You’ve likely heard the term Internet of Things (IoT) – but do you know what that means and if so, all of the elements it encompasses? It is a bit of an unspecific name because of its vastness. Essentially, any electronic device can be part of the IoT if it has sensors and processing capability that enable connectivity to a network.

The concept of remotely accessing almost any device from our car to our toaster oven presents a heretofore unparalleled level of convenience, but the secondary effects are complex and incalculable. Renowned global data and business intelligence platform Statista reports that there are nearly 20 billion IoT connected devices in use today. That means that in addition to the traditional computers and peripheral devices connected to the Internet, there are now 20 billion additional points of entry. Each and every one of those entities is an addition to the attack space – a potential point of compromise that a malicious actor can exploit to get a foothold into unauthorized networks. Statista also estimates that the number of IoT devices will double by 2033.

The IoT’s origins resemble the wild west. Almost every manufacturer building new electronic products is incorporating a sensor and sticking an Internet Protocol (IP) address on it so it can be accessed and controlled via cyberspace. Security, often times, is not even an afterthought, but a non-consideration. So, not only have we exponentially increased the attack surface, but we have also introduced the most exploitable pieces of infrastructure in cyberspace history. Companies prioritize production, convenience, and profit over security, and the IoT is Exhibit A.

The good news is that we are now doing more than acknowledging and admiring the problem. On Tuesday, the United States Government announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet of Things (IoT) devices. A key part of this initiative is that products receiving this credential will be labeled with an easily scannable QR code that provides critical information about the product’s cybersecurity and helpful cybersecurity guidance (like instructions how to change the default manufacturer created password).

The program is not mandatory, but its establishment is a landmark measure and step forward when it comes to IoT security. In order to achieve certification, manufacturers must submit their products for testing by one of eleven prominent companies that have been initially identified as independent Cyber Trust Mark certifiers. In their formal statement, the White House noted that products will be evaluated against established cybersecurity criteria from the National Institute of Standards and Technology (NIST). While details are still being finalized, leveraging NIST developed cybersecurity criteria as the standard going forward is a tremendous step toward better securing the IoT, and therefore, better securing any interconnected device anywhere – including the devices we leverage when handling sensitive data that adversaries are likely to seek out.

Source: The Project Spectrum Team - 1/14/25

In light of a recent federal court order, reporting companies are not currently required to file beneficial ownership information with FinCEN and are not subject to liability if they fail to do so while the order remains in force. However, reporting companies may continue to voluntarily submit beneficial ownership information reports. More information is available at https://www.fincen.gov/boi .

Sometimes cybersecurity can seem like rocket science! Wouldn’t it be nice if there was a single, easy-to-implement, easy to use tool that was really effective when it comes to ensuring network security? Well, there is such a tool, and it has been around for a long time – the Virtual Private Network (VPN). A VPN is a service that creates a secure, encrypted connection between your device and the Internet. It essentially acts as a tunnel through which your Internet traffic passes, shielding your data from prying eyes and making your online activities more private and secure.

How it Works

Encryption: When you connect to the Internet through a VPN, your data is encrypted. This means that even if someone intercepts your data, they won't be able to read it without the encryption key. This encryption protects sensitive information like passwords, credit card details, and personal communications from being accessed by unauthorized parties.
IP Address Masking: A VPN masks your real IP address by routing your Internet connection through a server in a different location. This makes it appear as though you are browsing from that server's location, not your actual physical location. This helps in protecting your identity and privacy online.
Secure Connection: VPNs establish a secure connection between your device and the VPN server. This connection is often referred to as a "tunnel," which ensures that all data passing through it is safe from eavesdroppers, especially when using public Wi-Fi networks.
Enhanced Privacy: By encrypting your traffic and masking your IP address, a VPN provides a higher level of privacy. It prevents websites, ISPs, and third-party trackers from easily identifying your online behavior and tracking your browsing habits.
 

Why It’s Important

Using a Virtual Private Network (VPN) is important in personal cybersecurity for several reasons:
Privacy Protection: A VPN encrypts your Internet connection, making it difficult for third parties – such as hackers, government agencies, or even your Internet Service Provider (ISP) – to monitor your online activities. This encryption ensures that your personal information, such as browsing history, passwords, and financial data, remains private.
Anonymity: By masking your IP address, a VPN allows you to browse the Internet more anonymously. This means that websites, advertisers, and other entities cannot easily track your location or identify you based on your online behavior.
Security on Public Wi-Fi: Public Wi-Fi networks are often unsecured, making them a prime target for cybercriminals looking to intercept data. A VPN adds a layer of security by encrypting your connection, protecting your data from being intercepted by malicious actors.
Protection from Targeted Attacks: Cybercriminals target individuals by identifying their IP addresses. By masking your IP address with a VPN, you reduce the risk of being targeted by attacks, including Distributed Denial of Service (DDoS) attacks.

If you believe that a VPN could improve your overall cybersecurity posture, or if you simply have more questions about their capabilities and functionality, our cyber advisors are here to help! Reach out to us at help@parallaxe.us with your questions about VPNs or any other cybersecurity issue.

Source: The Project Spectrum Team - 8/22/24

AMS Application

OFAC has deployed its new Sanctions List Service (SLS). SLS is now the primary application OFAC will use to deliver sanctions list files and data to the public.

SLS includes support for all OFAC legacy and modern sanctions list data files.

While certain sanctions list data are now hosted within the SLS cloud, existing links to OFAC list files remain functional through URL redirects.

The Sanctions List Service application incorporates the traditional OFAC Sanctions List Search tool which will continue to be available at https://sanctionssearch.ofac.treas.gov/.

OFAC will have more information to share in the coming days. Users in need of technical support should contact OFAC at O_F_A_C@treasury.gov.

Please take the following “due diligence” steps in determining a valid OFAC match.

If you are calling about a wire transfer or other “live” transaction:

Step 1. Is the “hit” or “match” against OFAC’s Specially Designated Nationals (SDN) list, one of its other sanctions lists, or targeted countries, or is it “hitting” for some other reason (i.e., “Control List” or “PEP,” “CIA,” “Non-Cooperative Countries and Territories,” “Canadian Consolidated List (OSFI),” “World Bank Debarred Parties,” “Blocked Officials File,” or “government official of a designated country”), or can you not tell what the “hit” is?

• If it’s hitting against OFAC’s SDN list, one of its other sanctions lists, or targeted countries, continue to 2 below.

• If it’s hitting for some other reason, you should contact the “keeper” of whichever other list the match is hitting against. For questions about:

• The Denied Persons List and the Entities List, please contact the Bureau of Industry and Security at the U.S. Department of Commerce at 202-482-4811.

• The FBI’s Most Wanted List or any other FBI-issued watch list, please contact the Federal Bureau of Investigation (http://www.fbi.gov/contact/fo/fo.htm).

• The Debarred Parties list, please contact the Directorate of Defense Trade Controls at the U.S. Department of State, 202-663-1282.

• The Bank Secrecy Act and the USA PATRIOT Act, please contact the Financial Crimes Enforcement Network (FinCEN), 1-800-949-2732.

• If you are unsure whom to contact, please contact your screening software provider which told you there was a “hit.”

• If you can’t tell what the “hit” is, you should contact your screening software provider which told you there was a “hit.”

Step 2. Now that you’ve established that the hit is against one of OFAC’s sanctions lists or targeted countries, you must evaluate the quality of the hit. Compare the name in your transactions with the name on the sanctions list. Is the name in your transaction an individual while the name on the sanctions list is a vessel, organization or company (or vice-versa)?

• If yes, you do not have a valid match.*

• If no, please continue to 3 below.

Step 3. How much of the listed entry’s name is matching against the name in your transaction? Is just one of two or more names matching (i.e., just the last name)?

• If yes, you do not have a valid match.*

• If no, please continue to 4 below.

Step 4. Compare the complete sanctions list entry with all of the information you have on the matching name in your transaction. An entry often will have, for example, a full name, address, nationality, passport, tax ID or cedula number, place of birth, date of birth, former names and aliases. Are you missing a lot of this information for the name in your transaction?

• If yes, go back and get more information and then compare your complete information against the entry.

• If no, please continue to 5 below.

Step 5. Are there a number of similarities or exact matches?

• If yes, please call the hotline at 1-800-540-6322.

• If no, you do not have a valid match.*

If you are calling about an account:

Step 1. Is the “hit” or “match” against OFAC’s SDN list, one of OFAC's other sanctions lists or targeted countries, or is it “hitting” for some other reason (i.e., “Control List” or “PEP,” “CIA,” “Non-Cooperative Countries and Territories,” “Canadian Consolidated List (OSFI),” “World Bank Debarred Parties,” or “government official of a designated country”), or can you not tell what the “hit” is?

• If it’s hitting against one of OFAC’s sanctions lists or targeted countries, continue to 2 below.

• If it’s hitting for some other reason, you should contact the “keeper” of whichever other list the match is hitting against. For questions about:

• The Denied Persons List and the Entities List, please contact the Bureau of Industry and Security at the U.S. Department of Commerce at 202-482-4811.

• The FBI’s Most Wanted List or any other FBI-issued watch list, please contact the Federal Bureau of Investigation (http://www.fbi.gov/contact/fo/fo.htm).

• The Debarred Parties list, please contact the Directorate of Defense Trade Controls at the U.S. Department of State, 202-663-1282.

• The Bank Secrecy Act and the USA PATRIOT Act, please contact the Financial Crimes Enforcement Network (FinCEN), 1-800-949-2732.

• If you are unsure whom to contact, you should contact your screening software provider which told you there was a “hit.”

• If you can’t tell what the “hit” is, you should contact your screening software provider which told you there was a “hit.”

Step 2. Now that you’ve established that the hit is against one of OFAC’s sanctions lists or targeted countries, you must evaluate the quality of the hit. Compare the name of your customer with the name on the sanctions list. Is the name of your customer an individual while the name on the sanctions list is a vessel, organization or company (or vice-versa)?

• If yes, you do not have a valid match.*

• If no, please continue to 3 below.

Step 3. How much of the listed entry’s name is matching against the name of your account holder? Is just one of two or more names matching (i.e., just the last name)?

• If yes, you do not have a valid match.*

• If no, please continue to 4 below.

Step 4. Compare the complete entry with all of the information you have on the matching name of your account holder. An entry often will have, for example, a full name, address, nationality, passport, tax ID or cedula number, place of birth, date of birth, former names and aliases. Are you missing a lot of this information for the name of your account holder?

• If yes, go back and get more information and then compare your complete information against the entry.

• If no, please continue to 5 below.

Step 5. Are there a number of similarities or exact matches?

• If yes, please call the hotline at 1-800-540-6322.

• If no, you do not have a valid match.*

* If you have reason to know or believe that processing this transfer or operating this account would violate any of the Regulations, you must call the hotline and explain this knowledge or belief.

Strong and Weak Aliases
For additional information regarding strong and weak aliases on OFAC's sanctions lists, please see the Weak Aliases following topic.

Date Released

Source: https://ofac.treasury.gov/

03/13/2013

Recent Actions Body

The Office of Foreign Assets Control (OFAC) launched a new and improved tool for searching its Specially Designated Nationals List (SDN). The new version of SDN Search provides users with much greater leeway when searching for names for the tool no longer returns only exact matches. SDN Search now makes use of character, string, and phonetic matching algorithms to provide the user with a broader set of results. This gives SDN Search the ability to account for differences in spelling and transliteration.

This upgraded version of SDN Search, previously available as a beta release, replaces the earlier version. OFAC received and reviewed feedback from the public on its new search tool. OFAC is offering this upgraded search tool free to the public to give users of the SDN List an improved search experience that will help them meet their compliance obligations.

Please see the related FAQs for additional information on algorithms, scoring, and other technical details.

SDN Search is available at http://sdnsearch.ofac.treas.gov/.