Made with FlowPaper - Flipbook Maker
< Previoussmarter process with faster response times while maintaining anonymity for whistleblowers, leading to better and more effective investigations,” says Shannon Walker, President, WhistleBlower Security. The company’s advanced platform can direct the client through certain decisions or choices to ensure compliance to the best of their ability. WBS also provides thought leadership regarding compliance, risk management, DEI, and ESG initiatives. With WBS, if employees prefer to file a report online rather than over the phone, they can use the anonymous web- intake portal available in 26 languages. The information provided is instantly populated in the IntegrityCounts case management system, so the GRC team has full control over any reported issues. The software provides the necessary tools to analyze the data to gain deeper insights into potential instances of fraud or other misconduct, so management can make informed decisions to help mitigate risk. This provides organizations with the ability to correct any serious issues before creating risks to the company’s bottom line and reputation. “Our case management system provides deeper insight into ethics and compliance risks within the organization and enables a faster and thorough investigation of unethical behavior, bringing instances of misconduct to a close,” explains Shannon. Promoting a Healthier Workplace Culture WhistleBlower Security helps clients to create a healthier workplace that promotes a speak-up culture – where employees and stakeholders know their voice is valued and where the organization can successfully leverage this collective voice to maintain high ethical standards, foster employee satisfaction, engagement, and long-term retention. Furthermore, according to WBS, employees are the eyes and ears to uncovering misconduct in an organization. The team identified that oftentimes its employees on the front lines who know about misconduct happening, and they are the ones who bravely choose to come forward to speak up on this misconduct. The WBS call center intake specialists are trained in empathetic and investigative techniques, and this helps them be truly present for whistleblowing employees and provides comfort and a safe place to speak. Headquartered in Canada, WBS has been dedicated to safeguarding hundreds of organizations against risk and fraud globally while promoting and improving ethical work environments. WBS works with public, private and non-profits to augment, support and enhance cultures of integrity, accountability, and transparency. Walker points to an instance that highlights the company’s value proposition when they assisted a multi-billion-dollar market leader. The executives at this client company had a much higher objective than merely checking off their compliance boxes. The client’s mission was to implement a whistleblower system to ensure that anyone anywhere in the world who saw any wrongdoing could report it immediately without fear of retribution. With WBS, the result was a significant reduction of business risk by empowering employees and customers worldwide to easily and anonymously “see something and say something.”The Power of a Woman Owned Business WhistleBlower Security is Women in Business Certified, committed to championing and fostering diversity in its own workplace and in the world of ethics. Moreover, the company is the only ethics hotline services and case management provider to have attained the WBE Canada certification. Another point that makes the company stand out is that WhistleBlower Security is WEConnect International Certified, part of a community of other business owners empowering women to connect with each other and to new market opportunities. As a company, WBS always prefers to engage with and empower all employees, regardless of background, to achieve their full potential. “We are proud to be a part of this community of other business owners empowering women to connect with each other and to new market opportunities,” extols Shannon. From Inception to Innovation WBS was born out of the desire to help companies minimize risk by ensuring their policies and practices were working as intended while also giving employees a safe and confidential place to share ethics and compliance-related issues. When publicly traded companies in US and Canada were mandated to receive, review, and respond to anonymous reports, the team knew there was a new service model that needed to be built. The process took almost a year to research and design. Today Whistleblower Security is a global provider of ethics reporting services, including a 24/7/365 Global Ethics Hotline and Case Management platform. These tools foster trust, transparency and even greater productivity within the workplace. “When we initially launched WBS, we did encounter skepticism and some concern that the hotline would just become a place for nuisance calls or complaints. However, the hotline has always been a place of safety and an opportunity for people to speak up,” points out Shannon. Since opening its doors in 2005, WBS has been a pioneer in providing its cutting-edge solutions and services globally. There is a paradigm shift happening for businesses – one that looks to sustainability, the long-term value and the care and support for employees and clients. WBS is clearly placed in a great space for future growth and expansion. As part of its growth plan, WBS invests in continuous improvement and refinement of the IntegrityCounts reporting platform. With input from clients and outside experts who sit on the other Product Advisory Council, the platform has evolved from a basic intake form to a comprehensive and robust analytical tool that organizations use to identify trends, issues, and resolutions throughout their organization. WhistleBlower Security became B-Corp Certified last year and strives to be an inclusive, equitable employer and help clients become the same. This ethos may have started with Shannon but the entire team at WhistleBlower shows up every day with fresh ideas, enthusiasm and the shared goal of supporting employers and their people regardless of the industry, their size or their location. Today, the company envisions continuing its expansion and creating a global footprint. “A key focus for us is to acquire clients in the EU as the regulations there are becoming more stringent and definitive for all companies over 50 employees. Key alliances are another important element in our long-term growth plans. Aligning our product with ancillary technologies which add context, insights and support to our core offering is an important piece of the value that we bring to our clients,” concludes Shannon. WhistleBlower Security is Women in Business Certified, meaning we are committed to championing and fostering diversity in our own workplace and in the world of ethicsOne Platform. One Agent. One View. The Qualys Cloud Platform and its powerful Cloud Agent provide organizations with a single IT, security and compliance solution – from prevention to detection to response! © 2022 Qualys, Inc. All rights reserved. Try it today for free qualys.com/free-trial QUARANTINE KILL PROCESS UNINSTALL REMEDIATE13 AML Partners provides 'Award Winning' KYC, AML, OFAC, FinCEN314a, Case Management modules designed to assess, manage risk and streamline workflow. They possess extensive expertise in AML/CFT, behavioural risk, financial-services data systems, project management, and custom software design. AML Partners success is built upon providing the highest quality software in the industry that is easily adaptable in-house as customers needs evolve. T he risk landscape has been transforming tremendously fast and more notorious. Every day new risks and response strategies are around every corner. The outlines of new opportunities and new challenges for risk leaders—indeed, all organizational leaders—are already visible. The technology side includes the IT infrastructure for centralizing and contextualizing information about risk management and automating risk policy enforcement. Sophisticated threat actors are actively targeting identity and access management infrastructure, and credentials that are widely being misused. In a way, some of the modern digital propositions are fundamentally changing the risk profile of a firm. Technology-related risks, from resilience to cyber risks, may increase as heavy reliance is placed on technical infrastructure and previous manual alternatives are disbanded. Advanced risk management solutions with less human interaction – both internally and with customers are becoming part of the new trend. Artificial intelligence and Machine Learning enabled solutions are the differentiators today. Such solutions analyze data and collects inputs from external sources to precisely predict the ongoing risk landscape. As the industry is filled with a lot of noise and a huge array of solutions creating a gap between the best and the right solutions, businesses need a guidance or a review to find the right partner that fits the exact requirements. This is where GRC Outlook Magazine is creating a difference with our “Top 10 risk management solution providers 2022” edition. In this special edition, we’ve featured some of the most innovative and out of the box solution providers who are creating a wave in the industry. Arctic Intelligence provides risk assessment technology to calculate and present firm-wide risk profiles, identifying and highlighting high-risk areas and control gaps or weaknesses in financial crime. The company’s solutions, risk methodologies, and models have been developed by industry experts with years of experience managing financial crime risk and compliance functions and implementing compliance frameworks. Frank Cummings Co-Founder & CEO Management Location Website amlpartners.com Concord, NH Darren Cade, CEO Management Location Website arctic-intelligence.com Sydney, NSW SOLUTION PROVIDERS 2022 TOP RISK MANAGEMENTBugcrowd is the leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world. Today’s enterprise demands a proactive approach to cybersecurity—and Bugcrowd offers the only solution that orchestrates data, technology, and human intelligence to expose blind spots. The Bugcrowd Security Knowledge Platform enables businesses to do everything possible to protect their organization, reputation and customers with products like Bug Bounty, Pen Testing-as-a-Service, and more. ClearRisk provides a full suite of integrated, cloud-based software solutions for claims, incident, vendor, and fleet management for organizations looking to streamline their risk management process and drastically reduce insurance claims cost. By implementing ClearRisk’s highly automated solutions, their customers are able to allocate their resources to analytical, high ROI initiatives, rather than spending hours collecting, organizing and entering data. Which Reduces their customers insurance and claims cost by 40-55%. Conquest Cyber is a mission-driven, Special Operations-led integrated cyber resiliency software company created to address the reality that cyber risk is business risk. Originally established to address digital transformation challenges in enterprise, Conquest refocused on secure digital transformation and cyber resiliency. This led to the deployment of their flagship product ARMED and cemented their place on the front lines – creating a competitive advantage for our customers. Cybrella leverages the most advanced techniques and proven best practices to safeguard your organization from cyber threats. Cybrella is a provider of high-level cyber protection solutions for SMBs, large enterprises and governmental agencies. Specializing in delivering technology-agnostic third-party and proprietary solutions tailored to specific customer requirements, they provide cutting-edge cyber risk management, cyber training, and holistic cloud security services. Casey Ellis Chairman, Founder & CTO Management Location Website bugcrowd.com San Francisco, CA Craig Rowe Co-Founder & CTO Management Location Website clearrisk.com St. John's, Newfoundland Jeffrey J. Engle Chair & President Management Location Website conquestcyber.com Nashville, TN Alon Mantsur CEO Management Location Website cybrella.com Newton, Massachusetts SOLUTION PROVIDERS 2022 TOP RISK MANAGEMENTFerret is an AI platform architected from the ground up to empower companies and individuals with real-time, unbiased intelligence to identify risks and embrace opportunities. Leveraging cutting-edge AI and more than hundreds of thousands of global data sources, Ferret provides information — once only available to the financial industry — to all types of professionals, from angel investors to business leaders, making transparency the new norm. SafePaaS is a complete information risk management platform. SafePaaS allows users to securely access, process, and monitor information on any device, from any source. SafePaaS is the solution for secure, rapid, and trusted information management in the cloud and on-premise applications. SafePaaS is a leading global provider of risk management solutions that help organizations efficiently monitor internal controls, intelligently manage risks, and optimally execute business processes to gain strategic advantage. WhistleBlower Security is the only B Corp, WEConnect International, and WBE Canada Certified company that helps organizations maintain company-wide cultures of open and collaborative communication. The company provides tools to promote anonymous ethics reporting and powerful case management. Resilience offer cyber insurance policies with a high level of personal service, market-leading coverage, and bespoke security solutions; available exclusively through their limited distribution network. Backed by the financial strength of their A+ rated capacity partner, Resilience is proud to combine comprehensive in-house claims expertise with their proven security leadership throughout the lifecycle of a policy. Robert Loughan Co-Founder & CEO Management Location Website ferret.ai Santa Monica, CA Mario Vitale President Management Location Website resilienceinsurance.com San Francisco, CA Adil Khan CEO Management Location Website safepaas.com Dallas,TX Shannon Walker, President ManagementLocation Website whistleblowersecurity.com West Vancouver, BC SOLUTION PROVIDERS 2022 TOP RISK MANAGEMENTARCTIC INTELLIGENCE Transforming Risk Assessment Techniques H istorically risk assessments have been subjective, inefficient, slow, and infrequent. Moreover, they are the cornerstone to any robust risk and compliance framework. Most GRC platforms do not provide the “know-how” or the content or the data-driven approach, resulting in organizations defaulting back to spreadsheets – until now. Bridging this gap is Arctic Intelligence, a company that provides the technology to calculate and present firm-wide risk profiles, identifying and highlighting high-risk areas and control gaps or weaknesses to manage financial crime vulnerabilities. In a nutshell, Arctic is a RegTech pioneer in providing a digitized risk assessment platform, expert content, and the “how” for organizations to assess their risks and controls effectiveness. Instead of traditional risk assessment methods, businesses can utilize the Arctic’s advanced risk assessment platform. The company has combined industry knowledge and practice with innovative smart workflows to simplify the risk assessment process resulting in increased efficiency and effectiveness. “Organizations can leverage our specialist content risk modules and ratings or customize or upload their own content for AML/BSA, bribery, corruption, fraud, sanctions, modern slavery, human and wildlife trafficking, and country risk ratings based on relevant regulations and guidance. We monitor for changes and update our templates and ratings regularly creating a community of organizations using a best practice approach,” begins Darren Cade, CEO. Arctic’s innovative solutions disrupt the traditional spreadsheet-based risk assessment method and enable risk and compliance professionals to easily obtain information from and track progress across the business. Administrators can also customize or leverage modules/risk ratings designed with leading industry practitioners which produce board-level reports using the data-driven inputs, while calculating risk ratings in real-time. The output from the platform presents the findings clearly and helps customers to understand the risks and demonstrate their compliance. Arctic Intelligence’s intrinsic value is creating a simple solution to a global problem. Risk management requires multiple lines of defense to combat risk domains such as financial crime and modern slavery. By implementing Arctic’s proprietary award- winning technology, organizations can simplify the risk assessment process. Risk methodologies and risk ratings have been trialed and tested by leading institutions across the world. “We are different from the rest – not just a library of risks for someone to subjective rate but a methodology to calculate a risk score based off data from the organization. We are transforming how risk assessments are performed and our solutions will enable faster, more efficient, more robust, and more frequent outcomes,” says Cade. Since opening its doors in 2017, Arctic has been providing solutions that offer business-wide risk profiles based on answers and data points provided by the organization. The team also enables organizations to assess separate entities, divisions, products, channels, third parties, etc – whatever level they need to assess. Thus, providing Arctic with a unique data set which customers can use to benchmark against their industry. The company’s SOLUTION PROVIDERS 2022 TOP RISK MANAGEMENTWe are transforming how risk assessments are performed and our solutions will enable faster, more efficient, more robust, and more frequent outcomes Darren Cade, CEO annual benchmark report, a mix of qualitative and quantitative data, is due to be released in May 2022. A public version of the report will be available with a subset of this data. Today, Arctic Intelligence is scaling across the UK, North America, and APAC. “Our risk assessment solution continues to evolve from customer and market demands and our available content now boasts 8 financial crime risk domains. We are also strengthening our partner ecosystem and strategic alliances with local consultants and financial crime specialists across the globe,” concludes Cade. GOVERNMENT IT ADMINISTRATORS SHOULD THINK ABOUT HOW THEY CONTROL THESE FEATURES AND WHICH RELATES TO SECURITY RISK By Bill Anderson, President, CIS Mobile F or government agencies, managing mobile devices is as much about protecting the user as securing the data. Unfortunately, while government employees on critical missions should be able to maintain complete control over location services, modems, and sensors, most user actions do little to eliminate the electronic breadcrumbs left behind by off-the-shelf, commercial devices. Android phones, for example, often use wireless capabilities without the user’s knowledge or understanding. Even if features like Wi-Fi or Bluetooth are clicked off, Android will default to turning them back on to detect the device location without notifying the user. The Defense Information Systems Agency (DISA) has determined that even when location history has been fully disabled, Google continues to collect location data for mobile devices. While these breadcrumbs can lead to phishing attacks or spam phone calls for the average mobile phone user, they can represent a clear and present danger not only for government information that demands security, but also for the government users themselves. The insights foreign adversaries can glean from the data generated by mobile devices potentially can provide a pervasive and low-cost way of identifying government workers, as well as their work and personal activities, which in turn can be used to target their devices and subvert or extort them. For its part, the government has tried several solutions that probably seemed like a good idea at the time, but ultimately failed. One common solution has been to eliminate consumer-grade devices entirely by equipping workers with custom-built mobile devices. This approach has consistently fallen short, however, for numerous reasons, among them: • The user experience left much to be desired. • User couldn’t access their favorite apps so they still carried Bill Anderson, President Insights19 personal devices for work, completely undermining the reason for creating custom- built devices in the first place. • Government devices’ conspicuous appearance makes them stand out in the crowd, putting both the information they contain and their users at risk. • Long design and implementation cycles render such devices obsolete, often before they are even released. • Such devices are extremely expensive when compared to the cost of consumer smartphones. Another potential solution, mobile device management (MDM) systems, have proven to be effective for managing enterprise devices, but lack the capabilities needed to protect government workers. Such devices can only use the MDM application programming interfaces (APIs) provided by the operating system (OS), and it’s the operating system itself that can’t be trusted on commercial devices. In many cases, it’s the services and core apps running on the OS that are collecting and retransmitting information about the user location, user activity, applications, and more. Finally, the Mobile Device Fundamentals Protection Profile (MDFPP) developed by the National Information Assurance Partnership (NIAP) has often been used to certify devices for government use. While conformance to MDFPP does provide strong protection against data loss, it does little to address the broader threat stemming from the breadcrumbs these devices leave behind. It also doesn’t contemplate real use case requirements, such as covert use or the use of mobile phones in sensitive or secure facilities. NIAP-certified devices also have no answer to the issue of mobile ad tracking, big data, and analytics. Given the relative failure of these solutions, many experts believe government agencies have little choice but to either completely prohibit workers from using mobile phones or simply accept the fact that security risks are likely to be present – neither of which is tenable. A much better strategy may be to modify the mobile device as needed, while maintaining the functionality and attributes that make it great in the first place. To provide verifiable control over access to device interfaces and location, and ensure that leaky apps such as social channels don’t communicate when you don’t want them to, government agencies must have the ability to do four things: override the device’s built-in data collection capabilities; control device tracking of user location and activities; limit ad tracking codes; and disable Wi- Fi and Bluetooth at certain times. To do that, modified smartphones must include: a boot procedure which verifies the authenticity and integrity of each successive step in starting the phone; operating system controls that can be used to prevent access to user applications and third-party services without authorization; a customer- controlled policy management system capable of applying changes to devices already in the field; regular security updates which can be distributed from the user’s management system using an over-the-air secure update mechanism; and administrative control to prevent tracking of user activity, contacts, location, calls, and other data generated on the smartphone. Without a doubt, mobile devices are highly effective, almost essential tools for worker productivity. But for those government agencies and their employees who regularly deal with high security situations, they can also represent a significant threat that jeopardizes both the integrity of the information they contain and the lives of those using them. With security on the line, government agencies must make certain employees’ devices have been modified in a way that guarantees absolute control over both access and the various signals those devices may be sending, with or without your knowledge or permission. Next >