Information Security Compliance Associate


The nature of audit is changing as the systems which underlie our operations become more sophisticated and robust. With this increased sophistication comes increased reliance on technology-related controls to mitigate operational and financial risk, as well as increased access to transaction-level data. You will be responsible for assisting in all aspects of execution: from identifying opportunities for us to focus on, to developing the infrastructure and analyses to make progress in those areas. Further, you will serve as an Information Technology subject matter specialist and support the execution of Operational, Financial and Technology-related reviews. 

In this capacity you will execute planned audit procedures, working to identify any issues and solve problems at the root cause. You’ll help the team understand how the audit function supports our overall business objectives and participate in scoping internal audits and risk assessments through an established process. You’ll be on top of deadlines and will create scalable reporting systems to communicate results of audits to both internal audiences and regulatory compliance agencies. You have a hands-on, tactical approach for resolving issues, and an eye for detail ensures that everything is balanced at the end of the day.


The post Information Security Compliance Associate appeared first on National Cyber Security Ventures.

Starbucks Takes Steps Toward Reducing Plastic Waste


Last week, Starbucks announced that it plans to remove plastic straws from all stores by 2020. Cold drinks will be served with recyclable “sippy cup” lids, and paper or compostable plastic straws will be available to customers who need or request them. Plastic straws are some of the most common ocean trash, and it can take up to 200 years for one plastic straw to decompose. However, disability rights groups say that flexible plastic straws are a necessity for many people. Although eco-friendly straws are recyclable, they aren’t suitable for hot liquids and may cause children and adults with disabilities to choke or have trouble swallowing.

#pso #htcs #b4inc #ncsv #ncs

The post Starbucks Takes Steps Toward Reducing Plastic Waste appeared first on Parent Security Online.



Vital Statistics: Gender:Man Seeking:Long-term dating Location:Gwaliorgwalior’s, India Age:35 to 39 Status:Prefer Not to Say Ethnicity:Prefer not to say   Details: Appearance:Prefer not to say Height:Prefer not to say Hair:Prefer Not to Say Tattoos:Prefer not to say Have Children:Prefer not to say Tobacco Usage:Prefer not to say Drugs Usage:Prefer not to…

The post sagar appeared first on Dating Scams 101.

Mimecast acquires Ataata to improve #cyber #security #training


Mimecast Limited today announced it has acquired cyber security training and awareness platform Ataata The acquisition aims to allow customers to measure cyber risk training effectiveness by converting behavior observations into actionable risk metrics for security professionals.

According to research Mimecast conducted with Vanson Bourne, 90 percent of organizations have seen phishing attacks increase over the last year, yet only 11 percent responded that they continuously train employees on how to spot cyberattacks.

The acquisition of Ataata will offer customers a single, cloud platform that is engineered to mitigate risk and reduce employee security mistakes by calculating employee security risk based on sentiment and behavior, while connecting them with relevant training that is content based on their score and recommended areas for improvement.

“Cybersecurity awareness training has traditionally been viewed as a check the box action for compliance purposes, boring videos with PhDs rambling about security or even less than effective gamification which just doesn’t work. As cyberattacks continue to find new ways to bypass traditional threat detection methods, it’s essential to educate your employees in a way that changes behavior,” said Peter Bauer, chief executive officer and founder of Mimecast.

“According to a 2017 report from Gartner, the security awareness computer-based training market will grow to more than $1.1 billion by year-end 2020.  The powerful combination of Mimecast’s cyber resilience for email capabilities paired with Ataata’s employee training and risk scoring will help customers enhance their cyber resilience efforts.”



The post Mimecast acquires Ataata to improve #cyber #security #training appeared first on National Cyber Security Ventures.

#Missing : Alicia Butler


Missing SinceApr 15, 2018
Missing FromWillis, TX
DOBSep 21, 2001
Age Now16
Hair ColorBrown
Eye ColorBrown
Weight105 lbs
Alicia was last seen on April 15, 2018. Her hair may be dyed reddish-brown.

“Call 911 or 1-800-843-5678 (1-800)-THE-LOST”


Montgomery County Sheriff’s Office (Texas) 1-936-760-5800

The post #Missing : Alicia Butler appeared first on Parent Security Online.



  Vital Statistics: Gender:Woman Seeking:Long-term dating Location:Frederick, NB Age:30 to 34 Status:Prefer Not to Say Ethnicity:Prefer not to say   Details: Appearance:Prefer not to say Height:Prefer not to say Hair:Prefer Not to Say Tattoos:Prefer not to say Have Children:Prefer not to say Tobacco Usage:Prefer not to say Drugs Usage:Prefer not…

The post Bluerose appeared first on Dating Scams 101.

Victims of #bank #fraud criticize #Britain’s #financial #watchdog

LONDON (Reuters) – Britain’s financial watchdog faced sharp criticism on Wednesday from former small business owners who say they have been mistreated by big banks.

Responding to questions from the influential Treasury Committee, the ex-business owners said the Financial Conduct Authority (FCA) was ill-suited to handle serious complaints against the lenders it regulates.

The questioning centered on how small firms could be protected in future and came ahead of a parliamentary debate on Thursday on redress for victims of banking misconduct.

Asked what would have been the best course of action following the regulator’s investigation into malpractice at the Royal Bank of Scotland (RBS.L), Nikki Turner said: “Sack the FCA and start again.”

Turner helped uncover one of the largest financial frauds in Britain at the Reading branch of HBOS, a unit of Lloyds Banking Group (LLOY.L), after it destroyed her family firm, and she now heads small business group the SME Alliance.

She said the FCA’s objective to protect market integrity could prevent it from properly fulfilling its other remit – to protect consumers.

Turner’s comments added to criticism of the FCA over the way it dealt with allegations that RBS pushed thousands of struggling firms into bankruptcy.

The committee went head to head with the watchdog last year over its reluctance to publish a confidential report it had commissioned into the RBS scandal.

Lawmaker Martin Whitfield, who will lead Thursday’s debate in parliament, said in a statement that the government must force the FCA to pass the next phase of the investigation into RBS on to an independent body.

“I do not believe the FCA can allow an investigation of this magnitude to be taken in-house,” he said.

A spokesman for the FCA said it aims to make markets work well for individuals, businesses large and small and for the economy as a whole, and that it supports the committee’s inquiry into the issues facing small firms.

“Over the past few years we have secured billions of pounds in redress for SMEs and consumers and where we see breaches we have, and will, take tough action.”

Corporate #Fraud On #Levels #Grand And #Small, While #Internet #Crime #Costs $1.4B

Fraud is no mere attack on individuals, as it moves well beyond the purview of credit cards and bank accounts to enterprises themselves. Companies are targets for cybercriminals and the bad actors of the more homegrown variety – read: employees themselves – due to the (relatively) much deeper corporate pockets that may be ripe for the pilfering.

To get some scope of the issue, consider numbers put forth this month through the FBI’s Internet Crime Complaint Center. Data compiled by that center show that, all told, more than 301,500 consumers reported cyberfraud and malware attacks, and the overall cost reached $1.4 billion in 2017.

Fraud stretched across any number of avenues, from phishing to ransomware, and included tech support fraud and what the center termed “straightforward extortion.”

Among the most strident stats: The center said that whaling, which is when businesses are compromised via email, was among the top complaints across more than 15,600 individuals, causing losses of more than $675 million. In those instances, the bad guys pretend they are company executives and request account information changes, then funnel funds to their own accounts. Or, alternatively, they request data that can be tied to other individuals (such as W-2s).

And in a nod to just how such exploits may go unnoticed, a study of more than 500 chief financial officers and other financial executives, as polled by the Economist Intelligence Unit in a study commissioned by Coupa Software, found that more than 60 percent of respondents say there’s a lack of real visibility into the transactions that take place within their own firms.

Where visibility is lacking, might the stage be set for fraud from within the organization? Unrelated to that study, but still telling, are several examples of fraud that may not make national headlines here in the U.S., but show brazen activity across a few different schemes.

In India, reported earlier this week, as many as 30 employees of Hero MotoCorp were fired in the wake of discovery that executives were “fudging” travel expenses, and accepting payments and gifts from vendors. The actions were in direct violation of the bike and motor scooter company’s internal code of conduct. Those employees, the publication said, were mostly involved in supply chain and vendor facing activities.

In a few individual cases, the damage that can be wrought by an individual becomes apparent. In the U.K., as noted by, a worker stole more than 600,000 pounds from MGS Plastics. The alleged theft via the accused, Kathryn Jones, who pleaded guilty, has put the firm in “dire financial straits.”

A bit closer to home, in Ocean City, Maryland, a number of resorts are looking for what is being billed as a new scam that is called “buddy punching,” which involves “punching in employees” for work shifts that are not in fact reflective of actual hours worked. In essence, the companies are paying wages for work that goes unperformed. The scheme, as reported by the Maryland Coast Dispatch, can cost affected firms thousands of dollars.

And in Palm Beach, a bank teller was arrested in the wake of the theft of thousands of dollars from a vault at Valley National Bank. The accused, Edwin Cardona, was charged with a quartet of felonies that include grand theft and embezzlement of a financial institution.

Middletown #business #owner #robbed a #third #time, offers $5,000 #reward

A Middletown business owner is offering a $5,000 reward after a tandem axle trailer was stolen.

It happened Sunday afternoon at Granger Plastics, located in the 1600 block of M.A.D.E. Industrial Drive.

“I want to see these type of people come to justice,” said owner Jim Cravens.

Cravens said he doesn’t know if it was an inside job or not but feels it’s clear from the video it is someone familiar with the company. The video shows a black pick-up truck enter his property with the front license plate partially covered. That partial plate according to Cravens is Ohio GYY7. The vehicle is described as newer back Chevy Silverado.

“I’m driving a 14-year-old vehicle that has 258,000 miles on it. This guy is a thief driving a brand new truck,” he said. “What is wrong with people?”

Cravens says he’s been robbed twice before. He is unsure if the man in the photo is the same person who has stolen from them before.

He said his company employs about 30 people and the suspect stole from them as well.

Police have not said if they have any suspects.

Cravens’ reward is for information leading to an arrest and conviction. You can reach his company at 513-424-1955.

Dash #CEO Ryan #Taylor is #Target of #Social Media #Hack #Attack

Digital Currency Dash CEO Ryan Taylor has been hacked. According to a statement released by Dash reps Taylor was the target of a concerted attack that impacted not just his Twitter account but LinkedIn and perhaps his cell phone too. Taylor released the following statement;

“It has come to my attention that I have been the target of cybercriminals at sometime this afternoon (Wednesday, 5/9). At the moment, my Twitter account, LinkedIn account, and personal cell phone SIM card have been compromised. However, we’re still evaluating the extent of the attack, as additional channels could be compromised. I will continue to share details as they are surfaced.”

Hacking attempts are widespread in the cryptocurrency world. Typically, cryptocurrency exchanges are targets or nefarious individuals will create spoof Twitter or Telegram accounts to lure in the unsuspecting. The attack on Dash Core Group CEO appears to be a bit more sophisticated and coordinated. At this writing, Taylor’s LinkedIn account has been vaporized but his Twitter account appears to be active along with some snarky comments. Dash is a top twenty crypto and also provides value added services such as wallets and merchant friendly payments. There is no indication that the hack impacted Dash in any way.

Recently, Twitter announced it had inadvertently exposed millions of passwords as real text in visible HTML. While there has been no correlation between the two events, the Twitter FUBAR may have aided the attackers mischief.

Asian #business #owners terrorized during #Raleigh #home invasion #robbery

A Raleigh family was terrorized by three masked and gloved gunmen who forced their way into an East Raleigh home, tied the family up, and robbed them.

The victims are owners of three Chinese restaurants in Wake County.

The home invasion robbery is the latest in a rash of robberies targeting Asian business owners in the Triangle.

Jun Wang, 22, arrived at his home in Edgewater at Rogers Farm just before 11 p.m. Monday night to the surprise of his lifetime.

He told ABC11, “My key was still in the door as I opened and they just jumped out from behind the door with like gun pointed in my face and was like, ‘Don’t scream’ or ‘Don’t make any noise’ or ‘Do you want to die tonight?’”

Wang and his parents each run one of three Wang’s Kitchen restaurants in Wake County.


This type of crime is exactly why his family has an alarm system on their home.

But when his mother arrived just minutes before him, she made a mistake.

“She went in first, turned off the alarm. And then she turned back to close the door. Then they came in like three people all came in, pushed the door open and then forced a gun and then tied her up,” he said.

Hours after the assault, Wang still had red marks on his wrist from the zip ties the masked and gloved gunmen used to restrain him.

He said he struggled with the robbers as he came in and one of them apparently dropped a gun just outside the front door.

Minutes later his father arrived.

“He found a gun on the floor outside the door and as he was picking up and coming in to the door they grabbed him, grabbed the hand, the gun, the hand and they forced the gun away and then start beating him because he had the gun,” Wang said.

His father was later treated for minor injuries.

Wang added that the three gunmen took their time ransacking the house for cash and valuables and also stole the day’s receipts from the three restaurants.

He said all three seemed young and spoke Spanish to each other.

He says the crime lasted for an agonizing 90 minutes.

“It was terrorizing. It was, it was traumatizing,” Wang said.

He added that when the robbers finally left, they took his car and left it parked at the front of the neighborhood where he said he believes they had their getaway car.

And, he says, his family has learned a tough lesson he wants to pass along.

“Close the door first, lock it, and then do the alarm,” he said. “But, yeah, that’s the biggest lesson.”


“We should find a solution,” said Ping Zhang, director of the Raleigh Chapter of the Carolinas Chinese American Civic Center. “We should find solution to solve this problem.”

Following the robbery of the Wang’s Kitchen family and the robbery and murder of Hong Zheng, the owner of south Durham’s China Wok restaurant last month, Zhang and her group are taking action.

They’ve organized a special meeting Wednesday night at Durham City Hall. The mayor, city council members and state representatives are expected to attend along with Asian-American business owners to discuss solutions.

Equifax #reveals #full #horror of that #monstrous #cyber-heist of its #servers

146 million people, 99 million addresses, 209,000 payment cards, 38,000 drivers’ licenses and 3,200 passports

Equifax has published yet more details on the personal records and sensitive information stolen by miscreants after they hacked its databases in 2017.

The good news: the number of individuals affected by the network intrusion hasn’t increased from the 146.6 million Equifax previously announced, but extra types of records accessed by the hackers have turned up in Mandiant’s ongoing audit of the security breach.

In February, in response to questions from US Senator Elizabeth Warren (D-MA), Equifax agreed that card expiry dates and tax IDs could have been among the siphoned data, but it hadn’t yet worked out how many people were affected.

Late last week, the company gave the numbers in letters to the various US congressional committees investigating the network infiltration, and on Monday, it submitted a letter to the SEC, corporate America’s financial watchdog.

As well as the – take a breath – 146.6 million names, 146.6 million dates of birth, 145.5 million social security numbers, 99 million address information and 209,000 payment cards (number and expiry date) exposed, the company said there were also 38,000 American drivers’ licenses and 3,200 passport details lifted, too.

The further details emerged after Mandiant’s investigators helped “standardise certain data elements for further analysis to determine the consumers whose personally identifiable information was stolen.”

The extra data elements, the company said, didn’t involve any individuals not already known to be part of the super-hack, so no additional consumer notifications are required.

The cyber-break-in occurred because Equifax ran an unpatched and therefore insecure version of Apache Struts, something it blamed on a single employee.

At February’s RSA conference in San Francisco, Derek Weeks of Sonatype claimed “thousands” of companies continued to download vulnerable versions of Struts

B.C. #woman #charged in $1.2 #million #embezzlement

A B.C. woman is facing charges of fraud, theft and money laundering after Calgary police allege she embezzled $1.2 million.

Police say between June 12, 2008, and March 11, 2014, Colleen Fay Dhuga, 50, of Kelowna, B.C., wrote roughly 185 cheques to herself.

She allegedly used a signature stamp as authorization and made unauthorized purchases and cash withdrawals using corporate credit cards in her name.

Dhuga was employed by four companies and the thefts were discovered in March 2014 when the corporations’ bank saw unusual activity on the accounts.

Two public companies and two private companies were affected, with none of the funds recovered.

Dhuga is scheduled to appear in court June 4.

China’s #Commercial #Maritime #Expansion #Raises #Security #Concerns

State-backed holding companies have been aggressively investing around the world, and the political leverage they afford Beijing should worry American policymakers.

While the world’s attention was focused on the People’s Republic of China’s construction of artificial islands in the South China Sea, another Chinese building project went largely unnoticed.

Supported by state capital, enabled by state regulators, and motivated by a historical desire to secure critical sea lanes, China’s state-owned shipping and port-management companies have ventured far beyond the South China Sea to build a global network of ports and logistics terminals in strategic locations across the E.U., Latin America, Africa, and the Indian Ocean.

China’s commercial maritime strategy complements a naval expansion by the People’s Liberation Army Navy (PLAN) that has been under way since at least the 1980s. China’s navy is expected to defend major sea lines of communication against disruption at critical chokepoints, a mission that requires the ability to sustain a maritime presence in distant locations, under hostile conditions, for extended periods. By the mid 2000s, the focus of Chinese naval policy shifted to what China calls the “far seas” — that is, the waters beyond the “first island chain” that bounds the South China Sea. Recognizing that port facilities are the foundation of sea-lane security, China set out to establish a port network under its control, either by building or leasing facilities.

Key trends in global shipping and logistics have given rise to conditions suitable for China’s acquisition campaign. The logistics industry is becoming an integrated global system in which automated, land-based terminals play an increasingly important role in the rapid transfer of goods between ships and the rail and road networks that feed retail distribution networks. Excess capacity in container shipping and increasing competition among ports for business from ever-larger container ships mean that companies must control both vessels on key routes and terminals at suitably located ports. Much of China’s maritime buildout has been undertaken through private-market acquisitions of ports and related critical logistics assets from pension funds, shipping and terminal companies, and governments, many of which have been unable or unwilling to make the investments required for ports and terminals to remain competitive.

In the past year, the result of all this Chinese maritime buildup has become clear: a 21st-century version of the Dutch East India Company, a notionally commercial enterprise operating globally with the full financial and military backing of its home state. In this approach, massive investments in ports and related logistics, land transport, energy, and telecommunications infrastructure are the centerpiece of China’s strategy for achieving global maritime power and commensurate political influence while avoiding, or at least mitigating the risk of, a direct confrontation with the U.S. or other nations with global maritime interests.

The vessels that connect Chinese-controlled ports into an integrated network of commercial power are in effect “ships of state.” While sailing as commercial carriers of manufactured goods and commodities for a wide range of customers, the containerships of Chinese and Chinese-allied shipping firms now function as instruments of Chinese national strategy.

China COSCO Shipping Corporation Limited has been at the forefront of state-backed efforts to radically expand the country’s outbound investments in overseas infrastructure. Countless photos of COSCO’s mammoth ships stacked with freight containers have made the company a generic symbol of seaborne commerce. But it was China’s state-owned Assets Supervision and Administration Commission (SASAC) that created COSCO in 2016 by merging two state-owned Chinese shipping companies into an integrated shipping, logistics, and port company with the scale to compete globally, in effect commissioning a state entity to carry out China’s maritime expansion. While shares of COSCO operating units are listed on public stock exchanges, the holding company that controls COSCO units is solely owned by SASAC.

COSCO’s commercial expansion has created leverage for Beijing — leverage that has already resulted in countries that host COSCO ports adopting China’s position on key international issues. The crown jewel of COSCO’s expansion — and a template for China’s broader maritime-expansion strategy — is the port of Piraeus in Greece. News coverage of COSCO’s acquisition of a majority stake in the port last summer obscured the sustained, deliberate, and comprehensive effort China has undertaken in Greece since 2008, when COSCO first obtained the right to operate two piers at Piraeus, at the time a backwater port struggling with labor issues.

In 2016, COSCO acquired control of the Piraeus Port Authority S.A., the publicly listed company created by the Greek state to oversee the port, winning a bid to operate and develop the port for 40 years in exchange for an annual fee of 2 percent of the port’s gross revenue and more than $550 million in new investments in port facilities. Under severe financial stress, Greece opted for a broad form of privatization typically used in developing nations, which enables the private investor — in this case COSCO — to act as owner, regulator, operator, and developer of the entire port, in effect transferring quasi-governmental powers granted by an EU nation to an entity now under the supervision of the Communist Party of China.

COSCO did not hesitate to exert its control. At the first annual meeting of the Port Authority board since it became Piraeus’s majority owner last summer, COSCO proposed allowing board meetings to be held in China as well as Greece; when the Greek State objected that the proposal would amount to changing the domicile of the port company to China, COSCO adjourned the meeting for a few days to allow Greece to present its legal argument, then re-convened the meeting and adopted the proposal. For its part, China reaped diplomatic support last June when Greece blocked an EU statement at the United Nations Human Rights Council that was critical of China’s human-rights record, calling it “unconstructive criticism of China.”

China’s naval presence has bolstered Sino–Greek diplomatic alignment. A PLAN task force made a four-day “goodwill” visit to Piraeus last July that included joint exercises in the Mediterranean, and returned to the port last October after a cruise to Saudi Arabia. China has used commercial operations as a rationale for developing the military capabilities of its maritime network since 2008, when the Chinese navy first took part in multilateral anti-piracy operations to protect commercial shipping in the Gulf of Aden and along Somalia’s Indian Ocean coast. To secure a site on the Gulf that the Chinese navy could use for replenishment, China Merchants Port Holdings — another company controlled by SASAC — acquired 23.5 percent of the port of Djibouti in 2013. In 2015, China began to build a naval support base there.

Government officials claimed that the Djibouti operation was purely logistical — until Chinese troops were deployed troops to the site last July. The military aspect of Chinese maritime expansion now overshadows the development of Djibouti’s commercial port. The top American military commander in Africa told a House Armed Services Committee hearing in March that the U.S. would face “significant consequences” if the Chinese restricted the use of the Djibouti port, which provides access to Camp Lemonnier, the only American base in Africa. Concerns about access increased early this year after Djibouti’s president terminated the contract of DP World, a company based in the United Arab Emirates, to manage a container terminal it had built at the Djibouti port in 2006. The abrupt move sparked reports that Djibouti intended to turn over the terminal to Chinese operators and bring in other port companies to build new terminals.

China’s maritime frontier has reached South America as well: China Merchants Port Holdings has acquired a key terminal in Brazil’s second-largest port, another Chinese SOE is building a new port in Brazil’s northeast, and Brazilian carrier pilots have helped train Chinese pilots in carrier aviation.

Resistance to China’s maritime expansion has been scant. In April, the EU and Italy alleged that Chinese criminal gangs are committing tax fraud by not reporting imports through Piraeus. In July, a German business newspaper reported that EU diplomats in Beijing had prepared a briefing for an EU–China summit that sharply criticized Chinese investments in ports and other strategic assets for seeking to further Chinese interests and aid Chinese companies. But China has rebuffed previous EU efforts to level the playing field and increase transparency, and despite the tax-fraud allegations, COSCO is ramping up major new investments in Piraeus, including a ship-repair dock and a telecommunications system from Huawei.

There are, however, signs that the U.S. is beginning to recognize the strategic implications of China’s maritime expansion. In late April, the Committee on Foreign Investment in the U.S. (CFIUS) raised national-security concerns about COSCO’s taking control of a heavily automated container terminal in Long Beach, Calif., the largest port in the U.S. The terminal is part of COSCO’s pending purchase of Orient Overseas International Ltd., another member of COSCO’s shipping alliance, which now operates the facility.

While it’s likely that COSCO will have to agree to divest the terminal to win U.S. approval of the purchase, CFIUS has an opportunity to raise the bar by making such approval contingent upon COSCO’s selling the Long Beach terminal to a company that is not financed by Chinese sources, or one allied with any Chinese shipping or port SOEs through the opaque holding-company structures that China has used to build its commercial maritime network.

But in the long term, most of China’s port and shipping acquisitions won’t be subject to CFIUS reviews. From 2007 to 2017, China’s annual seaborne imports soared by more than 160 percent, accounting for 49 percent of the growth in world trade, and global shipping lanes are likely to become increasingly contested as China works to secure its supply lines. By creating a global port network, China will project power through increased physical presence and use the oceans that have historically protected the U.S. from foreign threats to challenge U.S. maritime supremacy. Economic challenges and backlash from disgruntled host countries could slow China’s port-buying spree. But the U.S. can no longer assume that its maritime supremacy will remain unquestioned forever.

‘How #Nigerian #firms can #comply with #EU data #privacy #laws’

The European Union’s General Data Protection Regulation (GDPR), comes into force on May 25. African businesses that collect, process, or store personal data about European citizens and residents will need to comply even if they don’t have a direct presence on the continent; even more so if they are Small & Medium Businesses (SMEs).

The GDPR sets out the minimum requirements for the treatment of all personal data, which it defined as any data identifying or relating to an individual, including things like physical appearance, biometric data, an individual’s record on a customer relationship management system, or even something as simple as website tracking data collected via cookies.

Checks showed that failure of businesses in the region that collect, store and process personal data for EU citizens for the provision of goods and services risk €20million fine if they failed to comply with the new GDPR.

However, the Executive Vice President, Africa & Middle East, Sage, Pieter Bensch, listed six measures organisations and firms can take to avoid any embarrassment.

These measures, according to him, include getting informed; doing an audit, review of consent mechanisms; refreshing privacy policies and contracts; training of extended workforce and appointing a data protection officer.

Bensch explained that the first step towards complying with the GDPR is to understand the new demands the regulation places on how business collects, manages and stores the personal data of European citizens and residents. “There is a wealth of information available online; a good starting point is the EU GDPR Portal,” he stated.

He revealed that many law firms and IT consulting groups in Africa have also been studying the GDPR. He said they will be able advise on the practical aspects of compliance as well as how the GDRP will interact with the data privacy and protection laws and regulations in place in specific countries, like the Protection of Personal Information Act (POPI) in South Africa.

According to him, the GDPR is an opportunity to evaluate why organisations collect and store personal data, as well as the data already in databases. “You will need to know this so that you can explain to European individuals which data of theirs you are collecting as well as how you use it. If you find that you are gathering data for which you have no real business need, delete it. This will help you reduce your exposure to risk, as well as show a commitment to responsible usage of your customers’ data.”

Bensch said the EU data protection legislation has always required that customers must give specific and informed consent to organisations that gather their data.

He noted that organisations will need to update their privacy notices to provide the additional information required by the GDPR, and may well need to relook the portions of any contracts with EU residents and citizens that deal with their data rights.

He advised companies to ensure their employees and partners are aware of the GDPR and secure training to prepare them. “Remember the GDPR makes you responsible for third parties who process personal data for you.”

FBI #Report Shows #People #Lost US$1.4 #Billion to #Cyber #Criminals

People targeted by cyber criminals have lost over US$1.4 billion in 2017, most of it in relation to romance and confidence schemes and hacked email accounts, an FBI report released Monday shows.

The most prevalent crimes and those with the highest reported losses include “non-payment/ non-delivery, personal data breach, phishing, business email compromise and confidence/ romance fraud.”

The FBI’s Internet Crime and Complaint Center, IC3, receives about 800 complaints per day.

The service started receiving complaints in 2015 about a scheme that impersonated executives of major US banks such as JPMorgan Chase and fabricated US documents.

Individuals living in West Africa impersonated bank officials and financial consultants to convince their victims to invest tens and even hundreds of thousands of dollars in opportunities that would allegedly generate them millions.

In order to gain their confidence, the scammers used false domain names so it would appear that their emails are connected to the US banks and recruited US citizens to pose as bank representatives during in-person meetings.

For victims not based in the US, they orchestrated pretend visits to US embassies and consulates and faked documents to convince them that the US government was sponsoring the investments.

Once the money was transferred to US bank accounts, it would be liquidated and moved to West Africa through wire transfers, cash withdrawals and luxury vehicle purchases.

Victims from more than 20 countries lost over 7 million through this scheme.

In one case, victims shipped high end clothing and jewelry without ever receiving compensation. In another, someone posed as a famous university football player and threatened female victims with physical harm if they did not send him inappropriate photographs.

By hacking email accounts of businesses that regularly make large-sum wire transfers, fraudsters stole over $675 million in 2017. This can range from a fake email from a CEO requesting a money transfer to hacked personal emails sending requests for money to vendors in their contact list.

Victims also reported receiving emails from law firms instructing them to make “secret or time-sensitive wire transfers,” messages from hacked business accounts asking for their tax forms, and fake realtors asking for real estate transactions.

Cyber criminals often use phishing emails to install “ransomware” that makes sensitive data on a corporate network inaccessible through encryption. They then ask the company to pay them a ransom fee in order to regain access to their data, which the FBI does not recommend to do.

The FBI’s IC3 received 1,783 complaints with adjusted losses of over 2.3 million resulting from ransomware attacks.

Fraudsters often target the elderly. The IC3 received almost 50,000 complaints of victims over 60 reporting losses in excess of $342 million in 2017 alone.

In a statement released in February, Attorney General Jeff Sessions said: “When criminals steal the hard-earned life savings of older Americans, we will respond with all the tools at the Department’s disposal – criminal prosecutions to punish offenders, civil injunctions to shut the schemes down, and asset forfeiture to take back ill-gotten gains.”

Cyber criminals have extorted over $15 million in 2017 by threatening to murder people or their families, releasing sensitive info in exchange for sexual images, favors or money, and impersonating debt collectors.

Most criminals demand payment in cryptocurrencies such as Bitcoin because this provides them with an additional layer of anonymity.

The total number of complaints in 2017 filed with IC3 was more than 300,000, about 40,000 more than in 2013.

Outside the US, most complaints come from Canada, India and the United Kingdom. Within the US, California, Florida, New York and Texas have the most victims.

In cases of confidence and romance fraud “a perpetrator deceives a victim into believing the perpetrator and the victim have a trust relationship, whether family, friendly or romantic.

“As a result of that belief, the victim is persuaded to send money, personal and financial information, or items of value to the perpetrator or to launder money on behalf of the perpetrator.”

Fraud in The #Business Environment #Comes in All #Shapes and #Sizes

As a precursor to the upcoming FEI Summit session, this article provides context for the primary areas business leaders should examine when designing their own fraud risk assessment.

Fraud in the business environment comes in all shapes and sizes, and it can come from the most trusted and long term employees. With the advent of computer technology there are more intentional acts of theft and deception in the workplace than ever before.

At the upcoming FEI Summit in Houston, TX we will talk about the general overall environment many of us operate in today’s business world. It is important to have context when you are talking to business leaders and ownership about managing your business in a manner that protects the hard earned capital and reputation the organization has built over decades.

On an annual basis the Association of Certified Fraud Examiners publishes a Report to the Nations on the most recent available information on the topic. In 2017 they examined almost 3,000 cases and $7BB worth of fraud cases worldwide. We will review the findings of that report to provide you with some useful trends and patterns to use. This will help you in designing your risk assessment once you return to the office. We will talk about planning, detection, implementation of best practices, and technology.


When reviewing your organization to determine were the greatest weaknesses exist, you must understand the background, and motivation of the fraudster. Many times these perpetrators are long term employees who have run into difficult financial or family problems. When you couple that pressure with their knowledge of the weaknesses in your controls the opportunity is sometimes too great to look past for these individuals.

The larger your organization grows the more people and locations come into play to monitor and safeguard. There is no one size fits all fraud kit you can buy from the AICPA, but there are common practices that have shown results over the past decade.


There are many different systems, groups of assets and information that a CFO is responsible to protect against these fraudsters. We will talk about process and procedures that you can put in place in your organization to help detect these acts quicker and easier. According to the ACFE report 97% of the fraudsters made attempts to cover up what they were doing, either by falsifying documents or records in the information systems. That tells us there are clues to lead us to the perpetrator.

There are analytic tools that have become popular in detecting questionable data in your systems, and there are techniques and data comparisons you can perform on a regular basis to flush out other questionable documents and patterns.

Best Practices

The nice thing about the process is that many people have been working on the problem for years and have developed several tried and true techniques to help you in your business environment. Yes many of you have smaller staffs and training time and resources will always be a problem, but if the survey is half right you are at risk for losing two & half percent of your revenues to fraud.

Yes separation of duties can be challenging in a small team or non-profit environment. However there are ways to combat this situation. There are also several highly regulated industries that have had to invest in technology and training to prevent these events and we can learn from them.


As we try to make our organizations more cost effective and competitive in the global market place we are opening ourselves up to more entry points for the fraudsters to enter. Every entry point allows people from across the globe to insert a Ransomware virus into your system, to steal the credit card information from your customers, and personnel information that is stored in your payroll systems.

A major challenge organizations face is there are hundreds of different software manufactures specializing in all kinds of tools for every department in your organization. These tools go from CRM systems for Sales and Marketing, ERP systems for the Operations planning and logistics teams, and Accounting and payroll systems in the back office.

All of this, along with a data breach that lands your organization in the news and damages your reputation can cause many CFO’s to loss sleep. Attend Fraud from Within at the upcoming FEI Summit to begin to understand the environment you operate in, review your weaknesses, create a plan, and implement a dozen’s of best practices to help you sleep a little better.

‘Frugal’ #Secretary’s #Story #Raises #Specter of #Insider #Trading

Sylvia Bloom worked for 67 years as a secretary at the law firm Cleary Gottlieb Steen & Hamilton. She accumulated a personal fortune of more than $9 million.

Bloom did this by being “frugal” and “by shrewdly observing the investments made by the lawyers she served,” reports The New York Times, which broke the story Monday on its front page.

The story resonates in part because it reinforces a hopeful narrative, which is that wealth is a reward for virtues such as frugality, shrewdness, and patient savings. It helps, too, that the childless Bloom also left the bulk of her estate to charity — another virtue.

But the mechanics of the wealth accumulation, at least as the Times describes it, raise some other questions that are left unexplored by that newspaper’s initial report.

The Times quotes Bloom’s niece, Jane Lockshin, the executor of Bloom’s estate and the treasurer of the charity receiving $6.24 million from it, as explaining “She was a secretary in an era when they ran their boss’s lives, including their personal investments . . . So when the boss would buy a stock, she would make the purchase for him, and then buy the same stock for herself, but in a smaller amount because she was on a secretary’s salary.”

Perhaps inside every Cleary Gottlieb lawyer is a brilliant portfolio manager struggling to get out. Or perhaps Bloom’s returns were about what someone would get simply by investing in a stock index fund over this time period, given the power of compounding over a period of time as long as 67 years.

The span coincided with the long post-World War II bull run of the U.S. stock market.

But there’s another possible explanation of Bloom’s fortune that is less favorable. That is the possibility that she used her privileged access to confidential information to make money.

Other people — even at least one other person who worked at Cleary Gottlieb — have gotten in big trouble for this. A Bloomberg News article published by The New York Times back in 1998, for example, reported, “A former associate at the New York law firm of Cleary, Gottlieb, Steen & Hamilton pleaded guilty yesterday to insider trading for misusing confidential information about one of the firm’s clients.”

In that case, a Cleary lawyer bought options betting on the price of a company after being assigned by the law firm to help draft documents related to a takeover bid. Maybe that person, who got caught, is the only Cleary lawyer who ever traded based on inside knowledge.

I’m not a big believer in the expansive interpretations of securities law that create these insider trading cases. But in 2016, the same year Bloom died, the Supreme Court ruled unanimously in Salman v. United States that the Securities Exchange Act of 1934 and a subsequent Securities and Exchange Commission rule “prohibit undisclosed trading on inside corporate information by individuals who are under a duty of trust and confidence that prohibits them from secretly using such information for their personal advantage.”

It’s not clear whether Bloom’s bosses at Cleary knew what she had been doing, let alone whether Cleary’s clients knew. But no matter what one’s view of insider trading law, you don’t have to think about it for too long to realize that stock trading by individual confidential secretaries at large corporate law firms poses potential legal and moral complexities. I’d prefer these be handled by agreement among the law firm, its clients, and its employees, rather than by criminal or civil government enforcement actions.

It’s complicated stuff, involving, potentially, not only impending mergers and acquisitions but also even ongoing litigation. Imagine a lawyer representing a tobacco company in a liability case who knows that unfavorable documents found in pre-trial discovery will soon emerge in a public court filing, or in an investigative news article. Imagine the lawyer selling, or short-selling, the tobacco company stock based on that information. Imagine the lawyer’s secretary doing the same for her own account.

As a legal secretary who lived in a rent-controlled apartment in Brooklyn, Bloom may seem not to fit the stereotypes of rich people. Actually, though, she’s precisely representative of the paradox of America’s attitude toward wealth.

We admire the virtues that create it and simultaneously suspect that there may be another side to the story. Warren Buffett is a brilliant investor and he’s also getting rich from selling stuff (Dairy Queen, Coke, fake Wells Fargo accounts) that may not be too good for you.

Mark Zuckerberg created an amazing product as a college student and also isn’t that careful about your privacy. The Walmart Waltons and Jeff Bezos of Amazon created amazing value for customers and also hurt some local retailers.

Cheer Sylvia Bloom’s accomplishment, sure. But you may also want to double check with your secretary — or with your lawyer’s secretary — that you all have the same understanding about whether your confidential information is going to be used for private profit, even if those profits eventually go to charity.

Read Newsmax: ‘Frugal’ Secretary’s Story Raises Specter of Insider Trading |
Urgent: Do you approve of Pres. Trump? Vote Here in Poll

Sweepstakes #business #robbed #Sunday in #Haw #River

Haw River police are searching for the man who robbed a sweepstakes business Sunday, May 6.

Police responded at 12:09 p.m. to Haw River Bids, 2629 N. Church St. The suspect was described as black, 5 feet 8 inches tall to 5 feet 10 inches tall tall, weighing about 150 pounds and thin-built. He was described as wearing a black hooded jacket and dark-colored jeans.

The suspect displayed a handgun of unknown make and model.

Anyone with information is asked to call the Haw River Police Department at 336-578-4141 or CrimeStoppers at 336-229-7100.

How #Western Union is #responding to #rising data #protection and #digitisation

Company looks to deliver more meaningful, targeted and focused experiences to global customers

Western Union’s Nicole Zimmermann is all too aware of the challenges and responsibilities associated with handling massive amounts of customer data.

As head of customer and marketing for the global payment division, Zimmermann is eyeing the latest data privacy measures across the globe with great interest. Western Union operates in 200 markets and has 12,000 employees, 2500 of which are in the global payments section and 60 in marketing.

Two big ones on her radar are the enactment of the General Data Protection Regulation (GDPR) in Europe, which comes into effect in May, as well as the Revised Payment Service Directive (PSD2), a directive that will change banking as we know it.

“With GDPR, we need to be much more clearer in terms of collecting the permission of our business customers,” she tells CMO while visiting Australia. “For example, as it relates to the ‘opt-in’ to make sure they’re giving us permission to message them and to offer them any type of value proposition through respective channels.”

The second regulation, PSD2, which allows third-parties to get access to a customer’s bank account information, is also of obvious significance to Western Union.

“When you think about handling massive amounts of customer data, it is about taking into consideration how the landscape across the globe is changing and looking at it from a regulatory perspective related to data privacy and the handling of account information,” Zimmermann said.

“For the banking industry, this will be a massive change as consumers can now decide to actually have third-party providers manage their finances, like the Facebooks or Googles of the world.”

Indeed, Zimmermann has her hands full, analysing the latest regulations and preparing the company for how to respond to an increasingly digital world and improving the customer experience.

And she’s worn a few hats. She’s also the vice-president of WU Way, an initiative from Western Union which aims to drive operational efficiencies through digitisation. The strategy focuses on changing the way employees work, delivering a better customer experience and driving growth for the business.

At the same time, Zimmermann continues to transition out of assignments related to the change management journey, known as WU Way, and back into the business as head of customer and marketing at global payments.

She joined Western Union 11 years ago, working in Vienna, Austria as head of marketing for Europe, Russia and the CIS region.

Australia is one of the biggest markets for the global payments player. Western Union Business Solution’s (WUBS) local clients include Adairs, Boardroom, Deloitte, Defence Bank, Forever New Clothing, Fred Hollows Foundation, Heritage Bank, Holden Special Vehicles, Peter Steven Motorcycles, Professional Golf Australia (PGA), Qudos Bank, Regional Australia Bank and University of Sydney.

“We have a long-standing business here. We have been able to collaboratively work with our sales and go-to-market organisation to identify the customer segments that we want to go after in the Australian and New Zealand business and be very specific about the tailoring and the personalisation of our value proposition and our messaging,” Zimmermann said.

Strategic play
Given the global trend towards digitisation, Western Union is looking to deliver more meaningful, targeted and focused value propositions to its business customers across the globe. In March 2017, the consumer money transfer business and global payments were split into two separate business units.

As marketing head of global payments, Zimmermann’s role is to gather customer insights, analyse and manage the data, be focused and targeted, while also securing customer data.

“The landscape around data and customer information is continuously more regulated and more protected and this protectiveness is driving us to become analytical and focused in terms of how we need to manage information to be able to market to our customers,” she continued.

“The digital channels, obviously, play a critical role because with that it’s relatively easy to gather not only information, but also make sure we have the consent of customers in terms of being able to communicate with them in the future.”

The digitisation of marketing is going to help Western Union not only gather the information, but also drive and ensure it has the permissions and opt-ins of those customers and be able to manage them moving forward.

“We have paid a lot of attention to designing programs where the voice of the customer and data management become much more important for marketing,” Zimmermann said. “This takes personalisation to the next level, because we can become more tailored as long as we have the permission of customers to communicate with them.”

One example is the digital work the company has done on its 40 business solutions websites across the globe, what Zimmermann called the “face to the world”.

“We have leveraged our digital footprint, including websites to make sure the information we’re presenting – and the interaction and engagement with the customer – finds its way to those websites, and is one tool in terms of our go-to-market approach,” she explained.

Additionally, the use of the WU Edge digital platform, developed for business customers to manage their global, cross-border, cross currency payments needs, is another approach that’s offering customers a personalised approach. WU Edge was launched by WUBS in Australia in 2016 and enables seamless financial connectivity between buyers and sellers in a self-servicing tool.

Zimmermann is also heavily focused on in-product marketing. “For each and every customer, we can personalise the message. If a customer just opened his account in Edge, his messaging is more about the instruction of how to leverage Edge as a self-service tool to do cross-border, cross currency payments.”

On the other hand, if it’s a long-standing customer, marketing can go the next step in understanding the customer’s needs and what they might want in terms of their payments in the future, and then designing its value propositions and messaging around it, Zimmermann said.

“The digitisation of our marketing approach is helping us to not only manage and comply with regulations and laws related to data management and privacy, but also enabling us to become more personalised, more targeted and more tailored.”

VoC insights
In addition, Western Union is using voice-of-customer programs in a bid to pump up customer experience and engagement. To do this, it’s collecting VoC information from both internal and external sources. Internal sources include account operations employees interacting with clients on a day-to-day basis, supporting customers with the payments they are managing across the world.

“They are our lifeline into the voice of the customer. We hear what challenges the customers are facing. How our services are working, and where there might be challenges in our services or products that we need to address to make it an even more seamless for customers,” Zimmermann said. “We talk to our salespeople internally about our account managers and dealers who are managing the relationships with our business customers. They are a key source of information.”

The company relies on its customer database and uses analytics to understand customer patterns. “It is not so much individual customer feedback, but more the patterns across customers, and how we can tailor messaging, product development and value proposition definitions to be more focused and tailored.”

On the external information front, the company is investing a significant amount of its global payments marketing budget in customer events and client advisory boards. The other external source is Net Promoter Score (NPS).

“We have a quarterly satisfaction survey where we are reaching out to our existing customer base and asking them if they would recommend our services,” Zimmermann said. “We always have an open-ended question when closing the NPS to understand where we can do better to address customer experience pain points.”

A big challenge for Zimmermann in her global role is staying true to the voice of the customer and making sure there’s a “dedicated customer focus” in everything she does.

“You have to not only internally drive this customer centricity, but have a view of continuous improvement. That’s why we’re using a lean methodology throughout the organisation to drive more effective and efficient operations and marketing execution,” she said.

And to stay in touch and reach out to customers in every region requires local insight as well as global strategy.

“When you’re in a global role, you have to make sure you travel into the regions and you’re staying close to the customers by listening to your own internal sales or care organisations connected to the customer every day, but also go out to clients meetings and go out on a market tour to understand what the regional flavours are so you drive the right programs and help the regions to drive growth,” Zimmermann concluded.