la Reforma 284, Colonia Juarez, Distrito Federal, Mexico CP 06600.

new office.PNG

As an international security company, our work takes us across the world. With the opening of this office, we are now able to better serve our clients in the region.

At Centry, our focus is to develop long-term, communicative working relationships to provide you with the best resolutions to your security challenges. While our combined expertise primarily revolves around security and risk management, you will find among our ranks professionals in corporate and private investigations, fraud control, and experts in programming, software development, and more.

We look forward to meeting and working with more clients across Mexico. Please don’t hesitate to contact us!

📧 info@centry.global 📱 +52 55 4739 2665

 

Valid Concern or Tap Anxiety? An Evaluation of Amazon’s Alexa Recording

406213-amazon-echo

Alexa’s Infamous Recording

A couple weeks ago, a family from Portland, Oregon reached out to Amazon to investigate after they said that their home assistant device, “Alexa”, had apparently recorded audio of a conversation the couple was having and sent it to an acquaintance of the family who’s phone number was in their contact list. The acquaintance, a work colleague, immediately contacted the family to let them know that he received the recording, and told them to turn off their devices.

This led to a media frenzy, where countless sources questioned the security of home assistant devices, likening them to Orwellian wire-taps.

So, how did this happen?

When the family contacted Amazon concerning the incident, an engineer investigated the logs of the device and was able to confirm the recording and subsequent sending. The engineer suggested that the entire issue was a result of the device misinterpreting the sounds of the distant conversation as commands to record and then send the message.

The company’s official statement was:

“Echo woke up due to a word in background conversation sounding like “Alexa.” Then, the subsequent conversation was heard as a “send message” request. At which point, Alexa said out loud “To whom?” At which point, the background conversation was interpreted as a name in the customer’s contact list. Alexa then asked out loud, “[contact name], right?” Alexa then interpreted background conversation as “right”. As unlikely as this string of events is, we are evaluating options to make this case even less likely.”

Is this something to be genuinely concerned about?

In short, not really: the coverage of this situation was greatly sensationalized.

If you have ever “butt-dialed” someone from your mobile phone, this is not very much different of a circumstance. Accidental activation leads to a call or command.

Anyone who has one of these devices has probably heard it pipe up unprompted, whether it was from a distant conversation, the TV, radio, computer, etc. It’s important to remember that home assistant devices like Amazon Echo and Google Home are still first generation pieces of technology – they are learning on the go, and there is bound to be a few hiccups along the way. Human speech interpretation is very hard.

Both devices have large, easy to see indicators of when they are listening for the keyword. Alexa has a bright blue circle that illuminates on the top, and Google Home also lights up.

However, if you are still worried, here are a few steps you can take:

  1. Turn on command tones in the app. This makes the device “ding” when it hears the keyword, letting you know that it’s actively listening.
  2. Don’t ignore it when it speaks– tell it to stop. Otherwise, it could continue mishearing commands.
  3. Protect your WiFi network. These devices are only as secure as the network they connect to.
  4. Check in the app to see if there are any stored recordings, and delete them.

If you have any questions or comments, feel free to reach out to us on any of our social media profiles. For more content like this, subscribe to Centry Blog for weekly articles!

What to Pack in a Grab-Bag

One of the ways that you can prepare yourself for an emergency is to stock a grab-bag. That is, a bag containing a handful of supplies that could make all the difference in recovering after an emergency, whether it’s a natural disaster or hostile threat.  The idea is that you need only to take this single bag with you as you respond to a crisis, ensuring that you have what you need for immediate survival following the contingency.

The exact necessities that you pack will be impacted by your geographical location and the regional-specific risks therein, but here are a few ideas to get you started:

Information & Documentation

This should include your passport and/or visa, and any other important documents related to your identity. This is especially important if you are travelling abroad, particularly if the contingency requires you to leave the country. Even if it is for a home-emergency, being able to have at least a couple identifying documents will assist you in the recovery of other important documents after the fact.

Food & Water

A stock of high energy, non-perishable food items and as much water as you can feasibly carry.

Communications

A spare mobile phone with a charger.

Health & Safety

Basic first aid kit and any essential medications that you may require day-to-day.

Other

Some other items to include in your grab bag are money, a change of clothing, candles, matches, a flashlight/torch, and spare batteries.

Keep in mind that the general advised contents of this grab bag address the needs of the average individual whether they are at home or traveling. Family and/or group kits will vary, especially if there are pets involved. 

If you have any questions or would like expanded detail of this, please don’t hesitate to contact us at info@centry.global! Remember to subscribe for weekly updates on Centry Blog, and follow us on Twitter @CentryLTD for more content like this.

A Quick Look: South China Sea Disputes

sunset-1401393_1920

The South China Sea is a critically important trade route of the world, with an estimated $5-trillion worth of goods passing through yearly, which amounts to about 30% of global maritime trade. In addition to that, there are vast oil and natural gas reserves under the sea, and it is the site of lucrative fishing grounds, providing the main source of animal protein for the densely populated southeast Asia.

For all of its resources and strategic value, the South China Sea is highly contentious. Several sovereign states all have varying claims over different sectors of the waterway and the islands therein, whereas non-claimant states advocate for the South China Sea to remain international waters.

These maritime and territorial disputes are complex and sprawling in their nature. To better grasp the greater picture of the situation, we’ve broken it down into a few sections.

The Claimants

The prime areas of contention in the South China Sea include the Spratly Islands, Paracel Islands, and various boundaries in the Gulf of Tonkin. Each claimant nation wants something specific, and they all have their individual justifications for what they want. The main players in the territorial disputes have been China, Taiwan, Vietnam, The Philippines, Indonesia, Malaysia, and Brunei.

551px-South_China_Sea_claims_map

Image 1. South China Sea Claims

China depicts its claims to the South China Sea using the map of the nine-dash line, a vague demarcation line that was inspired by a December 1947 then-Republic of China (1912-1949) map with eleven segments. After the Communist Party of China formed the PRC, the claim was amended to the “nine-dash line” that we know today. The U-shape of it can be observed in Image 1 above.

Taiwan (ROC) also uses the 1947 map it as a basis for their own claim to the contested waters, because it was published before the PRC was established. Taiping Island, also known as Itu Aba Island, is the largest isle of the Spratly group and it remains steadfastly in Taiwan’s control. As one of the world’s biggest seafood exporters, Taiwan’s interests in the region are connected to fishing and oil.

Vietnam’s claim over the Paracel and Spratly islands was first established in a White Paper issued by the Ministry of Foreign Affairs in 1974, with historical evidence as a basis for the claims. It has been a vocal opponent of China’s historical claim over the South China Sea, asserting that China had never claimed sovereignty over the islands before the 1940s, whereas Vietnam had actively ruled over both the Paracel and the Spratly Islands since the 17th Century.

However, tensions between China and Vietnam have been de-escalating ahead of agreements to resolve their disputes. In April 2018, Chinese Foreign Minister Wang Yi gave an announcement that China and Vietnam are moving toward a settlement agreement on the status of their claims in the South China Sea.

The Philippines has historically cited its geographical proximity to the Spratly Islands as the main basis of its claim to the Scarborough Shoal, however its President Rodrigo Duterte has avoided aggressive rhetoric on the issue, saying that he “will not impose anything on China.”

This came after the July 2016 international arbitration that ruled China could not legally claim most of the South China Sea – including a rebuke of the nation’s manmade islands. Although China is a signatory to the UN Convention on the Law of the Sea, it refused to accept the court’s authority on this case.

Malaysia has claimed seven islands in the Spratly group, of which two are also claimed by Vietnam and one by the Philippines. Thus, it has occupied the remaining four and constructed mini-naval stations to reinforce its claim.

Brunei by contrast is sometimes referred to as a “silent claimant” of the South China Sea, however it first asserted rights shortly after gaining independence from Britain in 1984. Its principal interests revolve around the development of offshore oil and natural gas fields – both within its EEZ and outside of its territorial waters. Its claim is on Louisa Reef, which is on its continental shelf, however the Louisa Reef is also part of the Spratly islands, a feature claimed by both China and Vietnam.

Recently, Indonesia ramped up the territorial disputes by renaming the northernmost waters of its exclusive economic zone in the South China Sea to the North Natuna Sea, despite China’s claims to the area.  Ian Storey, a senior fellow at the Institute of Southeast Asian Studies in Singapore, suggested that the renaming of the waterway helped to make it “sound more Indonesian.” It has increasingly conducted aggressive posturing in the area, including a military buildup on nearby Natuna Islands and deployment of naval warships.

For decades, Indonesia’s official policy has maintained that it is not party to any territorial disputes with China on the South China Sea, yet in 2016, the two countries had three maritime skirmishes, including warning shots and a situation where Indonesian warships seized a Chinese fishing boat and its crew.

China’s Manmade Islands

In recent years, China has been building various ports, runways, and radar facilities on manmade islands throughout the South China Sea. CSIS Satellite images from 2016 depict large anti-aircraft guns and weapons systems as well.

These man-made islands have been constructed by dredging sand on to reefs in an effort to boost China’s claim to the Spratly Islands in the South China Sea. China had previously committed to not militarizing the islands, however the CSIS imagery suggests otherwise. Nonetheless, the PRC government maintains that the islands are for maritime safety and civilian purposes.

The Situation at Present

On April 11th, 2018, the Chinese navy began a 3-day drill near its main submarine base in what analysts described as a message to other nations in the area that it was capable of defending its territorial and maritime interests. This display came right as an American strike group, led by the aircraft carrier USS Theodore Roosevelt, conducted its own exercises in the South China Sea. The United States maintains that the South China Sea is international water, and therefore the United Nations Convention on Laws of the Sea should determine sovereignty in the area.

These exercises additionally overlapped with a week-long series of live-fire drills involving the aircraft carrier Liaoning, near the venue for the BOAO Forum for Asia. On the sidelines of the forum, senior fellow Oh Ei Sun said that all the surrounding countries were concerned by the military exercises in the region. This area is significant because it has several underwater channels and straits that could allow China’s submarine fleet to break through the United States’ first and second island chain blockades. Although the location for these specific demonstrations was in a less sensitive area than the South China Sea, it nonetheless served as a means for China to illustrate its military might to the other claimants involved in the disputes.

PRC President Xi Jinping presided over the Chinese navy’s largest military display on April 12th, 2018. The state broadcaster, China Central Television, showed footage of Xi boarding the destroyer Changsha before sailing to an unspecified location in the South China Sea to watch the procession. China’s armed forces are in the middle of a modernization program, and the subsequent military buildup has seemingly unnerved its neighbors, particularly due to the increasing assertiveness on the territorial disputes of the South China Sea.

China intended on holding live-fire military drills in the Taiwan Straits on April 18th, however, it was reported that the drill scaled down in an effort to reduce tensions. The Taiwanese military similarly cancelled a scheduled cannon drill.

The probability of South China Sea disputes leading to an outbreak of hostilities is unlikely, however since China has continued to pursue its territorial and maritime claims, the potential for escalating small-scale skirmishes cannot be ruled out. Furthermore, any escalations in the trade corridor may have an impact on the global economy, particularly if sanctions become involved.

This article was written by Kristina Weber of Centry Ltd. For more content like this, follow @CentryLTD on Twitter!

GDPR & Consent

GDPR and Consent (1)

The deadline for compliance with the General Data Protection Regulation (GDPR) is approaching fast: May 25th, 2018 is when enforcement will begin.

Be sure to read Centry’s GDPR Guide for a concise, easy-to-read breakdown of what GDPR is and important details of what you need to know about it.

For any questions or comments, feel free to contact us at info@centry.global or on any of our social media outlets. We’re here to help you!

 

A Closer Look: Revived Corruption Charges Against Zuma

In a televised address, Mr. Shaun Abrahams, the national director of public prosecutions at the National Prosecuting Authority (NPA) in South Africa, announced that he would be reviving 16 charges against the former South African President, Mr. Jacob Zuma. These include 12 charges of fraud, one of racketeering, two of corruption, and one for money laundering.

jacob-zuma-4-620x434

The charges are related to an incident in the late 1990s, when Mr. Zuma allegedly accepted bribes during a $2.5 billion arms deal between the government and a French weapons supplier. He was indicted at the end of 2007 on a range of charges associated with the deal, but the NPA dropped them in 2009, thus clearing Mr. Zuma’s path to the presidency. Then, in Autumn 2017, while Mr. Zuma was still in office, South Africa’s Supreme Court of Appeal upheld a ruling to reinstate the charges, and condemned the 2009 decision to drop them.

In 2014, Mr. Zuma was accused of using tax payer money to pay for upgrades to his rural residence, including a swimming pool, amphitheatre, and cattle pen.

Mr. Zuma resigned from his post in February under considerable pressure from the ruling African National Congress (ANC) party. The ANC has since affirmed its confidence in the country’s criminal justice system, and cautioned that Mr. Zuma has the right to be presumed innocent until and if proven guilty.

Mr. Abrahams said that there are “reasonable prospects of successful prosecution of Mr. Zuma on the charges listed in the indictment.”

This is but the latest in a series of reckonings against corruption in South Africa. Other avenues have included an impending judicial commission of inquiry into state capture. Implications in a 2016 watchdog report alleged that the Gupta family, billionaire friends of Mr. Zuma, used connections to him to win state contracts and influence cabinet appointments. State capture refers to a type of systemic political corruption, in which private interests significantly influence a state’s decision-making processes.

Additionally, there are at least three separate parliamentary inquiries into corruption at state-owned enterprises ongoing in Parliament. A spokesperson for the NPA said there are hundreds of files related to state capture across state-owned enterprises and provincial governments– asset forfeiture will be primarily used as the first step toward addressing corruption across the public sector.

Further reading on red flags associated with state-owned enterprises may be found here on Centry Blog.  

For more content like this, follow @CentryLTD on Twitter! If you have any questions or comments, feel free to reach us on any of our social media platforms.