Featured Article

Is a third party’s use of encrypted email services a safeguard or a red flag?

Global organizations employ thousands of suppliers and vendors to get their business done, so they need to use the latest investigative tools of third-party due diligence (TPDD). Here we examine how we can use TPDD to discover how suspicious third parties can use email encryption services (and corresponding primary email addresses) to mask illegal activities and steal valuable data.



The new textile startup company, FabricFibre, worked with several third parties to produce their clothing lines. Its internal auditors stressed to the executives that it should conduct extensive “third-party due diligence” (TPDD) to verify the transparency and reliability of the external companies. So, FabricFibre thoroughly investigated via open sources (paid and unpaid) its more than 100 suppliers’ corporate chains, profitability, reputations, viability and other criteria.

The company, guided by savvy leaders, determined that the prospective suppliers employed email encryption services (EES), which many upright organizations use to foster anonymity and security in communications. However, criminal groups can also use EES to conceal their illicit activities and obstruct investigations. And they can link their primary email addresses to EES services to avoid detection. FabricFibre delved deeper and found that two of its suppliers had some suspicious roots. The company gave those firms a wide berth, and probably saved itself a lot of money and grief. 


For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.