Tag Archive for: baggrundstjek

– Det korte svar er nej. Det burde nok ikke være nødvendigt. Modstandere af baggrundstjeks har et fornuftigt udgangspunkt i at sige: ”Jeg har opbygget en meget god mavefornemmelse gennem 20 års erhvervserfaring. Jeg kan mærke, om kandidaten er den rigtige for vores virksomhed”.

Hvis vi skal rykke på den overbevisning, er vi nødt til at trække et par eksempler op af hatten. Og nej, de er ikke fiktive og opfundet for at underbygge vores pointe. De er blot et lille udpluk sager, som yourCompany har beskæftiget sig med inden for det seneste år.

 

Case 1:

En mellemleder havde ved siden af sit faste job to CVR-numre, som han ”benyttede” som underleverandører. Han godkendte sine egne fakturaer og fik virksomheden til at betale. Samlet tab over 2 mio. kroner over en længere periode.

 

Case 2:

En betroet medarbejder solgte systematisk virksomhedens varer ad bagdøren på online platforme. Samlet tab for over 2 mio. kroner over en 3-årig periode.

 

Case 3:

En leder havde et gamblingproblem og optog mere end 10 forskellige lån over en kort periode. Han blev fyret grundet ustabile præstationer. Han søgte derefter job hos konkurrenten, der ansatte ham på stedet grundet hans lange erfaring.

 

Case 4:

En direktør skulle ansættes til en høj stilling. Hans CV påviste en fornem karriere – men ingen havde set de 7 konkurser, han havde i bagagen. Det blev først opdaget, da han tydeligvis ikke havde de rette kompetencer.

 

Case 5:

En ansøger til et job havde en virksomhed tilknyttet sin bopæl. Denne virksomhed havde intet med ansøgeren at gøre – men tilhørte et familiemedlem, der var offentlig kendt medlem af kendt rockerklub, og som sad fængslet i en alvorlig kriminalsag.

 

Fælles for ovenstående eksempler er, at de kunne være afhjulpet med et baggrundstjek. Enten som led i rekrutteringsprocessen, som led i whistleblowerhenvendelser eller som led i årligt servicetjek af medarbejderbestanden.
Vores filosofi er, at risiko skal man tage på sig med åbne øjne frem for bare at holde dem lukket og acceptere konsekvenser, som de kommer.

Vi hører ofte udtalelser som: ”Vi har tillid til vores kolleger og vores leverandører, for ellers havde de aldrig været en del af virksomheden”.

Til det kan vi kun svare: Det skal I også have – men kan den tillid misbruges uden jeres viden?

 

Det er jo egentlig lidt sjovt, at man skal Know Your Customer (KYC) – men hvad Know Your People (KYP), når disse nu en gang har adgang til dine IT-systemer, økonomi, varer, forretningshemmeligheder og meget mere?

 

yourCompany tilbyder niveaudelte baggrundstjeks med brug af Open Source Intelligence. Om det er til din HR-afdeling, complianceafdeling, eksterne rekrutteringspartner eller økonomiafdeling, er vi klar til at hjælpe med at nedbringe risikoen for jer. Der er mange flere muligheder, end man lige regner med.

Fik vi nævnt, at man faktisk også kan udføre en produktmonitorering – altså sikre, at jeres varer ikke sælges illegalt på andre platforme end jeres?

 

Vil du vide mere, så kan vi kontaktes her:

Mail: info@yourcompany.dk

Telefon: +45 53 53 46 04

Vi får en del henvendelse fra journalister og fagmagasiner, hvor man gerne vil høre vores take på enten generelle problemstillinger, specifikke sager eller tekniske muligheder.

Vi bidrager gerne, hvor det giver mening, og denne gang har vi fået lov til at give lidt inputs i mediet CyberNews. Nogle af vores budskaber har lidt kant – og det er ikke for at hverken at provokere eller spinne en problematik. Det er for at være ærlig.

I er velkomne til at læse og dele – og har I spørgsmål, er I som altid velkomne til at henvende jer til

 

info@yourcompany.dk
Tlf. +45 5353 4604

God læselyst.

 


Morten Kliver, yourCompany: “government-supported criminal online gangs are a part of our reality”

There is a persistent misconception in the business world that only large companies with sizeable profits interest cybercriminals. But threat actors rarely differentiate, often being after disruption rather than financial gain.

No matter how big or small, any business is a potential target for ransomware, phishing, and other cyberattacks. Failing to implement security measures, even as simple as malware monitoring and vulnerability scanning software for commonly used devices, can lead to devastating consequences. With the rise of state-sponsored cyberattacks, utilizing and regularly testing cybersecurity measures is a necessity.

To discuss this further, Cybernews invited Morten Kliver, CTO at yourCompany, which provides small and medium-sized businesses with quality cybersecurity and IT solutions.

Tell us a little bit about your story. How did yourCompany originate?

The Founder Christian Pejtersen has a background in Danish Police and Intelligence Service.

In 2016, he formed yourCompany. yourCompany is helping companies B2B in loss prevention and Corporate Investigations.

As a result of a joint investigation in the insurance industries, yourCompany expanded with the cyber team early in 2021. The cyber team is delivering software solutions to reduce the losses of digital crime.

Can you tell us a little bit about what you do? What are the main issues you help solve?

The staff is primarily composed of former police officers with a unique set of skills in Digital Forensics, data analysis, operative surveillance, Open Source Intelligence, and other areas. We are a trusted partner for our customers – either on outsourced contracts or as ad hoc services.

Our customers can be either small companies, which will never choose to have their own Security Manager, or large companies, which need an external partner with expertise in certain areas.

We serve very different kinds of companies – production sites, retail industry, finance companies, insurance companies, recruitment agencies, law firms, and public authorities.

We fight fraud in many forms and ways, especially in the area of undefined shrinkage where you don’t know what the exact reason for a loss is.

During an investigation or when an investigation closes, we always evaluate and make notes of where we can make changes for the customer, so they can adjust their processes where it’s possible. That’s our DNA. We love to prevent crime and make a good business case for our customers.

In 2021, we started our Software Section with CTO Morten Kliver as the leader. In this section, we are offering several brilliant tools that can support businesses. One of the key products is RC from our partner BullWall.

With RC, you have a very important tool to detect ransomware attacks and stop an active attack before major damage has occurred to the IT infrastructure.

Another tool is Fraud Detect Systems (FDS), a digital document fraud analysis tool.

What are the most common reasons one might choose an insurance investigation?

Insurance investigations started for us by investigating car accidents. Thefts, accidents, fires, etc. But now we also have general cases like ordinary thefts, burglaries, travel cases, health insurance cases, digital fraud, etc.

Our impression is that insurance companies must lift their investigations levels higher than 10 years ago. And with digital fraud, we have a list of ways that you can manipulate documents, photos, invoices, etc.

There are more strict compliance rules nowadays. If an insurance company wants to deny a claim, you really need solid documentation based on an investigation.

Our impression is also that the police don’t have the resources to investigate these types of crimes. So, it’s up to the individual insurance company to handle the huge amount of insurance claims.

Have you noticed any new threats emerge as a result of the recent global events?

COVID-19 and the war in Ukraine are two global events that have a huge impact on the way we see the world. And of course, everyone needs to look inside their own company, whether they have the right organization to handle the threats that follow.

In cybersecurity matters, these two big events have consequences on a level that we will probably never see a return to their starting point.

During Covid, we saw individual home offices change so fast. New security infrastructure, home security vs. company security, online meetings, data sharing on new platforms, etc.

The level of web shopping exploded very fast. The use of vehicles changed from one day to another. On top of that, online financial fraud increased.

We have huge respect for all the IT managers that put in the hours to make those changes happen. A lot of the work they performed was the new standard of work. Many companies have changed the ways of working from home permanently.

The war in Ukraine shows that the level of cyberattacks has increased significantly. The wish for hitting infrastructure, public institutions but also ordinary business has increased within the last months. We can “hear” the attack on the “perimeter” at a much higher level now.

The number of new interested customers has gone up because of this new situation. We are very busy doing our Ransomware assessments tests, where we can test the readiness of our customers’ infrastructure to handle ransomware attacks.

What would you consider to be the most pressing issues that businesses face today?

The war in Ukraine has changed the market from one day to another.

Businesses who have personnel, supplies, or are dependent in other ways must change their organizations instantly. And throughout this transformation, they must be sure that the cybersecurity level follows the threats.

Before, we saw sales, operations, and development as the key when we talked about IT resources. Now every board, direction, and IT supplier must take the security issue as a C-level subject.

So even though the board of directors doesn’t necessarily have the technical skills themselves, they need to ask the question: are we sure that we have the relevant security setup?

And when they do, they should take an assessment test.

We hear this a lot: “we don’t need a test – we trust our IT department” or “we have already used too much money on IT and digitalization, so no more IT security for now”. If you are not willing to deal with that attitude, it can be crushing for your business.

Our answer is: well of course you trust your own IT department or supplier. But wouldn’t your sleep be better if our tests showed that you don’t have any gaps in your security setup?

Since various attacks on organizations are becoming common, do you think small businesses and big enterprises should rely on the same security measures?

Regardless of the size of an organization, we have these recommendations:

  • A multilayered approach to your security solution is the future.
  • Regular assessment tests
  • Educate your board or board of directors. Make sure that every decision-maker has a basic understanding of cybersecurity threats.
  • Don’t assume, act!

So even in a small business or big enterprise, you are exposed to cyber threats. Last week an ordinary one-man webshop in a small town in Denmark was hit by an attack. That’s proof that even if you don’t know anything about cybersecurity, you must take it seriously and act.

We all know stories of big international companies which are mentioned every time we talk about cyberattacks. It is worth saying out loud that companies of every size face real threats every day.

What types of solutions or tools are little-known but greatly enhance business operations?

The multilayered solution is the future. Even though it makes it complex, you cannot set your trust in one or two security products.

By using tools like RC from BullWall you have a tool that’s invented to monitor, detect, and act, WHEN the hackers manage to pass your perimeter.

Not a replacement for your existing setup but as a supplement. Multilayered thinking.

Too many solutions have their focus exclusively on log-based backup. But how do you handle a sleeping cell that’s already in your backup systems?

Outside of the cybersecurity area, we see a lack of control when it comes to digital documents. Financial companies, leasing companies, and insurance companies in general trust what their customers deliver as documentation.

If a leasing company receives a paycheck sent by email or an insurance company receives an invoice to document the size of an insurance claim, they very often trust what they can see with their own eyes.

With the Fraud Detect Systems (FDS), it’s possible to analyze every document or photo your organizations receive. Here we have room for improvement. It is possible to detect and prevent fraud on a larger scale than we see today.

In general, we believe that the “fraudsters” have too many ways to execute their crime. One of our missions is to verify basic information as early in the process as possible. It can be a very good business case if you have the right setup and software.

What new threats should the general public be prepared to tackle in the near future? What security tools should be implemented?

Ransomware, ransomware, ransomware. User awareness is OK, but you cannot trust people’s ways of working.

We have seen senior security advisors writing their own passwords on a paper in front of them – even though they are not in their office. And we are not talking about the year 1997. We see it today in 2022.

We believe in scalable fully automatic solutions where the individual users are forced to follow higher security standards. You can nudge employees all you want by informing and training their individual awareness, but please realize that people will be people. This is, of course, said with a smile, but we mean it.

Your organizations must have regularly exercised testing of action plans. Update these plans, fill in the gaps and find solutions that can support you when the incidents happen. The strongest defense is readiness.

The public should not underestimate the level of cyber threats that we see these days. Government-supported criminal online gangs are part of our reality.

Don’t let them inside your house and your personal accounts.

We hear a lot: don’t worry – we have a cloud solution, “so they can’t get us”. That’s a huge misunderstanding.

We also know that cybercriminals find their way into IT systems through uncompleted IT projects. Half completed IT projects are sensitive areas.

Share with us, what’s next for yourCompany?

We have some very interesting projects coming up. We are focusing on cyber subjects such as:

  • the time of data theft (before encryption is executed).
  • Changes in system admin
  • Integration between operating systems and security solutions.

Other areas:

  • Introducing large-scale document analysis.
  • Strengthening our Open Source Section
  • Educating our employees about crypto crime.

Kilde: https://cybernews.com/security/morten-kliver-yourcompany-government-supported-criminal-online-gangs-are-a-part-of-our-reality/

Baggrundstjek – Open Source – OSINT

Kært barn har mange navne. Et baggrundstjek, hvor vi benytter os af Open Source Intelligence (OSINT), baserer sig på efterretninger eller viden fundet i tilgængelige og åbne kilder og på informationer, man kan købe sig lovlig adgang til. Tidligere var det viden fra aviser og optegnelser, men i dag er det primært viden indsamlet fra kilder tilgængelige på internettet, f.eks. sociale medier, offentlige registre, artikler, diverse online platforme, og meget mere. Når vi foretager et baggrundstjek med udgangspunkt i tilgængelige kilder, så afdækker vi effektivt og systematisk et ofte omfattende materiale, der for den utrænede vil tage lang tid og sjældent vil blive dækkende for personen eller firmaet, der ønskes undersøgt.

Uanset om jeres behov er et løbende moniteringsbehov omkring jeres virksomhed, trusler eller dårlig omtale – eller et løbende behov for rekruttering og undersøgelse af kommende medarbejdere har vi en løsning til jer. Vi kan også tilbyde undersøgelser i forbindelse med en konkret mistanke om besvigelser i jeres virksomhed eller hos en samarbejdspartner.

YourCompany

YourCompany har specialiseret sig i at nedbringe svind og risiko i erhvervslivet. Vi leverer en overskuelig og grundig rapport om en person, et netværk eller en virksomhed. Ønsker i en mere simpel tilbagemeldingsmetode kan vi også levere det. Med vores baggrund, metoder og praktiske erfaring fra hundredvis af undersøgelser ude i virksomhederne har vi en god næse for om jeres fremtidige medarbejder eller samarbejdspartner er et godt match for jer. Mange af vores 14 ansatte har en baggrund fra politiet eller efterretningstjenesterne med specialistkompetencer indenfor IT- og forsikringsefterforskning, data- og håndskriftsanalyse, OSINT-, dokument og audioundersøgelser – samt meget andet.

De bedste værktøjer

For at være både effektive og grundige bruger vi kun de bedste værktøjer. Hos yourCompany har vi investeret i dyrt software der indeholder en masse hjælpemidler og automatiserede processer. En god open source rapport slipper dog ikke for lidt manuel tid anvendt af en af vores dygtige specialister og vi har købt adgange til databaser der indeholder den viden i efterspørger. Er det nødvendigt selv at kode scripts for at indsamle fornøden data inden for den afsatte økonomiske ramme klarer vi også det. Med vores specialister fra Forsvarets- og Politiets efterretningstjenester kan I være sikre på et godt sagligt resultat.

Praktisk erfaring

Hos yourCompany har vi mange gange deltaget i oprydningen efter medarbejdere der var noget andet end de udgav sig for til jobsamtalen. Ikke sjældent kan vi se, at hvis var der foretaget et grundigt baggrundscheck før ansættelse var skaden næppe sket. Arbejdsgiveren havde på forhånd opdaget noget var galt, eller havde i jobsamtalen fokuseret på andre ting også der måske havde bragt ting af interesse frem i lyset. Dette bekræfter os i, at en ordentlig forberedelse før ansættelse er vigtig. Det skaber værdi for virksomheden, for jeres kunder og andre for de øvrige medarbejdere. Dette kan vi uddybe med flere eksempler på ved et personligt møde.

Baggrundstjek er for alle

Mange virksomheder afholder sig fra at få foretaget professionelle baggrundstjek på grund af prisen. Kvalitet koster naturligvis, men hos yourCompany tilbyder vi vores ydelser i et niveau der er til at betale for de fleste virksomheder. Vores DNA er, at de fornuftige sikkerhedstiltag skal være opnålige for de fleste – ikke kun de største. Dette gennemsyrer vores ydelser og ses på tværs af vores andre produkter. Vi er gode til at tilpasse os virksomheders konkrete behov og finde en tilpasset løsning der passer for de fleste. Sådan må det være. Ingen er helt ens.

Har I lyst til at høre lidt mere om hvad baggrundstjek kan gøre for jeres virksomhed og hvordan en økonomisk model kunne se ud for jer, så kontakt os på 53534604 eller info@yourcompany.dk for mere information.  http://www.yourCompany.dk