Posts Tagged :

Guest Blog

Five top technology trends set to impact the security sector in 2020

960 640 Guest Blog

As existing technologies reach maturity and innovations make the leap from consumer applications to business (and vice versa), it’s imperative that we constantly seek to find those that have the potential to add value to our own business and those of our customers. As we look ahead to 2020, Johan Paulsson, CTO, Axis Communications has identified five trends that will have an impact on the physical security industry…

  1. The world on the edge
    We are seeing a growing momentum towards computing at the ‘edge’ of the network[1]. More of the devices that are connected to the network require or would benefit from the ability to analyse received data, make a decision and take appropriate action. Autonomous vehicles are an obvious example. Whether in relation to communications with the external environment or through sensors detecting risks, decisions must be processed in a split second. It is the same with video surveillance. If we are to move towards the proactive rather than reactive, more processing of data and analysis needs to take place within the camera itself.
  2. Processing power in dedicated devices
    Dedicated and optimised hardware and software, designed for the specific application, is essential with the move towards greater levels of edge computing. Connected devices will need increased computing power, and be designed for purpose from the ground up with a security first mindset. The concept of embedded AI in the form of machine and deep learning computation will also be more prevalent moving forwards.
  3. Towards the trusted edge
    Issues around personal privacy will continue to be debated around the world. While technologies such as dynamic anonymization and masking[2] can be used on the edge to protect privacy, attitudes and regulation are inconsistent across regions and countries. The need to navigate the international legal framework will be ongoing for companies in the surveillance sector. Many organizations are still failing to undertake even the most basic firmware upgrades, yet with more processing and analysis of data taking place in the device itself, cybersecurity will become ever more critical.
  4. Regulation: use cases vs technology
    Attitudes towards appropriate use technology cases and the regulations around them differ around the world. Facial recognition might be seen as harmless and even desirable. However, when used for monitoring citizens and social credit systems it is regarded as much more sinister and unwanted. The technology is exactly the same but the case is vastly different. Regulations are struggling to keep pace with advances in technology. It’s a dynamic landscape that the industry will need to navigate, and where business ethics[3]will continue to come under intense scrutiny. 
  5. Network diversity
    As a direct result of some of the regulatory complexities, privacy and cybersecurityconcerns, we’re seeing a move away from the open internet of the past two decades. While public cloud services will remain part of how we transfer, analyse and store data, hybrid and private clouds are growing in use. Openness and data sharing was regarded as being essential for AI and machine learning, yet pre-trained network models can now be tailored for specific applications with a relatively small amount of data. For instance, we’ve been involved in a recent project where a traffic monitoring model trained with only 1,000 photo examples reduced false alarms in accident detection by 95%.

[1] https://en.wikipedia.org/wiki/Edge_computing

[2] https://www.axis.com/blog/secure-insights/privacy-security-industry/

[3] https://www.axis.com/en-gb/newsroom/article/ethics-trust-security-value-chain

Hacking

GUEST BLOG: Combatting the threat of accidental insider data leakage

960 640 Guest Blog

By Andrea Babbs, UK General Manager, VIPRE SafeSend

Cybercrime has rapidly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses rising by more than 50% in the last year alone.

While most corporates have made significant efforts to invest in cybersecurity defences to protect their organisations from the outside threat of cybercrime, few have addressed the risk of breaches that stem from the inside in the same way. Insider threats can come from accidental error, such as an employee mistakenly sending a sensitive document to the wrong contact, or from negligence such as an employee downloading unauthorised software that results in a virus spreading through the company’s systems. 

We’re all guilty of accidentally hitting send on an email to the wrong person, or attaching the wrong document; but current levels of complacency around email security culture are becoming an ever greater threat. Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an inside threat. 

So where does the responsibility lie to ensure that company data is kept secure and confidential? 

According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. With employee carelessness and complacency the leading causes of data breaches – understandable when human error is inevitable in pressured working environments – there is clearly a lack of awareness and training. And while there is an obvious and urgent need for better employee education, should IT leaders not be doing more to provide the tools that take the risk of making accidental mistakes out of employees’ hands?

With simple technology in place that provides an essential double check for employees – with parameters determined by corporate security protocols – before they send sensitive information via email, accidental data loss can be minimised and an improved and proactive email securityculture achieved. In addition to checking the validity of outbound and inbound email addresses and attachments – thereby also minimising the risk of staff falling foul of a phishing attack – the technology can also be used to check for keywords and data strings in the body of the email, to identify confidential or sensitive data before the user clicks send.

In order for organisations to limit the number of insider data breaches, it’s crucial for employees to understand the role they play in keeping the company’s data secure. But in addition to supporting employees with training, deploying an essential tool that prompts for a second check and warns when a mistake is about to be made, organisations can mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. 

Email is arguably the key productivity tool in most working environments today; placing the full burden of responsibility for the security of that tool on employees is both an unnecessary overhead and, increasingly, a security risk. In contrast, supporting staff with a simple, extra prompt for them to double check they aren’t mistakenly sharing confidential data raises awareness, understanding and provides that essential security lock-step – before it’s too late. 

Seven security tips for SMEs that won’t break the bank

960 640 Guest Blog

When you set up your own business, you want to do everything you can to protect it. It’s your baby, after all. With so many threats out there, both on the internet and in the real world, you’ll want to spend every pound you can to wrap it in metaphorical cotton wool and keep it safe. But that isn’t always realistic.

We understand that many SMEs and start-ups don’t have the biggest budgets; we know that every penny counts when you’re trying to grow a business! But we also believe that protecting your business is going to be one of your top priorities. So with that in mind, high-tech security and software specialists, Morphean, has come up with seven security tips both on and offline that aren’t going to break the bank. 

1. Protect from internal attacks

Before you start looking at your business from the outside, it’s important for you to make sure you’re protected from the inside out first. Although you may not want to consider the possibility that one of your employees would wish harm on your company, it happens more often than you think. In fact, did you know that the UK High Court saw an increase of 25% in the number of employees stealing data?

Rather than looking at all your employees with mistrust from now on, take some easy steps towards protecting yourself. First of all, conducting background checks on new starters is a standard policy to have, so don’t be afraid to implement it. Second, have the correct policies and procedures in place to ensure that certain systems and pieces of data have limited access. And finally, take a look at how your company handles dismissals. Not everyone is going to be thrilled at the idea of being let go, but being empathetic and sensitive when it does happen can greatly lessen any feelings of anger and resentment. 

2. Cyber education

When it comes to staff old and new, it’s important that everyone is educated and trained on how they can do their bit to protect your business. That goes for security both on and offline. And it’s not expensive to do!

You can start by providing training on keeping computers and devices safe. That means how to create secure passwords, how to spot phishing emails and the correct procedures to follow when using own devices or when working from home. If your business is growing, schedule regular sessions so that everyone entering is up to date, and anyone can attend for a refresher course if they need to. 

3. Update your systems

We’re all guilty of hitting ‘remind me tomorrow’when your computer suggests a systems update, but it’s more important than you think, especially if that update is for your anti-virus software. A lot of SMEs and their employees will neglect software updates, often due to having more pressing issues to deal with, but failing to stay up-to-date can actually leave you vulnerable to some of the most severe types of cyber security attacks. 

Having anti-virus software in place is fantastic and a real must-have investment for your business. Not only does it keep your device virus free, it also protects your identity when browsing online, the identity of your business, and can help to detect and neutralise fraud attempts when shopping online.

4. Store your data externally

Where does all your company information go? What happens when your computer breaks or in the event of a hack or systems failure? It’s essential that you have a current remote backup of your entire system and data, and the best way to do this is by having a cloud solution. This is stored external of your business on a cloud system where you can access it remotely and add new data as and when you need to. 

Undoubtedly this is the most expensive of our tips; good cloud storage from a trustworthy and reputable provider isn’t going to be cheap as chips, but it’s going to be one of the most important investments you’ll ever make. Your data is the lifeblood of your business, so make sure you protect it accordingly. 

5. Lock and key

Whether you’re in a building of your own or share your office with other businesses – more on this later – it’s important that you invest in strong and high quality locks. Anti-snap locks and deadbolts are good for exterior doors, and roller shutter doors for warehouses provide that extra layer of security. 

Rather than giving a key to all staff members, consider giving keys to just your senior management team, as long as you can guarantee that one will always arrive early to open the office. The fewer people have access then the security risk is lessened. And remember to instill good practices in those who do have keys; perhaps you could have an ‘end of the day’ checklist near the door that reminds people to check windows, blinds and front door locks?

Work on building a strong relationship – this costs nothing! – with your local locksmith as these are the ones you will be asking to come out at short notice should anything go wrong. 

6. Take a look outside

If you’re an SME or start-up, then chances are you’re going to be based in a larger building with other businesses. With that in mind, there may already be a number of security measures in place, which is fantastic. But if you’re in a building alone, you’ll want to make sure your premises is protected. 

How does your building look from the outside? Lights outside the building at night can be a great deterrent as criminals will like to work in the shadows for fear of being seen, and these are cheap and easy to install. Is it worthwhile investing in a CCTV system? If you’re only talking one or two cameras these don’t have to break the bank. Perhaps consider installing blinds that can be pulled down at night to stop any valuable items being seen from outside. And finally, internal lights on a timer can also be an effective deterrent and aren’t expensive at all.

7. Triple check your vendors

Our final security tip is about keeping the operations of your business safe. Many SMEs will use external providers and vendors for equipment and resources in order to function properly, but it’s important that you do your due diligence.

Make sure you check out all vendors and contractors before entering into a contract with them. Check out their reviews, speak to other businesses who use them (better yet, use recommended vendors) and take a look at their credit report; are bills paid on time? Could they go out of business soon or unexpectedly? How long have they been up and running? If anything raises a red flag, no matter how small, then don’t be afraid to take your business elsewhere. 

Image by Mabel Amber, still incognito… from Pixabay 

Continuity Planning: What the office really means to businesses

960 640 Guest Blog

Dr Sandra Bell, Head of Resilience Consulting, Sungard Availability Services

In spite of best intentions, protective measures, vigilance and forward planning, organisations will always be at risk of losing their workplace due to reasons such as fire, flood, extreme weather, or structural collapse. Likewise, even if the fabric of the buildings themselves are serviceable, access may be denied due to contamination, lack of power or water or being within a police cordon following a terrorist incident.

Regardless of what caused the issue, the result is the same – the loss of a normal place of work. It may be for just a few hours in the case of a utility outage or it may be for many months, or even indefinitely, for more severe incidents. However, what does “losing your workplace” actually mean for an organisation, and what is the best thing to do about it? 

The cost of workplace office loss to an organisation

The true cost of losing a workplace office is always greater than the actual physical loss. The loss not only means that you can’t meet the physiological and security needs of your workers to enable them to do the work that you pay them for which causes immediate operational disruption.  Butut you can also no longer coordinate and manage their activity or meet their higher-level needs such as to belong, contribute and grow, leading to lower morale and engagement.

Modern technology has, in most cases, allowed information to be disconnected from place and time, which means, with a little forward planning and investment, it is fairly straightforward to get the office occupants up and running at alternative locations such as home, hotel, rented office or a purpose built disaster recovery facility. 

However, research shows that if we fragment the workplace without paying attention to the management and coordination activity or the social and recognition needs of our workers following an office disaster, the costs can be very high indeed.

When we look at the cost of business disruption, the 2018 Allianz Global Claims Review reports that the average insurance claim for business interruption is more than $3m, almost 40 percent higher than the average cost claimed for property damage. The same research also shows that the losses are now being driven by indirect impacts such as loss of confidence in the organisation, loss of customers, fines, penalties and lawsuits – impacts that can only be mitigated by people in the disrupted organisation pulling together as a team. 

In short, the threats that have the ability to prevent a workplace operating as it should can be physical, virtual or reputational and all impacts are financial. Indeed, the largest losses are now being driven by the indirect impacts rather than the direct property damage and operational disruption requiring businesses to re-think how they accommodate the workforce in the event that they can’t access their office. 

How to reduce the impact of a workplace office loss 

The most effective way to reduce the impact of a workplace office loss is to instantaneously pick up the whole thing, people, information, management, personal knick-knacks, support structure etc. and transplant it somewhere else that is equally easy to get to and has the same feel and culture as the original. However – we are operating in the real world and things are not quite that easy.

Good physical security and building resilience such as ensuring you are not in a flood plain, have more than one power and communications links to the building etc, are a good starting point. Likewise, the Business Continuity Institute’s Good Practice Guidelines offer four basic recommendations to the loss of building and work environment, to help mitigate the immediate operational disruption, which it’s worth every business considering: 

  • Diversification: having a separate location where the activity occurs in parallel so if one location is lost the work can carry on at another location – albeit with the negative consequences of an increased workload for the undamaged building occupants and loss of activity for those who normally work from the damaged building.
  • Replication: having a separate premises that has all facilities required to undertake an activity, but it is not currently being used. 
  • Standby: a separate premises that has some of the facilities required to undertake an activity, but additional facilities will be required before the activity can be undertaken. For example, a physical premises but where an operational copy of the IT system to support the activities of the people is held in together with a backup of its data that needs to be loaded and tested with manual switching to be made live.
  • Post-incident acquisition: where suitable premises can be acquired which may or may not already have the facilities required to undertake an activity.

But, beware, there are a number of pitfalls that need to be negotiated to get the most out of these strategies.For example, many organisations have a plan that includes relying on people being able to carry out their normal activities remotely from their home. However, unless the organisation is in the fortunate position to be able to issue users with a second laptop that lives at home, you can never be sure they will be available at time of incident. Many people are not at their desks when a crisis happens, and the vast majority of people do not take their laptops home each night. Equally, does the user have sufficient and suitable space for working from home?  Likewise, is it safe? The employer still has a responsibility to ensure a safe working environment for staff even when working from home.

Alternative workplaces can also be troublesome. Do they have the right connectivity? Is it secure? Who else are you sharing the space with? Is it somewhere that you would be happy holding client meetings? 

Addressing more than just the immediate losses 

As we’ve seen above workplace offices are not simply warehouses that provide shelter and warmth to individuals who carry out their tasks autonomously. They provide a rich environment for interaction and innovation and enable efficiency by specialisation. They are designed so that the output of the whole is greater than the sum of the parts, and the mitigation of losses requires more than just alternative accommodation to be provided.

The risk environment that organisations operate in is now characterised by uncertainty, complexity and risks with adversaries and the magnitude and frequency of the losses is driven primarily by how an organisation as a whole responds rather than how they mitigate the immediate operational disruption of losing their premises in the first place.

We are finding that organisations that adopt a holistic stance and incorporate point business continuity solutions such as workplace and IT disaster recovery into a larger resilience strategy suffer fewer losses because they are able to address all aspects of the corporate culture and the loss of a workplace becomes a minor operational blip as opposed to a full blown disaster. 

Image by Michael Gaida from Pixabay

Could your most trusted employee be your biggest threat?

960 640 Guest Blog

95% of cyber security breaches are due to human error, which in reality means it could be any user, at any time. The best bit? They probably won’t even know they’re doing something wrong, but they have inadvertently just become an unintentional insider threat.

As Andy Pearch, Head of IA Services, CORVID, explains, organisations need to stop playing the blame game and pointing fingers at users when the system is compromised and instead ensure they have the right technology in place to take back control of their security defences…

Unintentional insider threats

A person becomes an unintentional insider threat when they unwittingly allow a cyber attacker to achieve their goal – whether that’s a breach of systems or information, or diverting payments to a criminal’s account. This can be through negligence or lack of knowledge, but can also be a result of just doing an everyday job.

Unintentional insider threats are particularly dangerous because the traditional methods of identifying insider threats don’t work – they don’t try to hide emails or files, because as far as they’re aware, they’re not doing anything wrong. If an attacker presents themselves as a legitimate person with the right credentials to request a change, the unsuspecting employee will probably respond exactly as the attacker was hoping.

Trusted employees have access to company-sensitive information, assets, and intellectual property, and permission to make financial transactions – often without requiring any further approval. Threat actors target these privileged, trusted people – impersonating suppliers, regulators, and known colleagues – and try to encourage them to do something they have permission to do, but shouldn’t.

Removing reliance on users

Email allows threat actors to communicate with users with almost no defensive barriers between them. Even the most diligent employee gets distracted, rushed, or slightly too tired, which is all it takes for a malicious email to achieve its objective – whether that’s clicking a link, opening an attachment, or trusting the email’s source enough to reply. Employees don’t expect to be attacked in a safe office environment but threat actors prey on this perceived safety to catch them off guard and socially engineer them into doing something they shouldn’t.

Many people think they know what a spam email looks like, but 97% of people are unable to identify a sophisticated phishing email. This is hardly surprising when considering there are, comparatively, so few highly-convincing fake emails; because they aren’t seen every day, employees aren’t always looking out for them. Then there are some methods of impersonation that organisations can’t realistically be expected to detect – for example, spotting the difference between a 1, l, and I (1, L, and i, respectively). Attackers know that employees aren’t meticulously scanning every email for tiny details like this, so they take advantage. If an organisation’s email security currently relies on users correctly identifying malicious emails 100% of the time, quite simply, their defences are going to succumb to attack.

Preventing the unintended

Research shows that 90% of organisations feel vulnerable to insider attacks, so now is the time for change. Monitoring normal access and behaviour patterns can give early warning signs of potential intentionally malicious activity, but the same can’t be said for unintentional insider threats. The attacker’s request could be comfortably within the scope of an employee’s daily duties.

The information available to users is often insufficient for them to determine whether an email is legitimate. As such, they should be suspicious and challenge requests, especially if they’re unexpected or urgent. Checks should also be put in place for a second pair of eyes to confirm certain requests before any action is taken, for example, changing payment details or making unscheduled wire transfers. If the request is for a financial transaction or asks for sensitive or personal information, phone the person who made the request (or better still, speak to them face-to-face) to confirm it’s genuine.

There is only so much humans can do. By having technology in place that alerts users to potentially malicious content and enables them to make an informed decision about an email’s nature and legitimacy before acting on it, organisations can take back control of their security defences instead of playing the blame game and pointing fingers at users when the system is compromised.

Image by Gerd Altmann from Pixabay

Shining a spotlight on in-store security

960 640 Guest Blog

Rising crime, specifically violent crime, is a concern for every retailer. Staff are well trained. Stores are alarmed and often linked to 24 hour monitoring services. But is that enough?

Real-time communication between staff is already proven to reduce shoplifting; adding instant access to security expertise provides another level of staff protection.

As Tom Downes, CEO, Quail Digital, explains, when faced with an incident, staff with wireless headsets can communicate not only with their colleagues across the store but also directly with the security experts at the monitoring service to gain essential assurance and instruction…

Violent Threat

Retailers take staff safety incredibly seriously, but how should companies respond to the latest retail crime figures from the British Retail Consortium? Not only is crime rising but attacks are increasingly violent, involving not only knives and guns but also syringes, even tasers; while threatening behaviour is also on the rise.

Of course, staff have always been well trained to deal with issues such as shop lifting and drunkenness. But with individuals now increasingly concerned about the use of violence to assist theft, or in response to a request for proof of age, should retailers still rely on an under the counter panic button? For those convenience stores often staffed by one or two people late at night, the ability to raise the alarm is clearly essential. But what happens next? A 24 hour monitoring centre will immediately alert the police and pull up the CCTV in store; these security staff may even be able to access an in store speaker system to speak directly to everyone in the store, in a bid to calm down the situation and deter the criminal.

However, such a direct approach is not always ideal, especially if there are a number of customers in store. What is required is a way for the 24 hour monitoring service to speak directly to staff – including those who might be in the stock room or on a break – to provide advice and guidance as to how best to proceed with the specific situation.

Immediate Contact

Better communication is already proven to deter crime, with retailers providing staff with wireless headsets reporting a 25% reduction in shrinkage due to petty theft.  Shoplifters are deterred by the fact that staff can immediately communicate their concerns to colleagues and gain instant support. Extending the headset communication to include a 24 hour monitoring service can deliver essential real-time support and expertise for staff when a dangerous situation occurs.

With wireless headsets, as soon as the alarm is raised, security staff can not only pull up the CCTV but also hear (and record) everything going on in store via the headset microphone. Advice can be provided to staff members on the front line, not only offering comfort during a terrifying situation but also reinforcing the training already in place and ensuring staff follow protocol to minimise their risk of being hurt.

At the same time, all other members of staff also hear everything being said, wherever they are in the store. This ensures that everyone can respond as required – from removing customers from the store to avoiding accidentally blundering in and exacerbating the situation.

In addition, just as headsets deter shoplifting, the fact that store staff are immediately in touch with security experts and, by default, the police, could also act as a deterrent to those with more violent intent.

Conclusion

Retailers have extremely robust protocols in place today to minimise the impact of crime on staff. However, the rise in violent crime has raised the stakes and it is incumbent upon retailers to reconsider the staff experience – especially in those stores with long opening hours and small staff numbers.  Given the changing nature of the threats facing staff, a real-time response is becoming ever more important not only to support, safeguard and comfort individuals during the incident but also present a far more robust deterrent.

CCTV: Are you complying with regulations?

960 640 Guest Blog

It’s exactly a year since the new General Data Protection Regulation (GDPR) came into force (May 25). CCTV surrounds us and is everywhere – on public, commercial and private premises and our homes, but is everyone complying with the Regulation that governs its use?

What’s more, is it being deployed to best effect? Andrew Crowne-Spencer, UK CCTV Manager at property services and security specialist Clearway, says it’s recent survey suggests ‘no’ to both, and those that aren’t complying are leaving themselves open to fines or complaints…

The reasons for this worrying discovery were multiple, but appeared mainly to be because the management responsible hadn’t bothered to read all the Regulations in enough detail, don’t think they apply to them, are too lazy to comply with it all or simply don’t understand them.

CCTV cameras are now a fact of life and surround us. Six years ago, the British Security Industry Association (BSIA) estimated there were nearly 6m in the country, including 750,000 in “sensitive locations” such as schools, hospitals and care homes, and there are some 15,600 on the London Underground network alone. Other estimates put the national tally far lower at 1.85m but it’s virtually impossible to clarify the figures with any degree of accuracy without checking every single property and street from Scotland to Cornwall as they are literally everywhere. 

Whichever figure is nearer the truth, that’s still a lot of cameras, which may persuade some people we live in a ‘surveillance society’, anathema to those who champion our right in the UK to privacy, freedom of speech, expression and movement. 

Like it or not, however, CCTV has become part of the modern British landscape and camera images protect businesses, homes and public property while providing police forces and security organisations with a vital tool for both deterring and solving crime. Given the increasing paranoia now about terrorism, especially in high profile buildings and travel hubs, and the development of more refined technology, one wonders just how many cameras there are watching us anywhere and everywhere?  

No doubt this prevalence contributes to the debate about balancing the use of surveillance with individuals’ right to privacy, but across the UK and EU there are now stringent GDP Regulations which cover of the use of CCTV… but just how good are organisations at complying to them?

Since our streets and buildings bristle with CCTV cameras everywhere, inside and outside, recording details and images of our comings and goings (it is estimated that the average Briton is captured on CCTV around 70 times per day) most people believe this is a small compromise to privacy necessary for improved protection from crime

However, facilities, building and security managers or property owners really need to check their compliance to Regulations is up to scratch before someone complains and they face a hefty fine. 

These days, like it or not, the public tend to accept the fact that wherever they go, inevitably they’re on someone’s camera, somewhere; it’s a fact of life and reassuring in most cases where their personal security is concerned.

However, when you think about it when you are out and about yourself, do you really see or notice advisory signs about CCTV, as much as you should? Which is what the Regulations demand. And have you any idea where all these images are stored, or if they’re deleted after a short time, or perhaps shared with other parties? Who really knows where you are going or what you are doing? 

The answer is probably not. The whole point of CCTV is security, and its deterrent factor in part, as well as recording the criminal activity to assist law enforcement bodies in detecting the perpetrators. Therefore, if trespassers or criminals don’t even realise they’re on camera, as is what we suspect in a lot of cases, what sort of useless deterrent is that? And, just how good are the images the cameras are supplying? If they’re grainy or blurred due to old or faulty equipment, or not set up correctly, that doesn’t help anyone except the trespassers or criminals. Ten years ago it was reported that 95% of murder cases investigated by Scotland Yard used CCTV footage as evidence, yet latest data suggests 80% of footage now available is of such poor quality it’s almost worthless. That apart, don’t these companies or organisations, even public sector ones, realise if they’re not properly complying with the GDP Regulation they can be penalised because of it? Sometimes to the tune of many thousands of pounds?

One year on from the introduction of the new GDPR, here are some of the key failures that came to light in Clearway’s investigation of its own extensive nationwide client and contact list:

In no particular order:

  • Failure to fit signage or keep the information on it accurate.
  • Failure to carry out a GDPR risk assessment prior to CCTV deployment.
  • Leaving DVRs (digital video recorders) unlocked or unsecured so anyone, not just designated security personnel, have access to footage.
  • Failure to ensure the lenses of CCTV cameras are not appropriately directed or are masked so that inappropriate footage is not recorded, and, if the data is shared with other parties, for example to monitor specific individuals, then innocent people are blurred out, a simple matter to deal with using appropriate modern software.
  • Having CCTV monitors which are viewable by the public.
  • Failure to have trained staff to monitor the CCTV. 
  • Leaving usernames and passwords as default settings or noted next to the equipment.
  • If the images are to be shared with other organisations, eg the police, TfL, or other security service providers, failure to manage this appropriately to conform to Regulations.

Here’s an example of what was found on one site recently – It’s a great example of common compliance failings:

  • DVR on reception desk with monitor on top  – no one at reception – someone leaned over the desktop to look at the monitor to see if their taxi was at the front door!
  • Username and password on a sticker attached to the monitor (redacted for media use)

We walked outside to find all of the CCTV signage was so worn and old that the contact details had faded away and were illegible.

Then, in a second example, there was a case of the settings on the equipment not being right, specifically the date and time were incorrect and two systems on the same site had times set 17 seconds apart. 

That might sound petty, but there was a break-in and when the intruder was arrested police showed the CCTV footage in court.  The defence barrister then asked for all camera footage to be played at the same time. 

As the intruder was seen on two systems at the same time (due to the timers not being synced) the barrister claimed the evidence was inadmissible as it was clearly inaccurate since how could the intruder be in two places at once?

Case dismissed due to lack of evidence!

The message from all this is simple. Check your CCTV systems are doing what they should and you are complying with the Regulations. Because someone, somewhere will be watching what you’redoing sooner or later.

GUEST BLOG: Top tips for hotel security

960 640 Stuart O'Brien

By 2020 CCTV

There are, of course, lots of important factors to consider to ensure a successful hotel business – but security and the safety of guests and staff is always front of mind.

Depending on which market a hotel is tapping into, there will be different ways to make the establishment stand out from the crowd. This will likely require extensive research into nearby properties and businesses to see exactly what is working and what isn’t.

However, one aspect which should be a consistent consideration for any and every hotel is safety. Here’s a brief overview of techniques and technologies that can help…

CCTV

CCTV installation is a good way to ensure guests feel safer.  However, just having a surveillance system in place isn’t enough. Be sure to constantly monitor your set-up, even if this means hiring a third-party company to do so. Certain systems also come with a voice command option, which means that if you spot any wrong-doing, you can quickly warn those involved to stop their actions. You could even use cloud CCTV storage so that you can view your property from a control room, smartphone or a tablet 24/7.

Think electric

When it comes to your electricity supply – it’s crucial to have a regular Electrical Installation Condition Report (EICR) conducted.  This is because, since your business is constantly in operation, your systems can be subject to wear, tear, corrosion and overloading. This report, which must be carried out by a qualified electrician, will ensure that the electrical appliances in each room are fit for purpose.

Electrical checks should be carried out periodically (diarise them).  Doing this will ensure you are limiting the risk of electrical shocks, fires and accidents, therefore reducing accidents in the workplace – something which is a legal requirement since the introduction of the Electricity at Work Regulations 1989.

Your gas supply

Your gas supply is another potential safety issue, and gas safety should be a consideration. Similar to your electricity supply, your gas mains and appliances should be periodically checked. The Gas Safety Regulations 1998 states that you must arrange annual gas safety checks for any appliances that are serving guest accommodation, even if it’s sited away from the guests’ rooms.

Staff should not be left out of your gas safety policy.  Make sure staff have full training in the operation of any gas appliances – and this should include spotting any obvious faults, by using visual checks.  This could include any damaged pipework or connections. While any new installations must be carried out by someone who is Gas Safe-registered, anyone can change a LPG gas cylinder or hose once they are competent to do so.

It’s also extremely important to make use of carbon monoxide and dioxide alarms.  These can signify any fault and help you avoid any catastrophes. They should give an audible alarm when levels are dangerous and should be able to automatically shut off your gas system.

Emergency response plan

Do your staff know what to do in the case of an emergency?  Hopefully it will never happen, but if there is an emergency then your staff should be fully up-to-date about what they need to do in the scenario. Regular meetings with law enforcement and emergency services should be scheduled so you have a good communication plan in place and can update it as and when required. In doing so, you can prepare your staff so that everyone is calm and knowledgeable in a worst-case scenario.

The staff uniform

An obvious one (though surprisingly not always!), adopting a staff uniform policy is important.  Not only does it help your business look professional and smart, but it also gives your guests a clear view of who they can approach about a query, and who indeed is allowed in certain areas of the business. In guest areas, knowing who members of staff are is essential. This is because it shows that your company have guests’ safety at the forefront due to staff always patrolling the areas.

Securing online data

Although physical safety is obviously important, it shouldn’t be your only safety consideration. Hotels have become a prime target for cyber attacks. According to a report by PwC, the hospitality industry has the second-highest number of cybersecurity breaches, with most of the prominent hotels in the industry having fallen victim to breaches.

Regularly update your IT systems.  Doing this will help to ensure the safety of files and information, and thereby reduce online data security risks.  You should also be making sure that backing up your data becomes a habit, so you can eliminate the risk of losing it or having it irretrievably damaged. A recommended strategy is to use a cloud service daily, have weekly server backups, and follow these up with quarterly server backups and then yearly backups.

Be vigilant with your passwords.  Remember, password security is important, just as it would be for your personal devices. Be sure to change it often and make sure you change it any time a staff member leaves to avoid any breaches.

A hotelier business is – hopefully – a busy one.  There are lots of things to consider but safety should obviously be a key consideration. It’s crucial to keep on top of the methods you are using. Following the above steps should help provide your business with insight on how to keep your guests safe.

Sources

https://smallbusiness.co.uk/four-things-to-know-before-starting-a-small-hotel-2459257/

https://www.cintas.com/ready/healthy-safety/9-ways-to-help-boost-hotel-security-for-guests-and-employees/

https://www.mr-electric.co.uk/birmingham-north/5-reasons-all-guest-houses-and-hotels-require-an-electrical-installation-condition-report-eicr/

http://www.hse.gov.uk/gas/landlords/safetycheckswho.htm

https://www.tourismtattler.com/articles/hospitality/hotels-prime-target-cyber-threats/70691

https://www.siteminder.com/r/technology/hotel-data-security/quick-tips-stay-secure-online-hotel-systems-safe/

Speakers

GUEST BLOG: Is your business playing music illegally?

960 640 Stuart O'Brien

By John Hannen, Digital Marketing Executive, MediaWorks

You’ve probably seen the latest advert from PRS – it’s usually played before films in the cinema, which starts in a barber shop – proceeding to cover a range of locations where music is played to the general public.

However, what the advert highlights is that more often than not, music is played illegally, and most of the time you won’t notice that this is happening. If you’re playing music to the general public, then it’s important to know the rules around this (often difficult to understand) part of the law. Together with specialist PA system installers GPS Installations – we have produced this go-to guide for anyone who is unsure when playing music in a public space.

Why do I need a music license?

Music licenses, and the law surrounding them, is based around the Copyright, Designs and Patents Act 1988. Within this document, it is stated that anyone who makes use of copyright music in public must first obtain the permission of every writer and composer for the music they intend to play.

How do I know if my business needs a local license?

There are many different scenarios when playing music is considered a public performance. These include playing music through a set of computer speakers – on a CD player, on a television, or through a radio station broadcast.

The collecting society PRS for Music represents around 10 million songs from a variety of different genres – so, there’s a good chance that you’ll be playing a song from their own database.

Take note that the music industry considers these types of venues when evaluating whether music has been played illegally:

  • Charity and community buildings.
  • Cinema complexes.
  • Clubs (whether a social, members or night club).
  • Educational establishments.
  • Hair and beauty organisations (capturing both salons and spas).
  • Health practices.
  • Hotels, guesthouses and B&Bs.
  • Fitness, leisure and sport facilities.
  • Mobile businesses.
  • Music played when customers are put on hold during a call.
  • Offices and factories.
  • Pubs and bars.
  • Restaurants and cafes.
  • Shops and retail stores.
  • Sports grounds and stadia.
  • Across transport businesses.

Are there any exceptions?

In certain instances a PRS for Music license isn’t necessary, and these circumstances include:

  • Music that holds no copyright — this is when a rightsholder has decided that those playing their music do not need a license.
  • Copyright music whereby the rightsholder has not assigned or licensed the performing rights — in these cases, businesses will need to obtain permission directly from the rightsholder in order to make use of the music in question. Alternatively, the rightsholder may have provided the licence required to the music service provider, and this will be the place to contact.
  • Music that is out of copyright – in these instances, you can purchase sheet music of the performance and nobody legally holds the right to the musical performance.
  • Music specially written for dramatic performances — permission to perform this music will need to be requested directly from the rights holder, and examples include ballets, musicals and operas.

How much does a music licence cost?

There is no clear answer to this question. PRS for Music provides in excess of 40 different tariffs, that delve into a wide range of ways that business play music to their customers.

This has been done to ensure that the collecting society only every provides licensing tariffs that are fair to both the rightsholder and the music user alike.

We advise that you conduct thorough research before you apply for a licence, as tariff charges are both thorough and complex. There, you will be able to accurately locate the right licence for your needs.

Total Security Summit logo

Crises, CCTV and Cyber Crime top the total security summit

800 450 Jack Wynn

The global landscape has experienced a rather monumental change over the last year, with security being more relevant than ever as we go into 2017.

The first Total Security Summit of the year is determined to address these issues and uncertainties in a bespoke two-day event for security professionals.

Meet, share, connect and debate business relevant to your current and future projects with matchmade face-to-face meetings, experience a day of dining, drinks and discussion as you network with fellow business professionals and attend seminars covering a range of relevant topics.

Reaching a landmark age in political global challenges and uncertainties, it’s vital to prepare for the future, protecting crowded areas, addressing terror threats and discussing counter-terrorism is Dr Anna Maria Brudenell, Lecturer in Military and Security Studies,
Cranfield Defence and Security for the first seminar on Global Security Strategy.

As terror threats continue to rise and evolve without warning, discussing and understanding the implications is crucial to develop your security in a crisis. Chris Phillips, Managing Director, International Protect and Prepare Security Office (IPPSO) is presenting seminar 2 on Crisis Management and Communications

Video surveillance is being used in greater quantity and with higher quality expectations, with Britain among the leaders in CCTV operation, but are the benefits worth the cost? With few resources and increasing legal parameters, Simon Lambert, Independent CCTV Consultants, Lambert Associates is discussing  CCTV and Video Surveillance in seminar 3.

axis-excell-4

John Marsden, Head of Fraud, Equifax, is discussing how to identify and tackle theft as it happens, assessing risk, detecting threats and ensuring on-going training in Seminar 4: Keeping your Business’ Cash and Assets Safe and Secure

Going into your second day, and following morning networking, James Willison, Founder, Unified Security Ltd goes digital. As our dependency on technology grows, many companies are more vulnerable than ever, between data and privacy risks to ransomware, hackers are becoming more sophisticated, and businesses need to adapt quickly for Seminar 5 on Cyber Crime – the United Security Response.

With a continuing rise in companies at risk of fraud, from physical fraud to high level hacking, security needs to be tight across the board, and the final seminar before more discussion and networking addresses these fears. Fraud Prevention with David Lee, Fraud Prevention Manager, Transport for London sees the summit almost to a close.

Taking place between the 13-14 March at the Radisson Blu Hotel, London Stansted, this year’s Total Security Summit is the industry go-to for professionals.

To secure a complimentary delegate place at either of the two annual Total Security Summit events, call Liz Cowell on 01992 374 072 or email l.cowell@forumevents.co.uk.

Or, to attend either event as a supplier, call Nick Stannard on 01992 374 092 or email n.stannard@formumevents.co.uk.

For more information, visit www.totalsecuritysummit.co.uk.