On Thursday 21st January 2016 I was given the opportunity to address the membership of the Association of Corporate Service Providers (ACSP) on the Isle of Man regarding the subject of online due diligence. Around 200 delegates were present, which gives an indication of the level of interest in the subject. Whilst the expectation may have been around the best way to search Google when researching clients, potential clients and entities I decided to include other aspects of ‘due diligence’.
When required to undertake enquiries on potential or existing clients those who work in Corporate Service Providers (CSP’s) turn to the Internet for answers. It was a little surprising therefore that when I asked the question ‘how many people have received training in how to approach online searches safely and securely’, but a few raised their hands.
Whilst the Web is full of excellent sources it also has plenty of misleading, malicious and poor quality information. It certainly cannot be regarded as ‘intelligence’ in its own right (as some seem to claim). It also presents huge challenges with the level of monitoring and tracking that is undertaken in the background, often without the knowledge of the user. In addition, the ease at which a digital footprint can be traced back to the searcher and compromise a sensitive enquiry should not be ignored.
Already a heavily regulated and highly professional sector CSP’s now have much more to contend with in the digital world than they are perhaps aware. The bigger message I wanted to leave last week was that CSP’s hold large amounts of sensitive and financial data. That information is attractive to criminals and other hostile actors. A failure to protect that information will result in reputational damage and once the EU General Data Protection Regulations are in force, eye watering fines.
Rarely does a day go by without some mention of a cyber attack or data breach. Crime prevention in the analog world is a proven technique when seeking to reduce crime. In response to burglary, car crime and robbery a raft of responses have been introduced by police and other agencies to make it ever more difficult for the criminal. Perhaps its now time to think differently in relation to ‘cyber crime’ and understand that virus protection, firewalls and the like, whilst necessary and important, are not the full story.
IBM’s “2014 Cyber Security Intelligence Index” suggested that 95% of all security incidents involved human error. With that in mind, raising awareness and educating staff amongst this intrinsic part of the Isle of Man economy is vital.
Prevention is better than cure, this is not just about the IT department protecting the business. I’ve been fortunate enough to have trained AML and compliance staff across the world so have a good understanding of what the issues are. As I said on Thursday I can come to you, you can come to a public course, I can do a one to one session with you or you can try eLearning at www.learncompliance.co.uk . The latest course is about protecting your business online, and great for CPD. There are other courses available and more on the way.
I closed the presentation by making an offer to those present, it went something like this. Some of you may think people like me are expensive, that we make it complicated and technical. I’m a pragmatist and like practical workable solutions. I also like a good cup of coffee. So I am prepared to sit down in your office for 30 minutes at no cost to you to see if I can stop you becoming a victim of online crime. For a charge I will prepare an online vulnerability assessment to give you an insight how your company might be at risk of social engineering and/or hacking.
I’ll perhaps post here in the next couple of weeks to see if I’ve had any offers of free coffee 😉