Volume 5, Issue 8    |    Back to Publications

Investigations in the Workplace

In need of the consummate guide to workplace investigations? Whether you are a professional licensed investigator or have been tasked by your employer to conduct an internal investigation, Investigations in the Workplace gives you a powerful mechanism for engineering the most successful workplace investigations possible. The book provides the back-story behind the methodology, rationale, and gritty practices that have made our workplace investigations soar.

Investigations in the Workplace is designed for easy reading and use. Although every page is filled with useful information, you do not need to read the book cover to cover. The exhaustive table of contents, innumerable references, and expansive index allow you to quickly find the immediate information you need. The Applied Strategies chapter shows you how to conduct a particular type of investigation and the action steps involved. To help capture salient points and simplify the learning process, the text is sprinkled with brief tips and traps that provide quick and easy lessons on how to make the best use of the information in a particular section.

Few workplace activities invoke so much risk and at the same time, so much opportunity, as workplace investigations. A combination of skill, experience, and luck: successful workplace investigations are complex undertakings. An improperly conducted workplace investigation can be expensive and ruin the careers of everyone who touches it. Exploring modern investigative techniques and strategies, this book gives you new solutions you need and provides the keys to master even the most complex workplace investigation.

Eugene F. Ferraro, CPP, CFE, PCI

Business Controls, Inc. Welcomes New Staff

Business Controls, Inc. (BCI) is pleased to announce the further addition of new team members. BCI welcomes Dan Thompson as the Director of Information Technology. In his new role, Mr. Thompson will be responsible for defining, planning, developing and supporting all information technology related products and services. Mr. Thompson joins BCI after seventeen years of experience in the information technology field. Mr. Thompson has worked both as a consultant and employee in companies ranging from startup companies to Fortune 100 corporations. Mr. Thompson earned his certification as a Project Management Professional (PMP) in June of 2000 from the Project Management Institute and is a graduate of Colorado State University. BCI is excited to welcome Mr. Thompson to the team with his consistent emphasis on ensuring that information technology initiatives are directly aligned with BCI's customer's business needs.

Denise Wade joins BCI as the Executive Assistant to the Management Team. Ms. Wade will primarily be involved with BCI's administrative projects, but will also be assisting team staff members with various needed activities. Ms. Wade earned Bachelor's degrees in Psychology and Sociology in May of 2005 from the University of Colorado at Denver.

Wi-Fi Signal Theft Catching Attention from Law Enforcement

The very common practice of Wi-Fi (Wireless Fidelity) signal theft is now going to get you arrested, at least for one man in Florida. Benjamin Smith III was arrested in St. Petersburg and will be going to trial shortly on third-degree felony charges of unauthorized access to a computer network. Smith had been stealing the signal from the home of Richard Dinon, who noticed Smith outside of his home one day in a parked SUV, working on his laptop. Dinon called the police, who arrested Smith. This is the third case of unauthorized wireless access in Florida that has led to arrest. Wi-Fi signal theft is as common or more common than software piracy, but only a handful of arrests have occurred thus far nationwide.

To ensure that your Wi-Fi signal is being used only by those who should have access, be sure to enable the encryption capabilities of the router or access point of your connection.

With the proliferation of Wi-Fi use by businesses, the threats of signal theft and its consequences to businesses are significant. Furthermore, businesses may be liable for employees who choose to hack into the Wi-Fi networks of other businesses.

Google Has Potential for Privacy Risk

Surely you have "Googled" yourself before to see what information about you is public. At the very least, you have likely made Google your primary choice for a search engine, and you may even have a blog through Google or a Gmail (Google email) address. Utilizing Google for these and other services, however, invariably links your IP address (your unique numeric Internet address) to your Google activities.

With such a grand scope of public and personal information that appears to only be growing, the concern is that the Web giant simply knows too much: what we read, where we surf and travel, and to whom we write. Having all of this information under the same digital umbrella makes Google a primary target for abuse by criminals in search of useful or compromising information or overzealous law enforcers conducting investigations. Google ensures the public that its security measures are as advanced as their search engine, but leaks are always possible through creative hacking or through the activities of a rogue employee.

As the Web giant expands its' technology and services, Google's name, a mathematical term used to describe 10¹⁰⁰, is more appropriate than ever.

Portable-Media-Device Security: Is Your Organization Equipped?

The recent popularity and influx in the transferring and sharing of data has left many organizations questioning their internal security protocols and paved the way for software developers who market products that protect against the unauthorized transfer of information through removable media devices such as Universal Serial Bus (USB) ports. Two companies, Centennial Software and AdvancedForce InfoSecurity Solutions offer software which permits companies to dictate what information is available to its' employees. DeviceWall, developed by Centennial Software, gives companies the ability to manage and restrict access to USB ports on employee computers. Similarly, DeviceLock, created by AdvancedForce InfoSecurity Solutions allows company administrators to control the input and output devices on corporate workstations. A 2005 survey conducted by Centennial Software further exemplifies the need for software solutions to help mitigate the peril that exists with USB ports. Specifically, the survey revealed that 70 percent of security incidents at Fortune 1000 companies were internal and 70 percent of employees have stolen corporate information. Furthermore, an alarming 50 percent of all companies surveyed had placed no controls on portable media devices. From entry-level employees to executive team members, there is no differentiation between those that could, if presented with an opportunity, seize your organization's most confidential and privileged information.

Both DeviceWall and DeviceLock provide multiple layers of protection, including but not limited to the complete blocking of USB ports, partial blocking based on registered product numbers, and permitting only human-interface devices such as mice and keyboards. Alert features that notify administrators when improper use has occurred are also available on DeviceWall. The next targeted step in the movement to secure data downloaded from company computers is encryption of portable media devices.

Tip: Don't let your organization serve as an open target for disloyal employees to exploit. Allocate the appropriate resources to your IT security department and invest in enhanced security measures like DeviceWall and DeviceLock, or do some researching yourself into the other products available on the market.

US Postal Service Flaws Remain

The world, post 9/11, has challenged everyone from governments, security agencies, and individuals, to dedicate resources and heighten awareness to the very real threat of terror. The latest news of the tragedy in London and ongoing suicide bombings in the Middle East often take center stage in our minds. Many have forgotten about the possibility of bioterrorist attacks. In the later months of 2001, five U.S. citizens died due to anthrax exposure, all of whom were subject to such exposure through our mail system. Widespread panic ensued and millions of dollars were spent to thwart the success of such attacks in the future. It did not take long, however, for the concern to diminish and today, only 27 of the country's 283 distribution centers have the proper equipment for detecting biological agents in the mail.

Now, 500 million dollars is about to be approved for the addition of inspection technology across the system. Critics, primarily the Government Accountability Office (GAO), argue that's not enough. In addition to the time it will take to implement new technologies, some maintain that the new guidelines for responding to anthrax contamination are still missing key elements. For example, the plan does not outline any proactive, protective measures postal employees and customers can take to prevent contamination. Postal authorities insist the criticisms are taken seriously and the good news is that most experts agree that those most likely to attack lack the sophistication necessary to exploit the defects in the system.

Quote of the Month: "All that is necessary for the triumph of evil is that good men do nothing."
-Edmund Burke (1729 - 1797)

Free and Useful Software

Are you one of the many who likes their yellow sticky notes? There is a free program available from Zhorn Software (UK) that allows you to create yellow sticky notes on your desktop that act just like the real thing, except they're on your screen. The program, Stickies v5.1, compares very well to Microsoft Outlook's sticky program. Stickies v5.1 allows you to customize the appearance of the notes, exchange notes with your Palm, and the notes will even survive crashes and reboots. Go to the link below to see for yourself. you may be able to do away with the paper format.

http://www.zhornsoftware.co.uk/stickies/download.html

Want a Customized Electronic Newsletter for Your Organization?

Now you can market your products, services and ideas with a customized professional electronic newsletter just like this one. The means to affordably communicate with your customers, clients or team members has never been easier. Our IT and design team will help you select a design and color scheme that suits your needs. Your customized monthly newsletter will display your organization's name, logo, address and phone number. Each issue will contain at least five topical articles professionally written by our editors. We can even add articles, messages and news releases contributed by you or your organization. Hyperlinks to your Website and automated subscribe and unsubscribe feature is included. All you do is re-mail your finished newsletter to your email list. It's fast, easy and affordable. To receive your own customized electronic newsletter, call Eugene Ferraro, CPP at 800.650.7005 or visit http://www.securitynewsletters.com/ today!