A Florida City realized they needed to evaluate their Cybersecurity posture and prepare for a worst-case scenario. In doing so, they decided to initiate an annual Cybersecurity Conference, where the Arruda Group was invited to provide training on Cybersecurity Awareness.

● Assessed the Client’s Organizational needs
● Catered Training to those needs
● Organization made changes based on training

After our initial presentation at the conference, the client realized they needed additional help with their cybersecurity posture. They contracted the Arruda Group to conduct a Social Media Vulnerability Assessment, which resulted in policy changes including the type of information posted on the their website. Arruda Group updated the City’s Social Media Policy, re-wrote their Acceptable Computer Use Agreement, drafted banner language for their computer network, created an Incident Response Plan, and developed a Cyber Tabletop Exercise based on all of the above. The city is inherently more secure today than they were prior to Arruda Group’s first engagement.

Defendant and Plaintiff were partners in an Internet related business. At some point, they agreed the Defendant would purchase the Plaintiff’s share of the business. After the deal closed, the Plaintiff sued the Defendant in Federal Court for a share of the outstanding Intellectual Property.  The Arruda Group was contracted by the Defendant’s law firm to provide litigation support and determine if there was anything derogatory in the Plaintiff’s past.

• Client provided documentation
• Arruda Group conducted a logical investigation
• Derogatory information uncovered
• Plaintiff associated with Criminal activity, Advertising Child Pornography
• Plaintiff had ties to Organized Crime in the US and abroad
• Derogatory Information provided to Judge

The Arruda Group’s investigative expertise and understanding of the statutes defining and criminalizing Child Pornography were instrumental in establishing the Plaintiff’s involvement in criminal activity and association with Organized Crime. Knowledge of these allegations and the potential to turn them over to law enforcement for further investigation were enough to leverage the Plaintiff to settle.

A business was suffering astronomical loss from what they believed to be a gift card fraud scheme. The company contracted the Arruda Group to investigate the fraud and determine the scope. While conducting the fraud investigation, numerous issues regarding their gift card supply chain and processing system were discovered. As such, the focus of the investigation shifted to the gift card process from origination to redemption, and the supply chain to evaluate for weaknesses.

• Client provided gift card information
• AG conducted a logical fraud investigation
• Walked client through analysis of network for gift cards
• Evaluated client’s gift card processing procedures
• Interviewed gift card vendors and supply chain
• Deficiencies detected
• Provided solutions for deficiencies

Our initial fraud investigation uncovered security issues with the client’s gift card processing procedure.  Numerous interviews with their current gift card vendors revealed the client was not taking full advantage of all the security features offered to their clients. The current services were an agglomeration negotiated by employees that were no longer with the company.  Arruda Group provided suggested program changes to make the gift card process more secure.

An employee was violently attacked in their workplace by three assailants, two of which were unidentified. The third assailant was known but appeared to not overtly participate in the assault. The employee suffered multiple injuries including a broken jaw, whiplash, a ruptured eardrum, and a concussion. No arrests were made, at the scene, by the local police. The company contracted the Arruda Group to investigate the incident and assist the local police with the subjects’ arrest and conviction.

• Contacted police and obtained police report
• Conducted logical investigation
• Interviewed victim, witnesses, and identified subject
• Identified the two remaining subjects
• Investigation revealed 3 subjects involved in a murder that same day
• Two subjects were identified and arrested at the scene, the third remained unidentified
• Tied known subject from assault to unidentified subjects and murder

Investigation for initial assault in the workplace resulted in arrest for Capital Murder. Two of the subjects were involved in a murder later that day and arrested by local police.  There was a third unidentified individual who fled the scene of the murder before the police arrived.  Arruda Group was able to place the identified assault subject at the murder scene, as the driver. He was subsequently arrested as the third murder suspect. All three subjects are awaiting trial for Capital Murder and have confessed to the assault on the employee.

COVID-19 and the resulting increase in remote work from home has created new challenges for employers. In this instance, a highly paid employee appeared to be “daylighting” running their own business from home on company time.  The owner of the business further advised the employee no longer wanted to utilize company computer equipment. The company contracted the Arruda Group to conduct an investigation to determine if the employee was running a business during company hours.

• Assessed client’s requirements
• Established Undercover (UC) network to communicate with employee
• Developed scenario for contact
• Initiated contact with employee from UC network
• Provided employee with a lucrative offer

The employee was sent an email invitation to participate in a large contract, via the UC network, during work hours. Prior to responding to the email, the employee subsequently re-signed.  As such the company did not have to terminate the employee and expose themselves to a potential lawsuit.

An international consulting firm with offices and remote workers located throughout the United States and abroad concluded they need a Cybersecurity Education and Awareness Program (CEAP).  The program has to be comprehensive but delivered in micro-lessons to ensure retention. It must also be customized and more comprehensive for their employees that support government programs and contracts.

• Determined company’s requirements and needs
• Assessed employees’ level of Cybersecurity knowledge
• Reviewed company’s tech delivery systems
• Developed a plan in conjunction with IT Department
• Created custom Cybersecurity Awareness classes
• Drafted weekly Newsletters, that build on each topic
• Scheduled monthly lunch and learns reflective of current events
• Scheduled monthly townhall Q & A sessions

The employees now understand the mechanics of a Business E-mail Compromise, how Ransomware propagates, why it is important to have good password discipline and not re-use or commingle work and personal email and passwords, and why it is dangerous, to the organization, to post too much information on Social Media. The Cybersecurity Education and Awareness Program has greatly minimized the number of employees failing phishing tests and committing reckless errors. It has also freed up the IT Department to work on IT related issues, thus making the organization more secure.

Emerging from COVID, restaurants were among those hit the hardest financially, and most if not all were exploring any option for growth. The Arruda Group conducted a Due Diligence Background Investigation on a potential franchisee to determine their viability in the restaurant’s environment.

● Client provided documentation
● Arruda Group conducted an investigation
● Inconsistencies uncovered
● Client made an informed decision based on all the facts

Without leveraging the experience of the Arruda Group, this restaurateur could have lost millions of dollars. Our team of former FBI investigative professionals have a deep understanding of what to look for when it comes to fraud of any kind.