Tag Archive for: corporate investigation

Interview i CyberNews – tak for ordet

Vi får en del henvendelse fra journalister og fagmagasiner, hvor man gerne vil høre vores take på enten generelle problemstillinger, specifikke sager eller tekniske muligheder.

Vi bidrager gerne, hvor det giver mening, og denne gang har vi fået lov til at give lidt inputs i mediet CyberNews. Nogle af vores budskaber har lidt kant – og det er ikke for at hverken at provokere eller spinne en problematik. Det er for at være ærlig.

I er velkomne til at læse og dele – og har I spørgsmål, er I som altid velkomne til at henvende jer til

 

info@yourcompany.dk
Tlf. +45 5353 4604

God læselyst.

 

Morten Kliver, yourCompany: “government-supported criminal online gangs are a part of our reality”

There is a persistent misconception in the business world that only large companies with sizeable profits interest cybercriminals. But threat actors rarely differentiate, often being after disruption rather than financial gain.

No matter how big or small, any business is a potential target for ransomware, phishing, and other cyberattacks. Failing to implement security measures, even as simple as malware monitoring and vulnerability scanning software for commonly used devices, can lead to devastating consequences. With the rise of state-sponsored cyberattacks, utilizing and regularly testing cybersecurity measures is a necessity.

To discuss this further, Cybernews invited Morten Kliver, CTO at yourCompany, which provides small and medium-sized businesses with quality cybersecurity and IT solutions.

Tell us a little bit about your story. How did yourCompany originate?

The Founder Christian Pejtersen has a background in Danish Police and Intelligence Service.

In 2016, he formed yourCompany. yourCompany is helping companies B2B in loss prevention and Corporate Investigations.

As a result of a joint investigation in the insurance industries, yourCompany expanded with the cyber team early in 2021. The cyber team is delivering software solutions to reduce the losses of digital crime.

Can you tell us a little bit about what you do? What are the main issues you help solve?

The staff is primarily composed of former police officers with a unique set of skills in Digital Forensics, data analysis, operative surveillance, Open Source Intelligence, and other areas. We are a trusted partner for our customers – either on outsourced contracts or as ad hoc services.

Our customers can be either small companies, which will never choose to have their own Security Manager, or large companies, which need an external partner with expertise in certain areas.

We serve very different kinds of companies – production sites, retail industry, finance companies, insurance companies, recruitment agencies, law firms, and public authorities.

We fight fraud in many forms and ways, especially in the area of undefined shrinkage where you don’t know what the exact reason for a loss is.

During an investigation or when an investigation closes, we always evaluate and make notes of where we can make changes for the customer, so they can adjust their processes where it’s possible. That’s our DNA. We love to prevent crime and make a good business case for our customers.

In 2021, we started our Software Section with CTO Morten Kliver as the leader. In this section, we are offering several brilliant tools that can support businesses. One of the key products is RC from our partner BullWall.

With RC, you have a very important tool to detect ransomware attacks and stop an active attack before major damage has occurred to the IT infrastructure.

Another tool is Fraud Detect Systems (FDS), a digital document fraud analysis tool.

What are the most common reasons one might choose an insurance investigation?

Insurance investigations started for us by investigating car accidents. Thefts, accidents, fires, etc. But now we also have general cases like ordinary thefts, burglaries, travel cases, health insurance cases, digital fraud, etc.

Our impression is that insurance companies must lift their investigations levels higher than 10 years ago. And with digital fraud, we have a list of ways that you can manipulate documents, photos, invoices, etc.

There are more strict compliance rules nowadays. If an insurance company wants to deny a claim, you really need solid documentation based on an investigation.

Our impression is also that the police don’t have the resources to investigate these types of crimes. So, it’s up to the individual insurance company to handle the huge amount of insurance claims.

Have you noticed any new threats emerge as a result of the recent global events?

COVID-19 and the war in Ukraine are two global events that have a huge impact on the way we see the world. And of course, everyone needs to look inside their own company, whether they have the right organization to handle the threats that follow.

In cybersecurity matters, these two big events have consequences on a level that we will probably never see a return to their starting point.

During Covid, we saw individual home offices change so fast. New security infrastructure, home security vs. company security, online meetings, data sharing on new platforms, etc.

The level of web shopping exploded very fast. The use of vehicles changed from one day to another. On top of that, online financial fraud increased.

We have huge respect for all the IT managers that put in the hours to make those changes happen. A lot of the work they performed was the new standard of work. Many companies have changed the ways of working from home permanently.

The war in Ukraine shows that the level of cyberattacks has increased significantly. The wish for hitting infrastructure, public institutions but also ordinary business has increased within the last months. We can “hear” the attack on the “perimeter” at a much higher level now.

The number of new interested customers has gone up because of this new situation. We are very busy doing our Ransomware assessments tests, where we can test the readiness of our customers’ infrastructure to handle ransomware attacks.

What would you consider to be the most pressing issues that businesses face today?

The war in Ukraine has changed the market from one day to another.

Businesses who have personnel, supplies, or are dependent in other ways must change their organizations instantly. And throughout this transformation, they must be sure that the cybersecurity level follows the threats.

Before, we saw sales, operations, and development as the key when we talked about IT resources. Now every board, direction, and IT supplier must take the security issue as a C-level subject.

So even though the board of directors doesn’t necessarily have the technical skills themselves, they need to ask the question: are we sure that we have the relevant security setup?

And when they do, they should take an assessment test.

We hear this a lot: “we don’t need a test – we trust our IT department” or “we have already used too much money on IT and digitalization, so no more IT security for now”. If you are not willing to deal with that attitude, it can be crushing for your business.

Our answer is: well of course you trust your own IT department or supplier. But wouldn’t your sleep be better if our tests showed that you don’t have any gaps in your security setup?

Since various attacks on organizations are becoming common, do you think small businesses and big enterprises should rely on the same security measures?

Regardless of the size of an organization, we have these recommendations:

  • A multilayered approach to your security solution is the future.
  • Regular assessment tests
  • Educate your board or board of directors. Make sure that every decision-maker has a basic understanding of cybersecurity threats.
  • Don’t assume, act!

So even in a small business or big enterprise, you are exposed to cyber threats. Last week an ordinary one-man webshop in a small town in Denmark was hit by an attack. That’s proof that even if you don’t know anything about cybersecurity, you must take it seriously and act.

We all know stories of big international companies which are mentioned every time we talk about cyberattacks. It is worth saying out loud that companies of every size face real threats every day.

What types of solutions or tools are little-known but greatly enhance business operations?

The multilayered solution is the future. Even though it makes it complex, you cannot set your trust in one or two security products.

By using tools like RC from BullWall you have a tool that’s invented to monitor, detect, and act, WHEN the hackers manage to pass your perimeter.

Not a replacement for your existing setup but as a supplement. Multilayered thinking.

Too many solutions have their focus exclusively on log-based backup. But how do you handle a sleeping cell that’s already in your backup systems?

Outside of the cybersecurity area, we see a lack of control when it comes to digital documents. Financial companies, leasing companies, and insurance companies in general trust what their customers deliver as documentation.

If a leasing company receives a paycheck sent by email or an insurance company receives an invoice to document the size of an insurance claim, they very often trust what they can see with their own eyes.

With the Fraud Detect Systems (FDS), it’s possible to analyze every document or photo your organizations receive. Here we have room for improvement. It is possible to detect and prevent fraud on a larger scale than we see today.

In general, we believe that the “fraudsters” have too many ways to execute their crime. One of our missions is to verify basic information as early in the process as possible. It can be a very good business case if you have the right setup and software.

What new threats should the general public be prepared to tackle in the near future? What security tools should be implemented?

Ransomware, ransomware, ransomware. User awareness is OK, but you cannot trust people’s ways of working.

We have seen senior security advisors writing their own passwords on a paper in front of them – even though they are not in their office. And we are not talking about the year 1997. We see it today in 2022.

We believe in scalable fully automatic solutions where the individual users are forced to follow higher security standards. You can nudge employees all you want by informing and training their individual awareness, but please realize that people will be people. This is, of course, said with a smile, but we mean it.

Your organizations must have regularly exercised testing of action plans. Update these plans, fill in the gaps and find solutions that can support you when the incidents happen. The strongest defense is readiness.

The public should not underestimate the level of cyber threats that we see these days. Government-supported criminal online gangs are part of our reality.

Don’t let them inside your house and your personal accounts.

We hear a lot: don’t worry – we have a cloud solution, “so they can’t get us”. That’s a huge misunderstanding.

We also know that cybercriminals find their way into IT systems through uncompleted IT projects. Half completed IT projects are sensitive areas.

Share with us, what’s next for yourCompany?

We have some very interesting projects coming up. We are focusing on cyber subjects such as:

  • the time of data theft (before encryption is executed).
  • Changes in system admin
  • Integration between operating systems and security solutions.

Other areas:

  • Introducing large-scale document analysis.
  • Strengthening our Open Source Section
  • Educating our employees about crypto crime.

Kilde: https://cybernews.com/security/morten-kliver-yourcompany-government-supported-criminal-online-gangs-are-a-part-of-our-reality/

Undersøgelse af mobiltelefoner og computere – mød vores digital forensic specialist

Digital Forensic

Hos yourCompany har vi mange specialist områder. Det er nødvendigt, da kampen mod svind i virksomheder har mange facetter. Værktøjskassen skal således følge med. Et af de lidt oversete områder er digital forensic, altså undersøgelser af mobiltelefoner, tablets og computere, som kan indeholde afgørende beviser. Det er lidt synd, for vi er faktisk knald dygtige til Digital Forensic og har i mange tilfælde leveret afgørende beviser til enten en arbejdsgiver, en advokat eller politiet når det har været nødvendigt.

Hos yourCompany har vi investeret i dyrt software til undersøgelse af mobiltelefoner, tablets og computere. Vores værktøjskasse er på højde med politiets – og ja, vi tilbød os også da visse SMS´er var blevet slettet og politiet og forsvaret måtte give op. Den opgave kunne vi godt have løst, men andre interesser var forstålig nok på spil. Softwaren alle kan købe, (bevares det er ikke billigt), men det er kun den halve løsning. Det der batter er hvilke kompetencer man har til rådighed – og her kan vi med stolthed sige at vi har en af Danmarks allerbedste Digital Forensic specialister til rådighed. Naturligvis også en tidligere politimand, som de fleste af vores specialister.

 

Mød Torben Strand, Head of Digital Forensic

Torben Strand er kendt i digital forensic kredse, blandt eksperterne. Skal du have undersøgt en mobiltelefon eller andet IT udstyr, er Torben toppen af poppen, og vi er super stolte over, at Torben har valgt at arbejde hos yourCompany. Den tidligere urobetjent, der ad åre fandt interesse for IT-universet, og i dag er en af Danmarks dygtigste. Det blev til 19 år som underviser hos NC3, NITEC og politiakademiet i Stockholm og Oslo – og undervejs nappede Torben også en MSc FCCI fra University College of Dublin. Torben har også hjulpet med at lave den norske digital forensic uddannelse og undervist størstedelen af den danske politistyrke i håndtering af digitale spor. Som sidste skud på stammen er Torben Strand valgt til suppleant som teknisk ekspert af Politiklagerådet til teknisk vurdering af bevismidler. Imponerende baggrund og erfaring som Torben i dag stiller til rådighed for dansk erhvervsliv. Hos yourCompany bruger vi ikke studentermedhjælpere eller IT-studerende som vi ser hos flere af vores konkurrenter. Og hvorfor? Fordi vi gerne tager hele vores arbejde med ned i retten, hvis sagerne kræver det. Erfaring med bevis håndtering og bevis vurdering er der for afgørende, altså erfaring.

 

Hvordan kan vi hjælpe dig

Som virksomhedsejer har du måske brug for, dokumentation for hvad der er foregået på jeres IT-udstyr og digitale enheder så som mobiltelefoner, tablets og computere. Er der flyttet eller slettet filer, der er vigtige eller følsomme fra virksomheden kan vi hjælpe. Formålet kan være inddæmning af risiko, civilt søgsmål, afskedigelse eller politianmeldelse – eller måske alene at vide hvad der er foregået. Eller hvad hvis I skal genskabe data, som er forsvundet ved et uheld.

Som advokat har du måske et dødsbo eller konkursbo, hvor der på IT-udstyr kan ligge afgørende informationer omkring værdier, aktiver eller transaktioner op til en bestemt dato. Det kan også være, at du som advokat har behov for at hjælpe din klient med at komme i mål med en undersøgelse eller retsligt spørgsmål. I sådanne sager har vi mange gange leveret det afgørende bevis.

Som forurettet har du måske oplevet, at politiet ikke har været helt så grundige som du måtte ønske. I sådanne sager kan vi ofte hjælpe de forurettede og herefter hjælpe med at gå tilbage til politiet med de resultater, der er skabt. Dette har i flere tilfælde ført til at politiet genoptager sagerne baseret på de nye oplysninger. Det kunne dreje sig om dokumentation for, at der har været installeret keyloggere på dit IT-udstyr eller der ligger andre spor, som politiet har overset eller slet ikke undersøgt.

Som forsikringsselskab har I måske behov for at se G-påvirkningerne i forbindelse med en faldulykke eller et trafikuheld. Da de fleste af os i dag går med mobiltelefon eller smartwatch vil der ofte være mulighed for at se, hvor hårdt et fald eller en trafikulykke har påvirket den tilskadekomne. Det kan både afsløre forsikringssvindel eller dokumentere, at du som tilskadekomne faktisk er berettiget til erstatning.

 

Backup af mobiltelefoner – et overset forretningsområde

Heldigvis er verden konstant i bevægelse. Meget af vores software i dag benyttes til flere ting. Backup af virksomhedens mobiltelefoner kan være en af dem. Måske I som virksomhed har behov for at kunne dokumentere kommunikation med kunder eller samarbejdspartnere, der ikke foregår på jeres PC-miljø. SMS, Messenger, What´s App, Slack og alle mulige andre tjenester benyttes i dag til kommunikation mellem medarbejdere OG medarbejdere og kunder. Hvordan påvirker det dit ansvar som arbejdsgiver? Kan der være afgivet løfter, som kunden hænger jer op på om 2-3 år? Garantisager, Finansielle handler eller hvidvasknings spørgsmål kan være gode eksempler, men måske jeres behov er et helt andet.

Hos yourCompany tilbyder vi sammen med jer at iværksætte en backup plan for jeres virksomhed, og I kan enten selv opbevare data eller lade os gøre det. Dét er et overset område, som kan spare jer for meget besvær, og understøtte jeres compliance retningslinjer.

 

Digital Forensic er dyrt 

Enig. De kompetencer der skal benyttes og den software, der skal investeres i er bekostelige. Vi kan se vores konkurrenter tager sig godt betalt for denne type ydelser. Hos yourCompany er vores DNA generelt, at alle, eller i hvert fald de fleste, skal have råd til de rigtige løsninger – ikke kun de største og mest velhavende virksomheder. Derfor ligger vi også med Digital Forensic et niveau lavere rent prismæssigt end mange af vores konkurrenter. Det går igen hen over vores ydelser. Det er også derfor, vi ikke ligger på en fin og fancy adresse i København eller Århus, men pæne og lidt mere ydmyge lokaler i Greve og Kolding.

 

Vi glæder os til at assistere jer med jeres behov – og digital forensic er jo kun et værktøj i en værktøjskasse der rummer mange andre muligheder for at foretage objektive undersøgelser.