Introducing AML 360° — a new approach to money laundering refresher training

Today VinciWorks released AML 360 — the perfect refresher course for users that claim to know it all. Instead of rehashing the legislation and CDD procedures, the course goes beyond the basics by engaging learners with the hot topics of the day. The interactivity and rapid pace of the course creates an immersive experience in which users take an active role in the material rather than passively consuming information.

AML 360° is geared towards lawyers or support staff who have already undertaken money laundering training and understand the subject matter. It delves into more detail and explores emerging areas such as bitcoin and the Fourth Money Laundering Directive.

The course covers eight subjects in less than 20 minutes

Demo the course

Continue reading

Protecting your business from ransomware

How would your business cope if employees were suddenly unable to access computers, files, or your network? Your customer database, emails, and that critical project due by the end of the week: all locked.

Work would be brought to a halt, I.T. would be inundated with panicked phone calls, and your communications team would be in crisis mode. You might be wiling to do almost anything to regain access to your critical files – which is why ransomware is a growing tactic for cybercriminals.

Ransomware blocks access to critical files or applications and asks users to pay to regain access. And, while in some cases it’s clear to users that they’re being held to ransom, messages often appear to come from governments, law enforcement, or even your own technical team – leading to payments made to cybercriminals.

Falling victim to ransomware creates a dilemma for businesses. Should you pay the criminals, with no guarantee they’ll restore access, or should you go public, take the hit to your reputation and finances, but at least take control of the situation?

Clearly, the best approach is to avoid falling victim to ransomware in the first place. So, with cybersecurity firms warning of increasing ransomware attacks, how can you protect your business?

As with many cybersecurity threats, the answer is a combination of security software and education practices.

1. Keep software up to date

All businesses should use software to protect them from cyber threats which could lead to ransomware infection, such as spam email, unauthorised access, unsafe websites, and unsafe files.

But installing this software is just the beginning. Cybercriminals and tech companies are locked in a perpetual race to stay one step ahead of each other in discovering vulnerabilities. With more uncovered daily, it’s crucial to keep security software updated, protecting your business from known and newly discovered vulnerabilities.

2. Train staff to be vigilant around email attachments

The most common way for computers to become infected with ransomware is through staff opening unsafe email attachments, a trend cybercriminals are increasingly creative in exploiting.

Recent examples include emails appearing to be speculative job applications with attached CVs, and documents ostensibly from the CEO or senior management; but even files attached to gobbledegook emails are opened alarmingly often.

Banning email attachments altogether isn’t feasible and antivirus software isn’t 100% effective at identifying viruses, especially when they can be hidden in seemingly innocuous files like Word documents or images. Combat this risk by training staff to recognise suspicious emails, check the email address of the sender is recognised, and to get verbal clarification from the sender if any suspicion arises.

3. Prevent access to unsafe websites and files

Another way ransomware finds its way onto your machines is when employees visit compromised websites or download unsafe files. We recommend limiting what sites staff can access so unsafe ones are automatically blocked, and only giving rights to download and install files to those employees who need them.

But even with these measures in place, employees often end up getting granted admin rights when they really shouldn’t, just for convenience’s sake, eventually resulting in cybersecurity issues.

Rectify this by making cybersecurity awareness a part of your business culture, ensuring people only have the access rights they need, and that they know what risks to look out for when browsing the web.

4. Implement a strong password policy

The above techniques are all designed to prevent cybercriminals from accessing your systems by the back door – but don’t forget to lock the front with strong passwords.

A cybercriminal would only need to determine one employee’s password to access your network and install any software they want. It could be as simple as methodically attempting to gain access with the most common passwords, words from dictionaries, or even using passwords seized from another site.

Prevent this by ensuring your employees understand good password practices such as ensuring passwords are hard to guess, using combinations of lower and uppercase characters, numbers and symbols, and using unique passwords for different websites.

5. Make technical support the first port of call for problems

In the unfortunate event that one of your employees falls victim to ransomware, they’re likely to be shown an error message either asking for payment, to click a link or call a phone number.

Genuine error messages would never ask for payment, nor would they include manipulative language that’s designed to incite fear in the user, and your employees should be aware of this.

If they ever receive error messages, their first port of call should always be technical support, who will be able to determine if the error message is genuine, and what action should be taken.

Introducing Human Nagware

FOR IMMEDIATE RELEASE
April 1, 2016

Introducing Human Nagware

Because sometimes email is not enough

London — Convincing people to complete their compliance training has always been a challenge. Work deadlines, client pressures and other high priority tasks all contribute to employees neglecting their online courses. However, training on topics such as money laundering, bribery and diversity is mandatory and important.

Due to compliance requirements, firms require that staff complete training, and expensive administrative resources are spent chasing non-compliant individuals. Moreover, low completion rates expose firms to regulatory sanctions.

How Nagware changed compliance

In 2011 VinciWorks improved the state of compliance training forever when it introduced its revolutionary Nagware. With Nagware firms could auto-remind employees to complete training with gently escalating reminder emails.

“Nagware was a game changer”, Howard Finger, VinciWorks’ CEO commented. “Overnight, course completions tripled. Firms were asking us to incorporate Nagware into other processes in order to increase compliance rates. To fulfil that request we developed Policy Tracker for tracking policy compliance and we integrated Nagware into the Risk Management System for control procedures. We are now looking at Nagware for the Breaches Register and the Annual PI Questionnaire.”

Nagware did not go far enough

However, Nagware did not go far enough. In a pilot programme with Local Law LLP to test the efficacy of different Nag regimens, the compliance rate never rose above 75%. Nigel Plaskitt of Local Law summed up the experiment: “We threatened, we cajoled, we sent ominous emails from the managing partner. Nothing seemed to work. There were always 15-20 people who did not complete the mandatory courses.”

The only solution was a human touch

Adam Sinclair, VinciWorks’ Director of Product was tasked with finding a solution. “We hired UX experts, social scientists, you name it; we threw every resource we had at the product. We tried iPhone apps, robo-calling and text-messaging. The best we could achieve was 85% compliance.”
Continue reading