Messages to the Loss Prevention Family from Industry Leaders
 

John Matas, CFE, CFI - Macy's
Corporate Principal - Fraud & Profit Protection

An employee could have any number of motivators for stealing from your organization, but the 4 primary are: 1-Need, 2-Retribution, 3-Impulse, 4-Greed

Any employee, either currently working or returning from being unemployed, could fall into the first two motivators with the primary being obvious financial need. The second and most disturbing would be retribution against the company.

This retribution or perceived revenge will most likely be based on negative attitude against the company for being furloughed. Common sense would tell us that any theft or fraud that converts to money on the spot would be their top priority in first few weeks upon returning.  Read more
 

How Do We Safely Restart the American Economy & Maintain
Personal Privacy? It Can Happen.

By Peter Trepp
CEO & President, FaceFirst

Microsoft Proposes Privacy Controls for COVID-19 Contact Tracking, Tracing
As governments broaden use of digital technologies to stem pandemic, sensitive health and location data need to be protected, company says.

Microsoft: Preserving privacy while addressing COVID-19

Microsoft this week proposed a series of privacy measures that governments, public health authorities, industry stakeholders, and others should consider amid efforts to use new technologies for tracking people infected with the COVID-19 virus and for tracing people with whom they have come into contact.

The proposed measures include the need for organizations participating in these efforts to get meaningful consent from people before collecting or using their data; to have controls for protecting the data; and to ensure that any data that is collected is purely for public health purposes.

Microsoft also wants to give users control over where their data is stored and how it is shared. In addition, the company advocates minimal data collection and deletion of all data once the emergency has passed.

Facebook, Google, and Apple all have similar initiatives to help various government, healthcare, and other entities battle the COVID-19 pandemic. Google and Apple, for instance, are building support into their respective mobile operating systems for Bluetooth-based contact tracing apps that will allow government healthcare authorities to alert mobile device users if they have been exposed to someone with COVID-19. darkreading.com

New Platform Collects COVID-19 Threat Intelligence

Pandemic-Related Threat Feed Designed to Assist Efforts to Mitigate Risks

A group of companies, including Cloudflare and GitHub, are joining with 3,000 volunteers to collect pandemic-related threat intelligence. The group, called the COVID-19 Cyber Threat Coalition, hopes that its threat intelligence platform will help thwart cybercriminals' efforts to take advantage of the pandemic.

The platform is designed to supplement the existing defensive structures with a public threat feed, Espinosa says. It's already ingesting 100 million indicators of compromise a day.

In this video interview with Information Security Media Group, Espinosa discusses:

• What types of threats enterprises are facing as cybercriminals try to take advantage of the pandemic;

• What types of threat intelligence the COVID-19 Cyber Threat Coalition is collecting;

• How the healthcare industry is continuing to get hit by ransomware.

Espinosa, who is CEO of Security Fanatics, is spokesperson for the COVID-19 Cyber Threat Coalition. He's the co-author of the cybersecurity book "Easy Prey", a TEDx speaker and host of The Deep Dive, a syndicated radio show. govinfosecurity.com

'We were made for this': How Slack became king of the remote-work world

The workplace-productivity company became essential amid the coronavirus crisis, and in the process, rediscovered itself.

Slack made it possible for many of them to have conversations, ask questions, share information, make decisions. The platform combines the superficial simplicity of smartphone text messaging with the ability to separate and chronicle streams of workplace communication in a way that reproduces the culture of the open-plan office. The strings of messages are democratic, energizing, and also sometimes distracting. In the pandemic, Slack let the people who could keep working, keep working.

As business swerved to avoid the coronavirus, it was turning to Slack for help.

Before the pandemic, Slack counted 65 of the 100 largest public companies in the U.S. as customers, along with The Washington Post and The New York Times, and a dozen agencies of the American government (including the State Department and, reportedly, the National Security Agency). Slack had defined this new form of workplace communication and had grown in less than seven years to more than 110,000 paying customers and $630 million in annual revenue. fastcompany.com

NSA shares list of vulnerabilities commonly exploited to plant web shells

NSA and ASD issue joint advisory on detecting and dealing with web shells

The US National Security Agency (NSA) and the Australian Signals Directorate (ASD) have published a security advisory this week warning companies to search web-facing and internal servers for common web shells.

Web shells are one of today's most popular forms of malware. The term "web shell" refers to a malicious program or script that's installed on a hacked server.

Web shells provide a visual interface that hackers can use to interact with the hacked server and its filesystem. Most web shells come with features to let hackers rename, copy, move, edit, or upload new files on a server. They can also be used to change file and directory permissions, or archive and download (steal) data from the server.

In a report published in February this year, Microsoft said it detects around 77,000 active web shells on a daily basis, making this web shells one of today's most prevalent malware types.

The two agencies have now published a joint 17-page report [PDF] that contains tools to help system administrators detect and deal with these types of threats. The advisory includes:

Some of the tools mentioned in the advisory are also available on the NSA's GitHub profile. zdnet.com

New NIST Cybersecurity White Paper:
Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)
The whitepaper recommends a core set of high-level secure software development practices - called a secure software development framework (SSDF) - to be added to each software development life cycle (SDLC) implementation. The paper facilitates communications about secure software development practices amongst business owners, software developers, and cybersecurity professionals within an organization. Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. Software consumers can reuse and adapt the practices in their software acquisition processes. Read Here

Zoom Hits Milestone on 90-day Security Plan, Releases Zoom 5.0
Robust Security Enhancements Include Support for AES 256-Bit GCM Encryption

Legions of cybersecurity volunteers rally to protect hospitals during COVID-19 crisis

How COVID-19 is Influencing Cannabis Expansion
The cannabis industry is considered one of the fastest growing industries in the United States and has seen a recent development of new facilities and an expansion of state programs. However, many companies with plans to build new facilities or apply for a license this year have had to put their plans on hold due to the Coronavirus.

Investors have pulled or delayed funds to open new facilities and facilities currently in operation have had to change their operating procedures temporarily. States are having to prioritize what is important right now, which for some, is not voting on the legalization of recreational or medicinal cannabis or expanding existing programs.

Is cannabis access likely to expand?

Some believe that states that have not already, will now consider legalizing medicinal or recreational cannabis in hope of helping the struggling economy. Since cannabis has assisted states by increasing the number of jobs and increasing cash flow, this may be an option that states seek post COVID. A study by New Frontier Data also states that by "recognizing fully legal cannabis at a federal level, it could create 1.6 million jobs and contribute $128.8 billion to federal tax coffers." Read more

The Impact of the COVID-19 Crisis on Cannabis Business Insurance

For an industry that employs more than 240,000 workers in 33 states-and generated $1.9 billion in state and local tax revenue in 2019-concern is merited. The question is, will insurance play any role in trying to help cannabis retailers and cultivators weather the economic storm? The answer is complicated.

Marijuana and insurance before the pandemic

Prior to the Coronavirus pandemic, the need for a comprehensive approach to insuring various aspects of the marijuana industry was becoming increasingly critical for everyone from growers to dispensary owners, and there were signs that the insurance industry was starting to pay attention.

However, according to NCRMA chairman Rocco Petrilli, the relationship between most cannabis businesses and insurance companies-and with insurance generally-was secondary for an emerging industry more focused on other critical areas such as startup operations, funding, licensing, regulations, and growth.

"It's impossible to say what things are going to look like when we get through this and come out on the other side," says Gilligan. "The economy is getting hit hard-hopefully we recover quickly. Some industries will likely never be the same. Some won't survive. Others will thrive...and I'm optimistic that state and local governments will pave the way for the insurance industry to cover cannabis businesses moving forward." cannabisbusinessexecutive.com

Las Vegas police seize $8.6 million worth of marijuana at illegal grow house Las Vegas Metropolitan Police said they found thousands of marijuana plants worth more than $8 million at a warehouse in the northeast valley Wednesday. Police said the SWAT team located the warehouse in the 4600 block of Judson Ave., near Carey Ave. and Lamb Blvd, on April 15. While serving a warrant, LVMPD Narcotics located approximately 5,700 marijuana plants, weighing approximately 868 lbs. LVMPD estimated the street value of the marijuana at $8.6 million. fox5vegas.com

Forter publishes report on Covid-19 impact on fraud and consumer behaviour

Frausters are exploiting confusion and uncertainty, targeting increasing number of people working & shopping from home

As the pandemic sweeps across the globe, government responses have included enforced social distancing and financial support to beleaguered economies. Merchants who sell non-essential goods have responded by closing physical stores, and in some regions also their online operations. Consumers have begun to shift their purchases, even those of essential items such as groceries, online.

Increased fraud activity
As people adjust to working from home, Forter sees a marked increase in social engineering fraud. These types of frauds are associated with fake emails purporting to be from HR and corporate addresses. Here fraudsters invite people to click for more information, instead they take victims to malicious sites.

With a shift to online shopping in Apparel and Accessories, Forter sees an increase in gift card purchases. While a higher number of legitimate buyers usually means that fraud rates drop, gift card fraud rates have not. Fraudsters have noticed an increased demand of the completely virtual merchandise that is easy to monetise.

Embracing eCommerce
"With more consumers buying online, we expect merchants who hadn't considered eCommerce are now trying it," continued Reitblat. "Merchants that had already adopted eCommerce struggle to meet this increase in demand. Working collaboratively from home and hiring to meet the volume create obstacles for those who manually review transactions for fraud."

Enterprise times: What this means for business?
Last year, overall fraud attacks increased by 19% across a global scale. Security analysts expect this trend to intensify as retailers address the impact of a global pandemic. This is an interesting report which should support any enterprise face the shifting eCommerce landscape. This is particularly the case as both consumer behaviour and online frauds evolve in the current environment. enterprisetimes.co.uk

Coronavirus Lockdowns Lead to Surge in Digital Piracy
Business is booming for illegal websites hosting pirated copies since stay-at-home orders went into effect in many countries during March. Visits by U.S. and U.K. residents jumped about 31% from February to March. Numbers from residents of Germany, Portugal, Spain and India were comparable, while Italy saw the largest jump, at over 50%.

The uptick from U.S. users in March meant the 19,000 website addresses in the company's database drew 137 million page views that month.

"Organized crime groups have increased their marketing [around coronavirus]."

The top pirate sites in the U.S., U.K., Germany, France, Italy and Spain served 50% more ads to users in the first quarter compared with the previous quarter. wsj.com

Senior Job:
HelloFresh Posted Associate Director, Safety & LP in Grand Praire, TX
The Environmental Health and Safety team is seeking an experienced Associate Director of Safety & Loss Prevention to support its corporate safety, environmental compliance, security programs. In this position, you will assist the Director of Safety & Security in managing multiple projects and multiple sites, inclusive of distribution center safety, corporate safety, building security, loss prevention design, site visits, investigations, and project management, as well as drive the safety culture and compliance in multiple sites, on-board and train site Safety & Loss Prevention Managers and conduct audits as necessary. indeed.com
*Position not posted on company website.

America's most popular meal kit most 5-Star-Reviews. HelloFresh has offices on 3 continents in 9 different countries. Expected revenue of between approx. $741.9M U.S. to $768.9M. With results coming May 5th. COVID-19 impact: They have started to see a further meaningful acceleration since the latter half of March 2020, driven by increased demand due to the heightened public focus on the evolving Covid-19 pandemic. hellofreshgroup.com

Target's April Digital Sales Up 275%

Amazon could see post-pandemic food delivery boost

Visalia, CA: Large group busted for meat market theft after leaving 'trail of meat' behind
A large group of adults and minors were arrested after allegedly stealing meat from a meat market in Visalia, California. Around 4:30 a.m. Tuesday, Visalia police officers responded to a burglary at the Jalisco Meat Market. When officers arrived, they detained one adult and a boy under the age of 18, leaving the business. Officers followed a trail of meat to a nearby apartment, where they found more people that were involved. Detectives executed a search warrant at the home and found six adults and five minors connected to the burglary. Overall, 13 people were arrested for the crime. The subjects were booked on charges related to burglary, burglary during a stat of an emergency/looting, providing false information to a police officer, resisting arrest and warrants. komonews.com

Clarksville, TN: Police searching for 3 men linked to string of Lowe's robberies in mid-state
Clarksville Police are seeking assistance locating three men believed to be involved in several thefts at numerous Lowe's stores in the mid-state area. Bubbacar M. Camara, 24, has a robbery warrant on file stemming from an incident that occurred at the Lowe's on Madison Street around 6:00 a.m. on March 13, according to a Clarksville Police Department press release. Camara and his associates, Baha Hussam Abuhadba, and an unidentified white male, are also believed to be involved in several thefts from numerous Lowe's stores all over the mid-state. fox17.com

Durham, NC: Man tried stealing drills from Home Depot, threatened security officer with knife
Officers responded to a robbery call at around 1:30 p.m. on Tuesday at the Home Depot. When they arrived at the store, they were told that a man had put four power drills in his shopping cart and then tried leaving the store without paying. According to police, the suspect, identified as 47-year-old Tysean Urain Lunceford, got into a struggle with a loss prevention officer at the store when the officer approached Lunceford about the drills. During the struggle, the cart flipped over and Lunceford pulled a knife on the officer and "shoved it toward him several times," witnesses told police. The loss prevention officer was not injured in the scuffle. cbs17.com

Hopewell, NY: Two Repeat-Offenders charged with Burglary / Larceny for $370 Walmart theft