Is Your Business Secure?

February 15, 2012 By

CORPORATIONS, BUSINESS EXECUTIVES, is your business secure?
Not publicly admitted by our government, most businesses maintain the ‘illusion’ still exists of a secure business. Corporations need to protect all of their intellectual property.

Corporations need to have strong security policies. A well thought out strategy is the key to good security. Not only while traveling abroad, but also in your homeland.

Corporate data center tips.

Two-factor employee authentication (password / others as well)

If your network is ever penetrated, your data would be safe by using encryption of all data with very tight access controls.

Constantly reviewing and revising of your fully open source encryption solutions that can be trusted even under constant attack.

Most sensitive data should be segregated and different degrees of security clearance allowed to access on a separate network making it even more difficult to compromise.

Update to next generation firewalls. Sophisticated attackers still will penetrate your network as well as one bad click on a URL by an employee.

Corporate EspionageProhibit potentially affected equipment from returning and connecting to your network (including printer/copy/fax laptops, phones, data drives, and anything).

Unfortunately, the only completely secure computer is one which is not networked, has severely limited access, and kept locked up when not in use. Of course this is not practical but we would like to get you thinking that way because anything else may be a potential avenue to compromise your network.

Control the areas where sensitive conversations take place, such as the boardroom, your office, and executive conferencing areas.

Control and restrict physical access to secure areas of your office, the boardroom, the office building and grounds is applicable.

Consult for Electronic Counter Espionage Information Sweeps at three unannounced visits per 12 month period.

‘Physical access’ still trumps ‘remote access’ anytime, anywhere. Some types of information cannot easily be compromised remotely in quantity or quality. Having physical access to a device such as a cell phone, computer, phone communications system, is enough time for spyware to be installed and data to be copied. Some spy technology does not need to be accessed to anything within or outside of your office or building.

It is so much easier not needing to scroll through and identify a juicy target of important information from thousands of others on a target company or agency network and IP range. When one must jump through firewalls, get passed log-in, and past various sentry guards, it’s easier to just steal it while you’re there in person or plant something and monitor the new information forever.

We are at a revolutionary technical age, and there isn’t anything secret. We experience government and political corruption, unethical political alliances, spying to steal trade secrets, proprietary creations, immoral romantic affairs, sexual fantasies, and character assassinations. There isn’t any privacy or security for anyone. This information will soon be open to anyone for free and there are those who will use it to their advantage.

Resource Links:

http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?_r=1

http://www.realclearpolitics.com/articles/2011/10/04/rep_rogers_on_chinese_espionage_111579.html

http://fullcomment.nationalpost.com/2011/11/30/john-ivison-csis-right-to-worry-about-chinese-spies/

http://the-diplomat.com/2011/09/19/chinas-growing-spy-threat/

Filed Under: Corporate Espionage, Featured

Do not give up your privacy so easily

February 10, 2012 By

personal privacy protectionIn late January, the European Commission published a proposal “on the protection of individuals with regard to the processing of personal data.  The proposal does not differ all that much from the existing European approach to data collected by businesses about people. The principles are the same: get permission from individuals before you collect information about them, tell them what the information will be used for, only collect what you need, only keep it for as long as you need to, protect the information properly and do not give the information to someone who will not protect it.

One apparent major addition, the right to be forgotten, is, in part, a clarification of the idea that since you have to have permission to collect information about someone, if they withdraw that permission you need to delete what information you have collected. It is hard to tell exactly how the nine paragraphs in Article 17 that describe the right to be forgotten will be interpreted when it comes to third parties such as search engines that just report on what information is out there. It is also hard to predict how these rules will be interpreted when it comes to public information such as criminal convictions. It seems like it would be a really bad idea to let someone erase that kind of history.

Even if the proposals are accepted as-is it will be at least two years before they could go into effect, so there is no immediate worry, other than the worry U.S. companies should already have about the existing EU privacy rules.

In Europe you, in theory, have the say on who collects information about you and your actions and what they do with that information. There is no such assumption in the United States.  Here companies can collect any information they can get their hands on and use it in any way they want. About the only restriction is that the company has to be truthful in anything they say about what they collect and what they do with it. Being anything but truthful can be seen as an unfair business practice by the Federal Trade Commission.

If you are a small player on the Internet scene you may not have to worry all that much about these proposed rules since it is unlikely that the European Union will come after you, but the big guys, such as Google are paying attention.  Hopefully in the next 2 years this law will become effective in an effort to fight to save your personal information.

Most companies know of this law because most companies know what is happening in Europe and what will follow suit here in the United States.

Companies, such as the ones you hire or pay, are systematically saving all your private information. They also go so far as to demand your driver’s license, social security, and your date of birth.  Medical offices are asking for a photocopy of your driver’s license. Resist. Don’t give it to them. With a driver’s license alone, your complete identification is available including your social security number.

Upon further checking with a medical insurance company regarding the information the medical facility demanded, their response was they have all a patient’s identification and there is not any need to be collected again.  Patients are to just produce your medical ID member card and if there was a question about your identity, show a government picture identification while holding it in your own hand and not giving it to them to copy.   We’re sure each medical office will have their own policy on patient information collection, however, we encourage you to fight for your privacy.  Don’t give up your identification and personal information too easily.

Some of the social applications on the internet and other places ask for certain information and we all give it up without question. Opt out of your location on these sites and be careful.

What about when you are filling out an online form and they are requiring certain information that you do not want to give?  Just don’t comply.  Sometimes what you are attempting to get, under second thought, maybe you could do without.

To protect your information try ‘Do Not Track Plus” by Abine.com.  This online privacy company works well so far when tested.

Spies, and all other interested people put together, are mapping this strategy. That is, let businesses/government institutions/social networks, do all the data collecting for now before the laws change.  Then whenever private and personal information on someone is wanted, spies can hack into the so-called “safe storage,” and take what is needed.

Don’t wait until laws are in place, protect your privacy now.

reference: Computerworld.com

Filed Under: Featured, Privacy, Social Networking

Privacy Issues for Medical Groups and Doctors

January 20, 2012 By

Whether you’re a solo practitioner or practice in a single or multi-specialty medical group, you as a physician in today’s society are faced with many perplexing business pressures and problems. Fundamental changes and challenges in the healthcare marketplace have resulted from

  • declining reimbursement
  • soaring malpractice rates
  • new federal compliance regulations
  • litigious employees
  • increased competition from other physicians
  • vertical integration
  • practice consolidation
  • medical insurance fraud
  • oversupply of physicians in some urban markets

With ever decreasing practice profit margins, physicians cannot afford to ignore the issues and problems raised by these internal and external market forces.

Medical groups need to focus on safeguarding and protecting the privacy of their patients.

Although there have been several well publicized security breaches, most often these have been of carelessness (lost or stolen laptops, backup drives, etc.).

A member in congress had a personal breach on her medical records. A thumb drive was used by medical staff to copy patient information from a hospital computer they were working on. The confidential medical information was breached when the thumb drive, full of information, was accessed by the home office home computer. Both the home office computer and the thumb drive was not protected.

Employees have snooped on records of VIP patients or a family/friend. When a medical practice investigates and verifies misconduct of an employee, the medical group risks a potential law suit and internal discipline usually is the course of action. Internal discipline also protects the medical group’s reputation and possible fines from the government.

Your competitor could get hold of private information and it was proven the medical group kept the internal discipline a secret from the ‘right patient?’ You can see how the medical group could potentially end up with multiple suits, and also charged criminally.

Competitive nature for new procedures or services being offered. If a company spends its own time, money, and resources developing high-quality procedures, devices, or services, this intellectual property needs to be protected from the watchful eyes of your competition.

Who is to accuse medical groups on ‘spying on one another’ when their main concern should be conducting their own business?

Many different outside interests may seek needed information to protect their investment and client concerns. Medical groups may be susceptible in many ways for possible internal fraud such as deviant business practices by a greedy partner, acquisition by another medical group, over zealous governmental agency subcontractors, agencies overseeing medical and pharmaceutical businesses, their own insurance company.

Medical groups are being looked at as a ‘vulnerable sitting duck’ through the eyes of an ‘information hunter.’ Did anyone ever think of an internal ‘disgruntled employee’ or so called ‘whistle blower?’ Could the compromise activity be already in progress?

Read more on How to protect your private information

You can also read How to Protect Your Medical Group’s Private Information

Filed Under: Corporate Espionage, Featured Tagged With:

Beware Locked Wireless Routers Can Still Be Hacked

January 6, 2012 By

Teenager Wireless Router HackersSmall Business and Home Office users who think your wireless router is safe just because your local provider supplied directions on how to set the WPA/WPA2 security protocol, must educate yourself and otherwise be informed as to this form of Identity Theft. The encryption is not foolproof and if you look out your window you just might see someone sitting in their car copying your passcode and log in information. It only takes a minute to copy and with the right over-the-counter equipment they do not need to be that close by. Just a simple laptop will do with the right free program.

Social information obtained by a few teenagers I caught using the other day just outside Pxxxxx Bxxxx Company was amusing as they thought while spying on their school mate acquaintances within the establishment. As I watched them hover down within their car as the local enforcement drove in for their free coffee and donuts, this was a clear tip they were doing something very wrong. Since this illegal activity is a felony by state and federal laws, it is not a crime of violence, therefore, not paid attention to much by locals.

This very same activity is carried out by adults to compromise your Home/Office wireless network connection on information gathering for various reasons. Listening to various hackers laughing at the information obtained from emails and social dating sites, and also the serious business side of the unsuspecting victims they are watching. “This is so entertaining its better than going to the movies,” one replied. Oh by the way, that little medical problem you have, well they think that’s funny too. That’s right, that medical file sharing history you recently consented too with your physician for the sake of first responder access, supposedly in case of medical emergency? Yes, that security sold to you is a joke too.

Remember the term ‘Wireless Router’, in meaning something to the effect that information traveling through the air as a ‘Radio Frequency’ (RF) Signal. This is not safe and as secure as the marketing sales people would like you to think. Many people are capable of seeing all RF that travels through the air concerning this subject, and it doesn’t take much to do so.

Here are some links explaining how the compromise is made and also how to fix it. If you still need to be safe, please contact me and perhaps I could offer some advice.

http://blogs.computerworld.com/19518/brute_force_tools_crack_wifi_security_in_hours_millions_of_wireless_routers_vulnerable?source=CTWNLE_nlt_security_2012-01-05

https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf

Filed Under: Featured, Identity Theft, Online Content Tracking, Spyware Tagged With:

How Information on your Company’s Trade Secrets are Collected

December 19, 2011 By
Phone being bugged with bug device

Phone being bugged with bug device

Your company is being targeted.  How?

The spy office personnel start documenting any and all information received from their listening devices. Desks with triple screen computers and trained personnel are out to get what is being well paid for, Company trade secrets.

Other spy personnel are viewing news media, social networking sites, including any and all traffic sites on the net. This is a great deal of investigative and intelligence gathering work ever imaginable. It’s operated as a business that is profitable.

With diligence, the spy company is looking for employees with a social big mouth, a sleazy habit or two, or vulnerability of some sort.  This psychology is used on the person of interest to initiate an unsuspecting and clueless “agent” for the spy.

Your employee may be coerced into becoming a “mole” or the “eyes” for the spy.  The spy then controls the action as though controlling a puppet on a string. The spy succeeded in enabling access to gain intelligence information through indirect involvement with those who are “in the know” and who have direct knowledge of your trade secrets.

The activity of a spy agency and their network of spies will continue to gain intelligence information for this client as long as the client is willing to pay the premium, or until they are found out and their devices destroyed.

If you are suspicious about your company being watched, contact us to perform a professional bug sweep.  We will give you an exact answer and will provide expert advice on your options.

Filed Under: Corporate Espionage, Featured, Social Networking Tagged With: , , ,

When a Spy Company has You as Their Target

December 12, 2011 By
Spying on someone

When a Spy Company has You as Their Target

When your competitor decides to hire a “soldier of fortune” type company to expose and discredit your business, as a business owner or manager, you need to contact help.

Let’s say your competitor wants the fastest and dirtiest way of discrediting your business in order to get ahead in the same market, without earning. Consider this possibility as similar to money laundering, as passed from marketing company to subcontractor, to subcontractor and hard to tail. Any marketing company that promises to get quick fix results, sometime behind the scene this is done in an orthodox way. Good marketing even for a not so good company, takes time.

The unorthodox company will use any means possible to systematically data mine and gather information on you. A Conspiracy theory may be implemented. They may create false information by fake reviews, fabricate /twist mislead honest information, or other means possible to expose your company in an unfavorable way to the media.

To speed things up, as well as bumping up their charges, a spy agency (or shall we say data mining company) is retained. The 3rd party spy agency sends technicians disguised as medical staff, phone techs, HVAC techs, utility employees, or any uniformed dress personnel that ‘fit in.’ The techs really know what they are doing, as this is very serious business that pays well.

The technicians are able to work within the environment without ever being noticed. They expertly install listening, recording, video, as well as any other motion device designed to collect data in ‘real time.’ When the technicians have completed their assignment, all forms of communication within your business, whether verbal between physicians, business, and any other staff, are being monitored when they are actually happening. The office building is totally compromised. The IT personnel are clueless because this does not affect their job.

There are actually spies who are experts in infiltrating a particular profession. An example is such as the medical field since these medical groups tend to earn high revenue. It doesn’t matter how, who, or if they are able. It’s a matter of when. Once employed, these spies will succeed. Secret medical malpractice possibilities could be questioned by legal counsel and insurance carriers involved with litigation, when presented. Several months’ history and present evidence will be a very damaging mistake of miscarriages that will not be confidential. How about that deadly staph infection?

The best of the best make mistakes.

Some malfunction takes place, such as your phone clicking, lost or dropped calls, static or rerouting to a different number, etc. and suspicions start to arise involving other matters as well. Your alert feelings are a warning of something wrong. This is the point when you should call for a Technical Surveillance Counter Measures (TSCM) Sweep. Chances are you are right. Do not openly express your suspicion that you may be compromised. Instead, go off site and discuss this with one other key colleague and decide on the appropriate action to take. Remember if you suspect, consider the worst and use considerable caution not to tip off the spy watching. When we catch them, we like to see the surprised look on their face.

Exposing your thoughts in the wrong way will result in the possibly of never knowing who the suspect attacker is. When the identity is unknown, the door for reoccurrence will always be open and that same spy may return at a future time.

If a TSCM Sweep is done correctly within some state laws, there is a chance of recovering your costs for our services. If you feel your organization might be compromised, don’t hesitate to have a bug sweep performed discreetly. You never know who is listening.

Filed Under: Corporate Espionage, Featured, Technical Surveillance Countermeasure Specialist Tagged With:

Why a Company Hires a Spy to Steal From Their Competitors

December 9, 2011 By

Corporate Spy BusinessWhen business executives are challenged by the board of directors to meet budgeting requirements, they may turn to unscrupulous marketing agencies.   Top level executives place incredible pressure on employees to provide high performance in order to beat out the competition.

Employees struggling with this pressure may hire outside consultants thinking they will produce the results needed.

These outside consultants, also feeling incredible pressure to produce, might have compromised work ethics and possibly turn to under-handed tactics to achieve the results necessary.

As a business, large or small, you have competition.  You and your competition have ethics.  Unfortunately you can’t control their ethics and business practices but you can protect your business’ trade secrets.

Spying is the easiest way your competition can get a jump on your marketing campaigns, formula secrets, or any piece of valuable information that will put them ahead of you. The goal can also be to discredit your business with false reviews and fabricated information spread around on the web.

We provide tactics for protecting your business.

Contact us for a detailed report based on your industry.

Filed Under: Corporate Espionage, Featured, Technical Surveillance Countermeasure Specialist Tagged With: , , ,

Electronic Communication Privacy Violated by Spying Companies

December 5, 2011 By
Corporate Espionage with Cell Phones

Corporate Espionage with Cell Phones

Companies bypassing wiring tapping laws to spy leaving us with no electronic communication privacy.  When communication companies don’t play by the same rules as we do, how can we protect ourselves from spying?  Federal wiring tapping laws are in place to safe guard our private information.

Some consider a strong possibility that governmental agencies may have third party vendors cooperating with them.  Vendors such as Carrier IQ and Gamma International are embedding a system on smart phones namely Android, Blackberry, and Nokia that are controversial to the law. Also, this ‘may’ create access to target computers through their personal cell phones.  This cloak and dagger tactic is not a well-known fact but companies such as Gamma International and Carrier IQ have been caught in the act of spying already.

A United States researcher from Connecticut, who discovered this situation involving California Company Carrier IQ, had been intimidated with the threat of a lawsuit.

Thanks to associations such as Electronic Frontier Foundation (EFF) these “warrantless” hacking techniques are exposed.

Corporate Espionage with Cell PhonesDo you encrypt your electronic communications to maintain privacy?  How often have you “opted out” of a company’s database? Based on research, there is no privacy for any electronic communication sent via the internet, no matter what choice you make.

Additional reading: “That’s Our Job” The Government Investigates Cellphone Wiretapping

If you feel that your privacy has been compromised, give us a call.  We are professionally trained to identify breaches in privacy and provide remedies.

Filed Under: Corporate Espionage, Featured, Mobile Device Security Risk Tagged With: ,

How to Protect Your Medical Group’s Private Information

November 21, 2011 By

Protect Your Medical Group's Privacy with a Bug Sweep

Recently our company was contacted by a representative from a medical group with concerns that someone was spying on them. Medical groups can be prime targets for spying from other medical groups, insurance companies, subcontracted agencies overseeing disability and workman’s comp, and pharmaceutical companies.

This representative had two reasons for suspicions. The first was someone was wondering around the building with access to different offices. Employees assumed this person was a tech and didn’t pay them any mind at first. The second suspicion was their phone system wasn’t working properly.

Security breaches in this new medical facility plus untrained employees led to a spy using a social engineering attack technique called pretexting. Social engineering is the art of manipulating people into performing actions or divulging confidential information. With pretexting, the criminal creates and uses an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that they would not ordinarily do.

Pretexting can also be used to impersonate co-workers, or any other individual who could have perceived authority or right-to-know in the mind of the employee. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one’s feet.

With access to the facility a criminal can plant spyware, bugging devices, and have opportunities to steal confidential information. The criminal can also manipulate the phone system creating the perfect eavesdropping scenario.

Here are a few ways you can be tricked into allowing unauthorized people into your facility and giving them your confidential information.

Criminals project confidence and act like they belong in your building. If someone were walking around looking nervous and glancing from side to side, employees would be able to tell that they don’t belong. The most important thing criminals do if they’re trying to blend into any environment is to look like they belong there. They walk confidently, like they know where they’re headed, and acknowledge people, the way you would in your own office. Subconsciously employees believe that the criminal belongs there.

Be conscious of “tailgating.” The best way to get into a medical building is to go in behind someone else. This is a serious security issue for medical offices with restricted access. It’s easy for someone to slide up to the door when an employee is going in and grab it as it closes, to beg the person going in to hold it for them, or—more often—they just walk through while the person ahead of them walks in. Most of us would consider it rude to slam a door on someone or let an elevator close when someone is just a step behind us, especially if it’s a secure door where you would otherwise have to fumble for a keycard or other device to get in, so we do the nice thing and hold it open.

Criminals who have some familiarity with the medical office will dress the part. Employees can point out more quickly a criminal when they do not dress at or slightly above the dress code for the office environment. Fewer people will question a person wearing a button-down shirt and slacks in an office full of polo shirts than will call out the guy wearing cutoff jean shorts and a t-shirt in the same office. Employees should watch for people who are both overdressed and underdressed.

Train employees to be curious and ask questions. Spies might ask employees for directions, what they do, whose team they’re on, how that is going, and if recent changes in the department have impacted them at all.

Unfortunately these criminals won’t stand out when they have a relatively upbeat and positive demeanor compared to someone who’s hunched over, shifty-eyed, and ducking around corners.

You can install the best security systems in the world, but if your employees are not trained, your competition, insurance companies, pharmaceutical companies, or contractor for government agencies can steal confidential information that is detrimental to your medical group’s survival. A spy quietly listens and watches. They may spy for several months or until they have gathered enough information on your business to their advantage. A paracite will watch you for as long as it is profitable for them. Don’t let them profit from your business.

If your instincts are telling you that something is not quite right, you are suspicious, or otherwise your senses are alerted, contact us before it’s too late. It is best to call us when you suspect something so we can judge whether you only need advice or our immediate attention and fast response quickly and covertly activated. Let us set a trap or conduct a sweep to catch the spy.

To determine your risks and prevent security breaches in the future, M. Guadagno Associates can perform a Penetration Check and a Vulnerability Assessment.

Filed Under: Featured, Technical Surveillance Countermeasure Specialist Tagged With: ,

Are Spy Cameras really for your own good?

November 7, 2011 By

While on assignment I decided to spend a little social time and enjoy the culture in Illinois.   I noticed a carton in the Carbondale ‘NightLife Comix’  Nov 3-9 issue. The carton strip was titled, “POLICE STATE FUNNIES.”

It read, “In the future if you want to drive on any highway, you must agree to place a ‘Government Surveillance Camera’ inside your vehicle.  Is this preposterous?

Kapsch Inc. the Austrian Firm that makes ‘E-Z Pass Technology’ for toll roads in 17 states has applied for a ‘Patent’ for this very thing.

WHY?  The same reason there are cameras everywhere ‘to make you safer.’

The comic goes on to show a GPS equipped with a taser device. The driver is zapped with the taser sting when the driver ‘fails to signal for a lane change.’  The taser is remotely deployed and the drive is zapped.

Even though this was a very funny cartoon and the idea may be a good thing for drivers, failing to signal by someone in front of me is just annoying.  Tasering someone goes beyond the necessary.

Intelligent people can think on this, is all the new and existing surveillance, monitoring, devices really for the purpose of ‘your safety?’

M.Guadagno Associates is available for enhancing your security as we Sweep for Spy Surveillance devices that were placed for the betterment of others who want to gather intelligence information and use it against you. Sometimes a ‘bugging device’ is right in front of you, and often unsuspecting victims fail to recognize what it is.  If you need help, call a professional ‘Spy Finder.’

Filed Under: Featured, Technical Surveillance Countermeasure Specialist Tagged With: , ,
« Older Posts