Employee apathy may seem innocuous enough, but the costs to time and resources can be a slow, devastating drain on a corporation. Many corporations and organizations have at least one employee who exhibits all the major signs of checking out in their daily capacity. Even if your corporation has bulletproofed human resource operations, employee burnout can still occur. That’s why it’s imperative for leadership and management to know and identify the signs of apathy on the part of an employee.
Signs of Employee Apathy
A repeated pattern of tardiness
Poor appearance and hygiene
Complaints about lack of money and/or repeated
attempts to borrow money
Exclusive precedence on their personal life
An excess of breaks
Appearance of being busy with nothing to show
Lack of accountability, making excuses
Irrelevant preoccupation with cell phones, smart
It stands to reason that if an employee is underperforming
at their job, leadership will cut the dead weight for the good of a
corporation. There are actually three umbrella categories that are often used
to justify retaining apathetic employees: Costs, Litigation, and Personal.
The first thing leadership will think of when they notice
an apathetic employee is dollar signs. Not only is the apathetic employee hemorrhaging
their money by wasting time and resources, but the cost to replace that
apathetic employee can also be an issue. Costs are incurred to the human
resources department to find, hire, and train a replacement. Employers might
hesitate to fire an apathetic employee because of unemployment insurance rates.
Another relevant factor specifically effects small businesses, in which the
workforce is not large enough to support turnover operations.
When it’s not a matter of money, it can often be a matter
of personal feelings or relationships concerning leadership and the apathetic
employee. A manager or owner might have a personal relationship with the
employee, and their bias prevents them from pulling the trigger on termination
procedures. Personal knowledge of that employee’s personal life and their
identity as a person (rather than an employee) can color their perceptions and
increase their latitude with the employee. Avoidance behavior can also play a
role. When this happens, leadership usually resigns itself to one of two end results:
Either the employee will improve on their own without intervention from
leadership, or they will leave on their own without termination proceedings.
The independent judgement of leadership may not be the
sticking point in terminating an apathetic employee. There are often legal factors
that a corporation or organization must consider. For instance, the Age
Discrimination in Employment Act (AEDA) protects employees from being
terminated based on their age. If an apathetic employee is of a certain age,
leadership may fear legal retaliation, citing age discrimination as the reason
for their termination. In higher education, an employee may have tenure as defined
by the institution, which would prevent leadership from terminating them.
Risks in Retention
Retaining apathetic employees for any of the reasons
listed above can have serious consequences for a company who is avoiding the
issue or trying to save money. Apathetic/underperforming employees cannot
provide a customer base with quality service, leading to dissatisfaction and
consumer complaints. This can negatively impact the corporation’s brand or
campaign, with a high risk of human error, loss of valued customers, and lost
reputation. Disgruntled employees could potentially say negative things about the
corporation on their social media accounts. Perhaps most concerning, apathetic
employees can easily spread their attitude throughout a work force, and harm long-term
goals for the corporation.
Corporate Culture Audits
One apathetic employee is enough of a drain on company time and resources, but if that attitude is contagious, you could have a larger problem on your hands. Unfortunately, when it comes to employee morale and performance, you don’t know what you don’t know. That’s why so many corporations and organizations are investing in quarterly or even biannual corporate culture audits. With a corporate culture audit, an independent, third party firm, like a private investigator or security company, conducts a full overview of company operations, structure, and environment in order to identify problems at their source for the health of the corporation. With a corporate culture audit, leadership will be able to identify factors that might be contributing to employee apathy.
When it comes to your workplace culture, you don’t know what you don’t know…
We know the importance of conducting independent investigations when an internal crisis arises in a business or organization. While some companies are focusing on revising their company culture in order to improve responses to internal crises, others are seeking an ounce of prevention for a pound of cure. For many businesses and organizations, this means going back to the root of their company culture and conducting a corporate culture audit.
What is corporate culture?
According to the MISTI Training Institute, a corporation’s culture is defined as, “the set of enduring and underlying assumptions and norms that determine how things are actually done in the organization.” This collection of shared beliefs, values, and visions should play a direct role in how the entity handles its day to day operations and shape their overall goals for the future of the company. However, it is not enough for a corporation or organization to have a corporate culture on paper, because the point of having a company culture established is that management and executives with decision-making power exemplify and lead by virtue of these beliefs. That’s why it’s prudent to conduct an internal culture audit in order to identify the core issues that lead to decline in production, revenue, and employee morale.
It’s not uncommon for businesses to encounter an internal crisis. Among the different types of internal crises, some of the most common are employee misconduct, fraud & theft, security vulnerabilities, and workplace safety. It’s also not uncommon for companies to operate under a “fire alarm” system, in which there are focused attempts to put out an internal “fire,” like a complaint of sexual harassment, or reports of theft. Human resource employees can spend so much time putting out fires that there’s no time to investigate the root of these problems and reform policy for smoother, healthier operations.
Typical culture audits
Culture audits can come in many forms and many levels of comprehension. Some assessment firms boast that they will personalize an assessment for their clients—unfortunately, a “personalized” audit can be problematic. If “personalized” is interpreted to mean that the client may specify which aspects of their organization’s culture they would like evaluated, it defeats the purpose of a cultural audit. Culture is not just one aspect of a company, but how all of those aspects harmonize for the good of the company. A typical culture audit includes, but is not limited to:
organizational mission, vision, and values
understanding of and extent of buy-in to mission, vision, and values
how values are symbolized
value differences between the organization and its competitors
identification of key measures of success
type of leadership required
the behaviors and attitudes of management and leadership
background of top managers, including schooling, time with the organization, job experiences, current duties and status, and career path policies, procedures, training requirements, and recognition systems that support or inhibit the ideal culture and behaviors
incidents and examples that illustrate what is really important to the organization
shared language or terminology
other strategic influences in the environment, such as competitive or allied organizations that may influence behavior
cultural heritage or history since founding
organization’s structure and its relation to culture and strategy
behaviors that reinforce core values
identification of subcultures and their roles.
Significance to companies
There are many types of internal crisis that can be prevented with a company culture audit, with two at the forefront of many Human Resource departments and executive leadership: Active shooter events and employee misconduct. Employee misconduct continues to become a higher priority for companies as more victims of employee sexual harassment are coming forward in the wake of the #MeToo movement. When a company’s management does not show initiative to improve operations surrounding these types of complaints, it can create a culture of silence within the workforce. The 2018 Global Business Ethics report stated that the reporting rate for “interpersonal misconduct” was around 30% for sexual harassment, surveying businesses that were actually registered with the researching body. With that level of sexual harassment going unreported within a company, how would leadership know if a pervasive problem exists within their company culture?
Between 2000 and 2017, nearly half of the active shooter events that took place were categorized as places of “commerce,” or business. A startling 60% of the active shooter events that took place in 2018 were also at places of business. In 10% of the cases examined from that FBI 2018 study indicated that the perpetrator exhibited warning signs of active shooter behavior prior to the event, following termination or disciplinary action. Lower & Associates estimates businesses across the United States will lose more than $55 million in employee wages each year due to violence in the workplace. They experience direct losses in the form of medical expenses, workers’ compensation, litigation fees, and indirect losses such as breakdown in operations due to arrested productivity, record-low morale, and public relations nightmares.
The company culture audit is an ounce of prevention for a pound of cure. While many companies consider their culture well-established and well-practiced, the fact remains: You don’t know what you don’t know. That’s why investing in a quarterly or even biannual corporate cultural audit is so crucial for companies. Culture audits can save thousands in the future by identifying problems that would lead to litigation, low morale, and high rates of turnover within a company or organization. Rather than putting out fires on a day to day basis, why not fireproof instead?
When putting together a team to supervise your money, it helps to know who you’re dealing with…
Nonprofit organizations can do great work in promoting community growth, providing assistance to those in need, and raising money to fund research in the name of bringing solutions to some of the globe’s most comprehensive issues. These organizations must be above reproach, and as such, their board members must be individuals of the highest integrity. That’s why it’s imperative nonprofit organizations establish policy that dictates board members are subjected to a comprehensive background check.
It’s true that there is no requirement for a nonprofit organization to establish a board of directors, but an overwhelming majority of nonprofits do so. This is often a necessity, as many banks will not establish an account for a nonprofit without supervisory leadership. Donors also consider this leadership essential to ensuring their donations are spent wisely and in the best interest of the cause. In addition, organizations that issue grants are more interested in nonprofits in which their monetary awards are also well-managed, due mostly in part to the fact they must answer for how their monies are allocated. Small business journal, Chron, put it best, “The board’s duties are fiduciary. This means the board is trusted to act in the best interests of its organization, regardless of personal interest.”
A board of directors for a nonprofit is designed to promote progression within an organization by virtue of diverse management and comprehensive collaboration. Because an organization’s supervisory leadership can depend on their ability to serve their cause, that board must have impenetrable integrity. Therefore, even nonprofits cannot afford to skimp on background checks for leadership.
When establishing a board of directors, there are often misconceptions on what a comprehensive background check encompasses. The term “background check” is an umbrella term that can refer to one or all of a list of screening processes that both organizations and corporations use to verify the employability of an individual. This can include a report that offers details on a person’s criminal and employment history, and a review of their financial history.
A nonprofit background check is the first step in protecting your organization, but not every executive sees it that way. It’s not uncommon for nonprofits to cherry pick through the wide range of areas that a comprehensive background check includes, either to save time and/or money, or because only one or two areas of such a report are a priority for board leadership. Areas of high priority include criminal history, sex offender registry, or a basic credit report. Even if a nonprofit checked all of these boxes when conducting a background check, that would still not rise to the standard of comprehensive when verifying a potential board member’s history.
A comprehensive background check includes:
Verification of a candidate’s social security number
Information on registered vehicles
Relevant court documents
Military service records
Criminal registry information, such as sex offender registry
This list can sound staggering to the member of staff charged with appropriating an organization’s policy to screen a board candidate’s background. Screening a candidate’s background requires thorough research and a cross-reference of information against multiple open sources, such as public records, human sources, and social media. Even if the cost of obtaining supporting documents were not high, the labor hours to internal employees with day-to-day responsibilities can directly contribute to operational losses within a nonprofit organization.
These comprehensive screenings are crucial to the integrity of a nonprofit. After establishing a board of directors, any previously unknown and unflattering information regarding their history that may come to light cannot only be embarrassing for an organization but can negatively impact the support and assistance those nonprofits receive from donors and grant-awarding bodies. If information regarding a red flag in a board member’s history was publicly available (and not sealed by a court of law, or expunged from their record), and negligence occurs on behalf of the board’s supervisory capacity, there can be legal consequences as well. This is why corporations often run comprehensive background checks on their board of directors, or any other supervisory leadership. If for-profit corporations cannot afford to skimp on their background checks, there is no-doubt that nonprofits have even more at stake, including the opportunity to serve their cause.
Operational losses are why it can be prudent to retain an independent investigator to conduct background checks for a nonprofit organization. Firms like those of private investigators or risk assessment specialists can provide another layer of integrity when considering a candidate for board leadership. An external investigator’s independence and autonomy mean they have no stake in the results of a board candidate’s screening, and therefore only have loyalty to the truth. This is where nonprofits can consider candidates with the reassurance they have performed their due diligence, and have done so with the assistance of an objective third-party. All background screenings must be compliant with the Fair Credit Reporting Act legislation in disclosing the screening to the candidate.
From poor credit to criminal history, no detail is too small when it comes to establishing a board of directors for a nonprofit. Nonprofits may have marketing campaigns, but board diversity and integrity are how they attract monies from grant entities and major donors. That is why a comprehensive background check is an investment for nonprofits that will provide the security of due diligence with the integrity of independent screening.
It is estimated 30% of employees steal from their employer.
Most of us have dealt with a thief during our lifetime. Devious and sneaky, some thieves behave as if stealing is an art. It is usually a theft exposing them; however, many times, they can strike numerous times before getting caught. When theft happens in the workplace, it can not only be a costly lesson but the cause of a business failing.
An estimated 30% of employees steal from their workplace affecting all types of businesses. For instance, if you are running a restaurant with $1 million sales annually, at only 4% theft within the company, your company would be losing $40,000 a year!
Employee theft costs U.S. businesses over $200 billion in annual losses. Not only are companies trying to prevent the public from stealing items, inventory, assets, and ideas from a business, they must also combat thieves on the inside. Unfortunately, 75% of employee-related crimes go undetected.
Theft can take many forms, such as: stealing money, embezzlement, unauthorized use of business or customer identity, and theft of intellectual property, such as cases of patent or trademark infringement.
Combating Theft is Knowing How Employee Theft Occurs.
Employees who have access to a cash register is the most common way employees steal from companies. If unsecured, petty cash drawers or boxes, can be an easy target for thieves.
In addition, an employee can quote a higher price than the actual price of an item and keep the difference at the point of sale.
If employees have access to credit card information or checks, theft can happen as easily as sticking a few checks inside a folder, costing the owner thousands before it is detected.
Checks and Fraud
Most banks do not verify a signature on a company check making it very easy to sign and cash a check.
Credit card fraud is a number one threat to companies and consumers because most credit card holders admittedly do not check each line item on their credit card statement.
According to the U.S. Small Business Administration (SBA), companies with less than 100 employees, lose approximately $155,000 as a result of fraud each year, a much higher rate than large companies.
Employees may often perform actions and falsify records for work they didn’t do, such as requesting reimbursement for travel and other expenses unrelated to work. Employees may also set up fake payroll accounts for workers who have been terminated or retired. Creative thievery abounds.
Time theft or “Buddy Punching” is a very popular way timesheets may easily be falsified. Individuals complete this theft by having one employee punch another employee in or out for the other.
Excessive breaks, malingering, surfing the Internet, chatting with employees or taking personal phone calls are other ways time theft occurs. While some of these things may not at first be thought of as stealing, all these actions, or inactions, can affect the bottom line and be taking advantage of an employer.
Thieving employees will set up fake vendor accounts, submit phony invoices and issue checks for the false vendor. These checks can then be signed over to themselves and deposited. In addition, a variation would be paying a vendor $500 and writing a check to themselves, expensing the entire $500 to the vendor.
Loss of inventory can happen in the merchandise distribution process but can also happen before merchandise is made available to the public. Many times, employees will take items from a warehouse or newly arrived items before they are scanned into inventory software. Employees have even been known to steal entire shipping trucks containing merchandise headed to their employer’s company.
Some employees steal smaller items such as typical office supplies, but furniture and equipment are not off limits for a thief.
Many employees steal information to benefit themselves or a competitor. Types of information include: office memoranda, proprietary products, customer lists and/or other confidential data. Theft can occur by email, printing, or copying information to a flash drive or cell phone, or simply carrying it out in a purse or folder.
Sometimes, theft can be subtler, such as luring customers away, purposefully providing poor service, even spreading rumors to damage a company’s reputation and cause a down-turn in business. All are considered losses.
While there are ways to combat theft within your company, ultimately identifying the thief before they are hired is the most effective way to reduce the occurence of theft.
The SBA recommends: “One of the first steps to preventing fraudulent employee behavior is to make the right hiring decision.”
Background checks are a good practice for any employer, large or small, especially for those employees who will be handling cash, high-value merchandise, or have access to sensitive customer or financial data.
“The first and most effective way to address theft in the workplace, is to conduct an extensive background check,” says Lauth. “A background check can provide insight into an individual’s behavior, character, and integrity.”
Which Types of Background Checks Should You Conduct?
According to the U.S. Chamber of Commerce, upwards to 30% of business failures are caused by employee theft. Thus, conducting effective, extensive background checks helps to mitigate your risk of hiring objectionable or even dangerous employees.
Not all background checks are the same. As you build a profile of your future employee, there are several kinds of background checks you should consider. For example, a criminal background check is different than checking on an individual’s credit score or military service, these require consent. A criminal background check does not require consent; however, some states have laws restricting how you use the information collected during a criminal background check.
Private investigation firms like Lauth Investigations offer complete background checks while helping you comply with the law.
Protecting Your Legal Liability with Background Checks
Smaller businesses often forego background checks for two reasons: 1. A false sense of trust and security developed by business owners working too closely with employees. 2. Most businesses do not understand the legal liabilities associated with the failure to conduct employee screening and background checks.
Any business where employees provide a direct service and interact with customers, such as contractors or daycare providers, is liable if an employee does harm to a customer and the employee has a history of wrongdoing.
A company, big and small. may not recover from this kind of lawsuit.
Choosing the Right Company to Conduct Background Checks
Protecting the interests of your workplace and customers while reducing potential liability is of utmost importance; therefore, it is vital to select a company you can trust to conduct the background screening both efficiently and thoroughly.
While employers can do some background checking of their own, working with an experienced and reputable company can ensure the reliability and thoroughness of the background screening.
Purchasing instant public records found online is not appropriate for conducting potential employee background checks. Most certainly if your hiring decision is based on tpublic record data, your company could land in hot water.
Most public databases do not fact check, clean up or refresh their data providing completely different information than received from an investigative firm experienced in conducting professional, legal and full background screening.
Private investigators have access to databases to determine if a potential employee has a criminal background.
A reputable company providing background screening services will ensure the information you receive is current and accurate.
If a hiring decision is made based upon information found in the background check, in most cases, the company must inform the potential employee of the source used to obtain the information for the background checks (which is where using public databases can get your company in legal trouble).
What can you expect from a professional background check? According to Lauth, it’s all in the details and you pay for what you get. If you want detailed, accurate information, you will choose a Private Investigation Background Search.
Unlike a personal background search using public databases, private investigators have access to several databases providing a variety of information.
Employment history: This search will bring up employment records to include all positions held, making it easier to find discrepancies in a resume. It will also include salaries associated with the positions.
Academic and professional affiliations: Qualifications to include academic history and certification, even if the person did not complete the program.
Criminal records: Including a detailed outline of all criminal activity from traffic warnings and tickets to arrests and convictions. Also, these include jail time served and fines paid.
Financial Standing: Reflects all liens, judgments, bank accounts, current and previous property ownership, repossession of vehicles or other personal property, NSF checks and bankruptcies.
In addition to the typical information received through a personal background check, a private investigator will include:
Worker compensation claims an individual has filed. This can help determine the character of an individual by looking at the number of claims they have filed which could reveal a person is dishonest and fraudulent.
Ascertain causes of accidents or any criminal activity. DMV reports will show accident dates and basic information but do not reflect the cause. Private investigators can provide the cause behind the accident and whether criminal activity was involved.
Information on business and personal partners.
Analysis of all findings.
Relying on an Internet search is risky. A professional background screening will be more in depth than simply entering a name in a database. When a company’s future is at stake, the only way to go to obtain concise information needed to make informed decisions is a professional, private investigations extensive background check.
By: Kym Pasqualini, Feature Crime Writer for Lauth Investigations
Open-source intelligence (OSINT) is the collection of data from publicly available sources to be used in the context of intelligence. Within the intelligence world, the term “open” refers to overt, meaning sources available publicly, opposed to clandestine or covert sources.
OSINT is not a new concept. It has been in use for decades. However, with the arrival of instant communication and fast information transmission, a significant amount of predictive and actionable intelligence can now be obtained from unclassified public sources.
OSINT should not be confused with public intelligence or open-source software.
In short, open source acquisition involves procuring written, verbal or electronically transmitted material that can be obtained legally without any type of clandestine collection techniques.
Background of OSINT
OSINT’s originates with the pre-Central Intelligence Agency (CIA). The formation of the 1941 Foreign Broadcast Monitoring Service (FBMS) was born during World War II and evolved into the 1967 Foreign Broadcast Intelligence Service (FBIS), the predecessor of the Open Source Center of today.
Acquired by the CIA in 1947, FBIS emerged as the only recognized service organization trained and equipped to monitor and process foreign broadcasts for the benefit of all government agencies needing the service.
Coverage worldwide, to the extent it exists today, was beyond the dreams of those who lived in that era.
In 2005, following the 9/11 attacks, the Director of National Intelligence Agency, Porter J. Goss, announced the creation of the DNI Open Source Center. The Center is designed to collect information available from databases, radio, television, video, geospatial data, photographs and commercial imagery.
OSINT Information Flow Categories
Media to include newspapers, obituaries, magazines, television, and radio worldwide.
Internet includes, but not limited to, online publications, discussion groups, blogs, citizen video (user created content and video), Facebook, YouTube, Twitter and other social media websites.
Commercial Data includes commercial imagery, industrial and financial assessments and databases.
Grey Literature: patents, working papers, business and corporate documents, newsletters, technical papers, and unpublished works.
Professional and Academic publications obtained through journals, symposia, academic papers, journals, theses, and dissertations.
Public Government Data: telephone directories, press conferences, websites, speeches, budgets, hearings and other public government reports.
There are various disciplines of OSINT and the methods and applications are almost endless.
The New OSINT
Ten years ago, open source information was scarce; however, in recent years OSINT has taken on an entirely new meaning.
Back in the day, people were primarily found by searching a phone book. Today, people are increasingly comfortable with sharing their personal information and a treasure trove of information for those who want it.
According to Statistica, it is estimated there will be 2.77 billion social network users around the globe in 2019. Social media has become an excellent and consistent source of information.
While, decades ago the problem was shortage of open source information, the biggest difficulty now, is filtering through an overabundance of information.
Some examples of OSINT resources are:
Internet directories containing personal information, residences, relatives, demographics, employment, contact information.
Social networkingsites provide personal information, friends, family members, interests, photographs, videos, and activities.
Online reviews provide interests, purchases, activities and lifestyle.
User contributed information could be a blog, hobbies, opinions, and expertise.
Academic sites provide information related to education, business conferences, associations, and academic papers.
Company websites have personnel listings, backgrounds, location, duties, services, and contact information.
News sources provide topical information, reports, events, personal history, obituaries, and contact information.
Government sources provide personal information, criminal background, court activity, minutes, locations, demographics, tax records and other financial data.
Social Media Monitoring and Geofencing
Companies like Echosec, based in Victoria B.C., offers a web platform to draw what is called a “Geofence” allowing users to pinpoint a location of interest on a map and obtain information within selected parameters, then filter searches by keyword, hashtag, or username within the geofence.
Echosec’s real-time social media mapping connects virtual communities to real-world locations and gives new meaning to Geographic Information System Mapping (GIS). A powerful research tool combining GIS and OSINT.
This is becoming a popular method of analysis for retail, branding, journalism, private investigation, and finance, collecting what Echosec calls “hyperlocal insights” for better business and breaking news stories.
Google, Yahoo, Bing and other traditional link-crawling search engines do not typically access the information professionals using OSINT research techniques and resources can provide.
Geolocation is one of the most valuable resources used today. For example, videos and photographs shared publicly often contain information where the photographs originated.
Most of us post pictures of ourselves and our friends, tagging each other during a vacation at the beach or out on the town. A geotagged picture is a post that attaches a “geotag” which is the physical location to the post. It allows users insight to their followers, where they are, and what they are doing.
Social media and Geo-location monitoring of open-source information has been more frequently used by law enforcement and private investigators to conduct investigations. Whether a missing person investigation or background check, basic and even critical investigations can benefit from OSINT.
For example, a person is reported missing and frequently posts photographs on Snapchat, Instagram and Facebook. Investigators can access the geotags and see where the person was last and often see who they were with, allowing the investigating agency the ability to immediately expand their investigation.
Open Source Private Investigations
Many private investigators are now specializing in open-source intelligence and social media investigations, referred to as Social Media Intelligence (SOCMINT). While much of the information is available publicly, there are many reasons why an individual would choose to hire a private investigator.
Private investigators have become experts in the field of open-source intelligence investigations.
Simply, private investigators know how to search, where to search and what to search for, making hiring a private investigator a more efficient choice. Private investigators know if the information is online, in a state repository, library or the courthouse.
Information that can be obtained includes but is not limited to the following:
Whether a private individual or a business, obtaining the right information often leads the investigation in a specific direction. Private investigators of today are the next-generation of private intelligence providing services such as:
Difficult to locate
Knowing when to use a private investigation firm can help hasten an investigation. The service of these firms can make life easier because it requires more than just knowing how to use the Internet. And when all resources are exhausted, a good old “gum shoe” detective can investigate – boots on the ground.
Protecting Your Business with OSINT
Thomas Lauth of Lauth Investigations International uses his nearly 20 years experience working with both private and business sectors. “Open-souce Intelligence or OSINT isn’t a common term used in the business world; however, I can assure you it is a dynamic method of information gathering for businesses in this day and age,” said Lauth.
(Open-source intelligence is being used more frequently to protect company’s information.)
The importance of OSINT is business can’t be exaggerated. It is a matter of gathering intelligence from publicly available sources and analyzing that information for connections and actionable intelligence that would not be normally publicized. In fact, there may be information about your own company available publicly that can make it easier for someone who is considered an “insider threat” or conducting a social engineering campaign to obtain proprietary or damaging information.
“Conducting periodic OSINT for your business, assessing the risks, and addressing vulnerabilities can save a company from failure,” add Lauth. “It is a recommended and necessary action item for all successful businesses.”
OSINT is contained in company websites, reviews, Google searches, along with newspapers, geo-location data within images, company reports and other publicly available data. Often overlooked is social media. Companies and employees often provide more information to hackers or “insider threats” than realized.
Criminals can exploit easily obtained information to conduct scams or a social engineering campaign against a business. In fact, criminals use OSINT too – only for their own devious purposes.
To exploit weak links, criminals or “black hats” can spend weeks, even months researching employee email addresses, current projects, employees that manage money and monitor their social media. They will even study the way employees communicate with each other, gathering the information to create convincing phishing scams and social engineering attacks.
The information collected to conduct these criminal activities is not obtained by hacking into the company, it is obtained by gathering publicly available information.
“The trick is to stay one step ahead of the criminals,” said Lauth. “When working with clients, we ensure we identify vulnerabilities and the process is conducted effectively, efficiently and confidentially.”
The bottom line, by exercising due diligence, using OSINT, and reviewing your own publicly available information, you can protect yourself and your company.