Risk Mitigation
What is Risk Mitigation?
Often there are situations that need to be handled with discretion, an allegation is just that. But we all know that allegation can take on a life of its own, where perception becomes reality. The retired FBI agents at Arruda Group know, understand, and live by this concept. Discretion is our norm; we are very skilled at confidentially conducting investigations.
Internal Investigations
Internal investigations must be handled confidentially and objectively as the accused employee’s future is at stake. Our investigators are retired FBI Special Agents, with at least 25 years of experience in both criminal and national security investigations. It goes without saying the amount of discretion necessary to successfully investigate a national security threat. Our Internal Investigation service effectively provides the information necessary to move forward either to handle the situation internally or to refer to law enforcement. Our experts help expose integrity concerns at any level, enabling you to take decisive action as soon as possible.
Internal Investigations Best Practices
Internal investigations have become tricky recently. The amount of remote work has skyrocketed. This can make it more difficult to conduct internal investigations. As an essential part of keeping your business safe, we must learn to adapt to this new climate. The pandemic saw a massive uptick in cybercrime and exploited vulnerabilities. The pandemic showed businesses the advantages of remote and virtual workspaces to make matters worse.
Nowadays, there are more tools, trends, and threats to be aware of than ever before. When you adapt your security program to the new climate, you should also update how you conduct investigations. Like those over interpersonal disputes, even small investigations need to be handled carefully. Small concerns can become major problems, so you want an effective and fast investigation. What is the best way to conduct an investigation, Contact Arruda Group!!
Insider Threats: Architectural Weaknesses
Another potential issue could be weaknesses in your coding architecture that leave you vulnerable to cyber-attacks. Many companies are regularly tested by hacking experts to seek out any potential weaknesses, and this is something to keep in mind before you decide to forego a systems expert. There are terabytes of login information, credit cards, business transactions, that have leaked from networks, and all are still on the internet at large from careless companies failing to vigorously check their architecture for gaps in their defenses. Likewise, there are also many news articles detailing the lawsuits that follow such losses.
1) Expand Your Sources
Your employees experience more than just what happens at work. As a result, decisive information may be present outside of your place of business. When you encounter gaps in your information, it’s time to consider more sources than those you control. For example, has an involved party used a personal device to send text messages? Have emails or messages been sent with sensitive information? You need to at least rule out the possibility.
2) Track Your Data
A key part of identifying who has sensitive information is knowing who has access to that information. Beyond just personnel access, consider device access. Can one person access this information on multiple devices? If so, you need to know where these devices are at all times. Consider integrating data mapping into your overall security plan. A data map allows you to quickly identify who is responsible for certain pieces of data, allowing for agility in an investigation.
3) Standardize Your Policies
Whether you allow remote work or not, you need to decide if you allow employees to use personal devices for company business. If you do, you need to consider what security policies to put in place… Because security policies need to be in place. Many data breaches come from employees using unsecured devices to access secure content. After you decide on your standards, focus on how you will administer this policy. What will the penalty be for breaching the policy? A focus on this oversight can simplify the investigative process in the event of breaches of conduct.
4) Vet Your Investigatory Team
You need a clearly defined list of standards, expectations, and procedures for investigations. You also need to apply these same standards to the investigation team. Focus on documentation and data organization. These standards should also include using outside vendors and contractors to aid in the investigation. Since you don’t want your team working with just anybody, a set of standards for deciding which vendor to work with is essential.
You might be noticing a theme. The key to a successful, cost-effective investigation often comes down to organizational structure. With a well-organized business, your investigation workflow can be much more robust. At Arruda Group, we understand the importance of secure investigations. You can contact us, via phone, email or through the website. By setting up these workflows today, you can more easily adjust them later to be ready for tomorrow.
Litigation Support
The complexity of issues brought to trial today necessitates the assistance of outside experts to establish your position. Often experts are needed to expose derogatory information related to the other side. With decades of investigative and interviewing experience, we can locate assets, people, and provide the type of information to resolve arbitration or settle an issue out of court.
Digital Protection
High Profile Individuals (HPI), such as Corporate Executives, High Net Worth Individuals (HNWI), and Athletes, all have the same attributes. These attributes include a highly visible public profile and considerable financial assets. These positive attributes also have a downside, they mark you as a target for criminals. The public profile makes it easy for criminals to collect large amounts of information on you and target you financially.
Our digital protection service begins with a Social Media Vulnerability Assessment of your internet presence to determine where you are vulnerable. From the assessment, we make recommendations to mitigate the vulnerabilities. Through our proprietary tools, we can proactively monitor the Dark Net for your digital assets including:
- Domain(s)
- E-mail addresses
- Credit Card Numbers
- Bank Account information
- 24 x 7 notification of issues
Please contact us to discuss your needs, we can build a plan to accommodate them.
Physical Security Assessments
When thinking about cybersecurity, most of us naturally imagine threats involving technology. We imagine hackers going after smart devices or trying to gain access to sensitive information. While this is definitely the reality, it isn’t the whole picture. Physical security presents a very real challenge in information security. All the best security in the world could fall apart if your physical security is lacking. We will cover some of the most basic forms of physical security that can protect your data and give you ideas on behaviors to avoid.
The most basic form of security is physical security. For example, if you lock your house when you leave for work that is a layer of physical security. While cybersecurity aims to defend things stored digitally, physical security relates to real tangible assets. However, physical security is about more than just standing guard and having good keys. There are internal, external, and human threats to consider.
An example of an internal threat might be fire, humidity, or structural damage. These threats should be minimized by using fireproofing or securing your data centers. External threats include lightning strikes, earthquakes, and other unexpected disasters.
There are also human threats. Your employees can count as human threats if they’re negligent. Human threats also include people who break in, steal, vandalize, or commit physical acts against your company, like an active shooter. Many human threats can be mitigated by restricting access to important computers, locking doors, and employee training.
What is Physical Security?
The risks presented by insider threats are severe. After all, your employees have access to your most sensitive and important data. You could lose money, reputation, and even face liability if this information leaks. Furthermore, employees aware of cybersecurity standards can prevent problems far in advance. They can support your efforts by aiding in monitoring and oversight. By the same token employees familiar with risky behavioral indicators may be able to stop a potential threat through reporting. Knowing what to look for and how it can affect the company is something every employee should know and take part in.
An engaged employee is more likely to be alert and responsible. They may even detect lapses in your security that can be further improved. By training your employees to recognize internal threats, they become security assets rather than liabilities.
What to Watch For
Luckily, part of running a business involves security, whether you know it or not. Having doors that lock is a good example, but so is staying up to standard with the fire code. Sprinkler systems, fire extinguishers, and emergency exits are all forms of security too. Encouraging a culture of vigilance in your workplace is also extremely smart from a security standpoint.
There are a lot of tricks bad actors can use to get at your sensitive data. Consider “tailgating.” How often do you see this in the workplace? One employee is unlocking the employee entrance. Another employee jogs up to meet them or holds the door for them. Two people entered even though the door was only unlocked once. This can be a major security problem, and it’s so easy to do. After all, isn’t it rude not to hold the door for somebody?
Once somebody has access to your office space, they can steal all sorts of information. One of the easiest and most preventable thefts is of passwords. If your employees have passwords saved on sticky notes, take them down. Change the passwords immediately. What would happen if one of those notes were on film or live streamed to the internet? Sensitive documents, password authentication factors, and other security concerns should be locked up.
Even more devious are “social engineering” threats, which you can read about on the Social Media Vulnerability Assessment page. These take advantage of well-meaning or uninformed employees.
Security Starts with Appraisal
You don’t necessarily need dedicated security staff to improve your security situation. They do help, but a workforce that knows what to watch out for can often do the job just as well. If you need help identifying your company’s security weaknesses, call us. We’ll help you run a tighter ship and secure your company.
Special Projects
Our vast experience in Intelligence, National Security, and Law Enforcement, provides us the ability to apply our skills to any problem set. Please contact us to discuss your situation and let our experts share their vast experiences.