2018 Year in Review

As 2018 comes to a close, we reflect on those moments throughout the year that defined the times yet to come. For Centry, 2018 was a year that brought us great joys like the opening of our new branch in Mexico City and establishment of the ASIS Ukraine chapter, but also times of mourning after our colleague, Mr. Rachid Boukhari, passed away in June. Above all, it has been a journey, and one we are grateful to undertake for the mark we make on this world.

From our Centry family to yours, we wish our readers love and joy over the holidays, and a happy new year!

In keeping with the tradition of our year’s end articles on Centry Blog, we put together a list of some of our most-read stories from 2018 below.

January

Centry’s GDPR Guide

Our GDPR guide breaks down exactly what the EU’s General Data Protection Regulation was all about. This article was highlighted on TWiT live in an interview with our CTO Dave Ehman!

February

The Next Gold Rush: Renewable Energy

The Renewable Energy industry just might be the next gold rush for businesses and investors alike. This time, we aren’t hiking into the Klondike for gold; individuals and organizations alike are turning their eyes toward the broader world, looking out for opportunities to make good on this booming initiative.

March

Hidden Sanctions Risk: North Korean ties to Africa

The connection between Namibia and North Korea stands as but one example among many similar stories. It began in the 1960s, when several African countries started the struggle for independence from colonialism. During this vulnerable time period, North Korea invested time and money in these revolutions, where the political ties eventually grew into commercial relationships.

April

Human Trafficking in the European Union

Over the course of the past two decades, the European Union has been making an increased effort to understand and address the heinous crime of human trafficking. The most recent publication of statistics from Eurostat concerning registered victims and suspected traffickers revealed that a number of non-EU nationals are trafficked into member states, primarily from Nigeria.

This week’s article on Centry Blog examines just a facet of this deep and complex issue through analyzing Nigerian campus cults, the international response, and global business reponses.

May

Fake Social Media Profiles and What To Do If You Are Being Impersonated Online

False accounts are prevalent across social media, mainly used for phishing purposes. Whether it’s a bot or malicious actor threatening your account, we put together an instructional guide for those moments that you notice you have a seemingly second profile, not of your own making.

June

Supply Chain Security Introductory Guide

Having a secure logistics supply chain can save your company millions in terms of assets and reputation, and here at Centry, we have the know-how to help you. This article serves as an introductory guide to security in the supply chain.

July

Typosquatters

Sometimes fat-finger errors can lead to more than just an autocorrect goof. Some scammers have figured out how to lay traps surrounding these common mistakes.

August

Common Security Dos and Don’ts

Our article on Common Security Dos and Don’ts covers what you and your business can do to prevent costly breaches of data and trust.

September

Golden Visa for sale! Now on special offer for the 1%

In some countries, you can buy your way to citizenship. European passports and Schengen visas are the most desired traveling documents in the world. Not only do they grant the most traveling freedom, they give access to a safe and stable living environment, with free speech, in a market that can fulfill all your needs. Many EU countries have taken advantage of this by offering entry in exchange for investment. This kind of activity is commonly referred to as a Golden Visa Program.

October

5 Basic Digital Privacy Tips for the Average Person

Digital privacy is for everyone. But it’s also a massive topic that can be very easy to get lost in, especially if you’re new to to it. However, you don’t need to be a security expert nor do you need any particular reason to want to bolster your privacy on the internet.

November

What is Social Engineering?

Social engineering is a growing threat to individuals and businesses alike. In this article, we look into what social engineering is, the ways it can manifest, and what you can do to protect yourself.

December

Cyber Security in the Supply Chain

Your company might have a rigorous Cyber Security policy, and thorough training on all its personnel. But what happens when the security vulnerability comes from a trusted source in the Supply Chain?

Security professionals must now consider not only the possible vulnerabilities of their own network, but their supplier’s network, and their supplier’s supplier network, and so on.

We hope you have enjoyed Centry Blog this year. For more content like this, be sure to subscribe and follow us on Twitter @CentryLTD! We will see you in 2019!

What is Social Engineering?

One of the most common methods of fraud is social engineering. This refers to a calculated deception that targets people in order to obtain sensitive information relative to their business, identity, or finances.  

There are two main categories of social engineering: (a) Mass Fraud, which is mostly comprised of basic techniques meant to scam a high quantity of people; and (b) Targeted Fraud, which is a highly-specialized method of fraud that singles out a specific individual or company.

The majority of these schemes follow the same general path. It begins usually with gathering information on a topic or target. Once enough information about the target has been obtained, scammers can focus on developing a false sense of security and trust with their target. In cases of mass fraud, this could look like replicating the design of a Netflix customer service email, or in targeted fraud establishing enough of a friendly rapport with an individual over the phone that they feel comfortable providing more and more information. Once this has been established, scammers can exploit any of the identified vulnerabilities and ultimately execute the scam.

Social engineering works because it preys on our instinct to trust.

Let’s say you are at work and receive a call or email from a “colleague” asking for some sort of account number or other piece of information related to the business. If you haven’t had any training on your company’s confidentiality policy, you might not think twice about providing this person the information they ask for. After all, they might seem trustworthy, or talk about things in a way that would give you no reason to suspect they aren’t a fellow coworker. That’s because they have meticulously studied how to prop up the illusion.

These types of attacks are common; all you need to do is look at the news to find examples. Just recently it was found that hackers connected to the Russian government were impersonating US State Department employees and sending emails with downloadable attachments. These attachments would then install software that could provide the hackers access to internal systems.

These fraud attempts aren’t just work-related. They can target you at home, too.

The Internal Revenue Service (IRS) of the United States just issued a warning about a new tax related scam. A surge of emails recently have been impersonating the IRS and using “tax transcripts” as bait to trick users into opening documents that contain malware. The malware behind this scam, Emotet, has been historically associated with posing as financial institutions in order to encourage people to download the malicious attachments. The IRS has recommended that if you have received one of these emails to delete it or forward it to phishing@irs.gov.

So how can you protect yourself?

Individuals can take the time to be vigilant of unfamiliar calls and emails. Sometimes social engineering won’t be a singular attempt. It could be repeated calls over years that slowly harvest the information needed to execute a scam. When in doubt, you can double check with the source, and avoid providing personal information. Meanwhile, companies can develop a guide for handling sensitive information to avoid blunders with fake employees. With sufficient training, employees can be taught to recognize different types of fraud and have an established plan for handling it should they come across it.

This article was written by Kristina Weber of Centry Global. For more content like this, subscribe to our blog and follow us on Twitter @CentryLTD!

Finnish Security Awards 2018

We are honored to have been part of the Finnish Security Awards (FSA), which took place last month in October 2018. This is the fourth time that this event has been organized, thanks to Turvallisuus & Riskienhallinta, a Finnish security and risk management magazine.

This year the awards were held at the Old Student House in Helsinki. The opening ceremony featured a presentation about the future of security and safety by Professor Esko Valtaoja. There are eleven award categories at FSA, and each one had its own jury that was comprised of respected professionals in the industry.

A number of us at Centry attended the awards ceremony, and Mr. Risto Haataja of Centry was a member of the jury that selected Security Company of the Year!

This slideshow requires JavaScript.

5 Basic Digital Privacy Tips for the Average Person

As interconnectedness and personalized browsing experiences have become the norm in today’s society, our lives – increasingly impacted by our digital footprint – have become less private.

The right to digital privacy has been a slow growing movement, and its biggest marker was the General Data Protection Regulation that affected the EU. It was a legislation that marked digital privacy as a right, not a privilege, and companies all over the world scrambled to make sure they met compliance requirements. Now, for users in the EU, the internet has become a more transparent place for how information can be used or accessed. But, of course, it is still a work in progress.

Digital privacy is a massive topic that can be very easy to get lost in, especially if you’re new to to it. However, you don’t need to be a security expert nor do you need any particular reason to bolster your privacy on the internet. So, here are some simple security pointers for the average web user:

1. Keep your OS updated

The first thing you will want to do on any device is to make sure that it’s updated. As annoying as the notifications can be, they’re there for a reason– updating is important, and not staying on top of them could mean your device has a critical security vulnerability. So whether it’s installing the new macOS update, iOS 12, or Windows update, etc. just make sure that you take the time to do it, or set up your device to update automatically (usually configurable in settings).

2. Be mindful of Public WiFi networks

Public WiFi and open networks are notorious for security vulnerabilities, and connecting to one could pose a risk to your information. While it’s better to avoid connecting to them at all, sometimes you need to, so if you do, here’s some steps you can take. First, you’ll want to make sure that you turn off network sharing (usually preferences can be found in wifi settings on your computer). On Windows devices, you can also make sure you have Windows Firewall enabled.

When browsing connected to a public network, it’s best to avoid anything sensitive, such as banking. You should check to make sure that what websites you navigate begin their web address with HTTPS, as well.

3. Use a secure web browser

Make sure that you are using a secure web browser. Mozilla Firefox and Google Chrome are some good choices depending on what you want. If your priority is maintaining as much privacy as possible online, Firefox is better as it has more options for privacy and security. It is also the more lightweight program of the two, which would run more smoothly on computers with less RAM.

Google Chrome is also a comparatively secure option in terms of protecting you from malicious websites, however it is less private as a lot of data about your internet usage goes to Google. That may be a positive or a drawback to you depending on your priorities – if you want privacy, it’s not so great, but if that’s not extremely important to you and your computer is equipped to handle Chrome’s resource demands, then it’s a solid choice as well for speed and reliability.

In either browser, make sure you take the time to navigate to the Privacy and Security settings and adjust them to your preference. Some of the settings you can choose are to clear your browsing data/history, unselect the option to send usage statistics to the company, enable Do Not Track requests, etc.

Additionally, you can install an ad blocker extension/addon, such as uBlock Origin, in both browsers that serve as an additional line of defense against unwanted scripts running on websites that you visit. This can be easily obtained for free through the Chrome Web Store or Firefox Addons.

4. Secure your social media profiles

One common mistake that people make on social media platforms like Facebook and Instagram is that they have their profiles set to public. This means that anyone, anywhere can view your profile and all the content on it. This is great for a business page, but maybe not so much for your personal profile.

Every big social platform has privacy and security options. These can usually be found in the settings menu, where you can navigate to the relevant sections to adjust what you want to be seen. On Facebook, you have full control over who can see your posts and friends lists, as well as whether you can be searched by your email address or phone number.

Location settings – especially in mobile apps – are important to adjust as well. Snapchat is a big one for this, as people on your friends list can observe your location in real time through the Discover function unless you have disabled this feature and turned on “Ghost Mode.”

5. Consider using a VPN

Finally, if you want to take your security one step further, you can look into getting a VPN — that is, a virtual private network. VPNs have significant privacy advantages by encrypting your connection and acting basically as an intermediary between your device and the internet. They mask your IP address, which is basically as telling in the digital world as your home address is otherwise. The VPN works by routing your traffic through its own servers, and gives you the option to appear to be from any location of your choosing.

But since you are relying on the VPN in this way, it’s important that you get a trustworthy one, such as F-Secure Freedome. Most free VPNs are unreliable at best or actively malicious at worst.

Overall, online security and privacy is what you make of it. But these simple steps will at least ensure that you’re going in the right direction. For more in-depth information on the topic, be sure to follow @CentryCyber on Twitter.

This article was written by Kristina Weber of Centry Global. If you would like help or have questions, feel free to contact us via email at info@centry.global! Be sure to subscribe to Centry Blog for original bi-weekly articles relevant to the security industry.

Safe Online Dating

My Post

Online dating is a great way to connect with people. Throughout the history of the internet, it has gotten better and better. Most millennials meet their partner online compared to other ways of meeting new people. It’s quicker and easier than ever, where a date with a new person can be arranged within an hour’s notice through your smartphone.

How We Can Help

Despite the concerns that may be raised with some of the risk-related content in the article, online dating overall isn’t a bad thing nor is it something to fear. You can be immensely rewarded and fulfilled by it, and many happily married couples have their origins online. The only thing is, that you have to educate yourself on the environment. Dating online has a different range of risk factors than, say, meeting someone at a nightclub, but just like monitoring your drink in that example, there are steps you can take to avoid being taken advantage of.

We at Centry have been inspired to help people like you after hearing so many stories of online dating gone wrong. We believe you can find something real if you go about it mindfully. So, we are happy to announce that we have opened up an identity verification service called Date Check Online that provides three different levels of private checks to make sure that the person you are talking to is who they say they are. These checks are performed by investigative professionals who have been trained to spot red flags and have data sources available to them to search names against known sex offender registries and watchlists, so it’s a smart way to support your initial Facebook sleuthing if you have a funny feeling about someone.

The Risks

New technologies and phenomena often bring with them concerns that need to be addressed. With the ease of availability comes volume, and, as in any kind of risk management, with increased volume comes increased risk. Online dating can be immensely rewarding, but it should be conducted responsibly; individuals should be aware of their personal safety concerns and online dating risks should be managed accordingly.

Misrepresentation and Catfishing

Misrepresentation is always a risk with online dating, whether it’s something like hiding the fact that someone is married or using a photo on the profile that doesn’t accurately reflect their appearance. It’s so easy to lie behind a digital barrier that you never really know who the person is that you are talking to until you meet them, and even then there could be facts that haven’t been disclosed.

When misrepresentation is deliberate to the point of falsifying an identity, it’s called Catfishing.

It’s a term that refers to situations where someone has been involved in an online romance under the guise of a fake persona. Oftentimes these people will take images of attractive men or women from Google Image Search, come up with a fake name, and create life stories for these personas in order to take advantage of the people who fall for them.

We have all heard of the horror stories of grown  men using these fake personas to take advantage of young girls, but this concept exists across all genders and can affect anyone.

At best these circumstances result in broken hearts and feelings of betrayal when the lie is discovered, but they could also cost you your life savings. Huffington Post reported on a 69 year old woman in Florida who spent two years in a relationship with an individual that ultimately ended up abusing her trust to make money. Over the years of their relationship and phone calls and texts, she had funneled him roughly 1 million USD for the purpose of what she believed was to help him run his business.

Action Fraud reported that targets of romantic fraud lost approximately 41 million GBP in 2017. This number is likely also only the tip of the iceberg, especially considering that it can be humiliating to be taken advantage of in such a way, which can discourage victims from coming forward about their experiences.

Greater Risks for Women

The risks with online dating are greater for women, considering worst case scenarios such as physical or sexual assault, trafficking, or worse. While things like this can also happen to men, statistics for these crimes are heavily skewed toward female victims and that fact cannot be ignored.

This is all the more difficult considering that a number of dating websites perform no screening whatsoever on people who sign up for it. Which means that registered sex offenders can sign up– and approximately 10% of sex offenders use online dating sites.

Online Dating as a Business Risk

For businesses, online dating is a relevant factor that can affect several risks. It is so prevalent that the odds are that someone around you is participating in it. In your technology reliant workplace, most employees feel it is important to have their smartphones with them all the time, and the honeypot tradition has its roots in a long history of espionage. An online romance is a shortcut vector for red teams to breach your company’s security. Other concerns may elevate risk in business travel: online dating apps have been known to be used to lure victims into situations where they can be easily robbed.

While we think that implementing dating controls to your corporate policies is a bad idea, we urge individuals to think about how your personal communications may have have an effect on your professional security. Business is also a great analogy for online dating: as an entrepreneur you would have to take risks that could have negative outcomes, however, with the right planning, the positive outcomes are much much more likely and the impacts of the negative ones are minimized.

Safety, responsibility and integrity considerations aren’t hindrances – they are success enablers. As we always recommend, trust your instinct, and use resources provided to you.

Feel free to reach out to us on any of our social media platforms or on the Date Check website if you have any questions or comments!

For more content like this, please subscribe to Centry Blog. This article was written by Kristina Weber and Oskar Savolainen of Centry Global.

Common Security Dos and Don’ts

internet screen security protection

Photo by Pixabay on Pexels.com

Security vulnerabilities pose a major threat to organizations. Breaches can be costly both in terms of finances and reputation. So what are some ways that businesses can take initiative in protecting themselves against some of the most common security threats?

Do screen job applicants and third parties

Comprehensive background checks and due diligence are extremely important to getting the whole picture of an applicant or a third-party business relationship. Without going through this process, you expose your business to countless threats.

Typical background checks may verify an applicant’s residence and professional history, where a comprehensive investigation including social media can identify more subtle connections that would alter the risk recommendation. If your business does not have the resources to do this on its own, we can help you with our team of professional investigators. Don’t hesitate to reach out!

For more on this subject, be sure to read our article on The Significance of Background Checks in Business.

Do come up with a robust security policy

Your organization’s security policy should cover procedures for preventing, detecting, and acting upon misuse, as well as guidelines for conducting due diligence. These should be crafted with a plan for investigating insider breaches as well.

A good security policy also contains risk management processes. Check out our guide here on the basics of forming a risk management plan.

Don’t overlook the threat of malicious emails

Your organization might go to extremes to secure their email system, and yet it remains one of the most vulnerable links in the chain. All it takes is for one person to inadvertently click on an malicious link or attachment to infect all the computers in the office.

A good rule of thumb is to never open a link or attachment if you don’t recognize the sender, and ensure that your employees are trained in recognizing this type of scamming/phishing behaviour. For help in training your employees on this, don’t hesitate to reach out to our cyber security team.

For more content like this, subscribe to our blog for regular updates in the security industry. If you have any questions or comments, feel free to reach out to us on Twitter @CentryLTD

Centry Opens New Office in Mexico City!

el-angel-de-independencia--mexican-landmark-552812595-59863bb2519de2001116a0d0

We are pleased to announce the expansion of Centry Global to Mexico!

Our new office is now open, located on the 17th Floor Torre Magenta, Paseo de la Reforma 284, Colonia Juarez, Distrito Federal, Mexico CP 06600.

new office.PNG

As an international security company, our work takes us across the world. With the opening of this office, we are now able to better serve our clients in the region.

At Centry, our focus is to develop long-term, communicative working relationships to provide you with the best resolutions to your security challenges. While our combined expertise primarily revolves around security and risk management, you will find among our ranks professionals in corporate and private investigations, fraud control, and experts in programming, software development, and more.

We look forward to meeting and working with more clients across Mexico. Please don’t hesitate to contact us!

📧 info@centry.global 📱 +52 55 4739 2665