Daily Archives: 26/11/2014

Corps Security celebrates succession of major contract wins

Specialist security solutions provider Corps Security is celebrating after confirming a number of prestigious new account wins which have seen the company smash its annual sales target in the first six months of the business’ financial year.

With business confidence sweeping back into the UK security sector, Corps Security’s success mirrors the findings of a study earlier this year published by market analyst Plimsoll which found that half of the security companies questioned are increasing sales and improving profits, with a significant proportion of them delivering growth rates of up to 8%.

Corps Security’s most recent contract wins emanate from organisations in a range of diverse sectors including banking and finance and local Government, as well as a world famous art institute.

The company’s highly trained and skilled security officers have also been deployed at the Wellcome Trust’s London headquarters to protect one of the leading global charitable foundations which is dedicated to achieving extraordinary improvements when it comes to both human and animal health. Indeed, the important work conducted by the Trust currently includes enabling an international consortium to accelerate the development of an Ebola vaccine.

Peter Webster: CEO at Corps Security

Peter Webster: CEO at Corps Security

Also in the healthcare sector, Guy’s and St Thomas’ NHS Foundation Trust is benefiting from having Corps Security’s personnel as part of its on-site team. Corps Security won this contract after taking part in a competitive tender process with six other security providers, all of whom are part of the London Procurement Partnership framework.

In addition to physical security, Corps Security is responsible for supplying a range of patient supervisory services to protect doctors, nurses and patients in acute care, as well as ensuring that those individuals receiving treatment do not harm themselves. This is a particularly sensitive area and the company’s officers are given specialist training to ensure that they can operate under these types of extreme circumstances.

Fully-integrated solutions for end users

As is the case with all of its contract wins, Corps Security is able to demonstrate an ability to provide the highest levels of service and value for money. Customer feedback suggests that this is thanks to the company’s unique corporate structure and ability to develop a fully integrated solution for the end user that reduces spend and enhances protection by cost-effectively and efficiently combining the use of physical security with surveillance technology and remote monitoring.

Corps Security's dedicated Support Centre provides vital services for end user customers

Corps Security’s dedicated Support Centre provides vital services for end user customers

Nik Flytzanis, Corps Security’s business development manager, is convinced that the company’s recent success is also due to organisations across all vertical sectors recognising the importance of using specialist providers rather than those offering ‘bundled’ services.

“Security is quite unlike any other service,” said Flytzanis. “Due to our clear focus and dedication to this field, we are able to provide a comprehensive solution that always meets our customers’ bespoke needs. I’m delighted that we’re now able to offer our expertise to prestigious organisations such as the Wellcome Trust and Guy’s and St Thomas’ NHS Foundation Trust, both of whom I’m fully confident will benefit enormously from our uniquely ethical and innovative approach to service delivery.”

Nik Flytzanis of Corps Security

Nik Flytzanis: business development manager at Corps Security

Advertisements

Leave a comment

Filed under Risk UK News

UK businesses “sleepwalking” into reputational time bomb

According to research conducted by BSI, the business standards company, UK businesses are at risk of sleepwalking into a reputational time bomb due to a lack of awareness on how to protect their data assets. As cyber hackers become more complex and sophisticated in their methods, UK organisations are being urged to strengthen their security systems in order to protect both themselves and consumers.

The BSI survey of IT decision-makers1 finds that cyber security is a growing concern, with over half (56%) of UK businesses being more concerned about this issue than was the case 12 months ago. Seven-in-10 (70%) attribute this to hackers becoming more skilled and better at targeting businesses.

However, while the majority (98%) of organisations have taken steps to minimise risks to their information security, only 12% are extremely confident about the security measures they have in place to defend against these attacks.

Worryingly, IT directors appear to have accepted the risks posed to their information security, with nine-in-10 (91%) admitting their organisation has been the victim of a cyber attack at some point. Around half have experienced an attempted hack and/or suffered from malware (49% in both instances). Around four-in-ten (42%) have experienced the installation of unauthorised software by trusted insiders, while nearly one third (30%) report having suffered from a loss of confidential information.

Managing risks: key to protecting data assets

Despite confidence in the security measures they have in place, three-in-five (60%) of those organisations surveyed have not provided staff with information security training. Over a third (37%) haven’t installed anti-virus software and only just under half (49%) monitor their user’s access to applications, computers and software.

Conversely, organisations that have implemented ISO 27001 – the international Information Security Management System Standard – are more conscious about potential cyber attacks than those who haven’t (56% versus 12%). As such, 52% of organisations with ISO 27001 already implemented are extremely confident about their level of resilience against the latest methods of cyber hacking.

Maureen Sumner Smith: UK managing director at BSI

Maureen Sumner Smith: UK managing director at BSI

“The research reveals that businesses who can identify threats are more aware of them,” said Mike Edwards, information security specialist and tutor at BSI. “Our experience confirms this. We know that organisations with ISO 27001 in place can better identify the threats and vulnerabilities posed to their information security and put in place appropriate controls designed to manage and mitigate risk.”

Consumers looking to organisations that go ‘above and beyond’

As consumers are now spending more and more of their time and money online, so their vulnerability to cyber attacks is increasing. A recent survey2 showed that nearly half of consumers questioned had suffered from a cyber attack/crime event, yet only 4% have stopped using online services to reduce the risks.

Consumers are looking to companies for protection, who in turn need to safeguard themselves and their customers’ data. However, there’s an inherent lack of trust from consumers on how their data is handled by organisations, with one third of those questioned admitting they don’t trust organisations with their data.

On the other hand, there’s a level of acceptance that nothing online will ever be wholly safe, leading to a false sense of security that: ‘This will not happen to me’ among those who have not suffered from a cyber attack/crime.

Maureen Sumner Smith, UK managing director at BSI, explained: “Consumers want their information to be confidential and not shared or sold. Those who want to be reassured that their data is safe and secure are looking to organisations willing to go the extra mile to protect and look after their data.”

Sumner Smith continued: “Best Practice security frameworks, such as ISO 27001 and easily recognisable consumer icons like the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. Our research shows that the onus is very much on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.”

References
1Research interviews conducted with 200 IT decision-makers in UK businesses employing between 250 and 1,000 members of staff. Interviews carried out in October 2014 by Vanson Bourne
2Consumer research involving 1,589 UK adults. Conducted in September 2014 by Opinion Matters

Leave a comment

Filed under Risk UK News

CrowdControlHQ: “IT directors ignore social media risks at their peril”

Marc Harris (Chief Technical Officer at CrowdControlHQ) examines the issues facing IT directors from the use of social media.

Many IT directors operate their own personal Facebook and LinkedIn accounts. However, when it comes to corporate social media they pass responsibility for management of same to the Marketing Department. Are they doing so at their peril?

Let me start with the elephant in the room, namely the role of the IT director. After an extensive IT career in the media, telecommunication and technology sectors recent experience has led me to conclude that social media needs to be firmly at the top of the priority list of every IT director.

In my current role, I see at first hand the impact of reputational damage realised by both internal and external sources through the use of social media, and find it surprising how few IT directors are willing to discuss the issues or attend conferences on the subject. Perhaps they feel an unwelcome interference or ‘elbowed out’ by this new communication channel which has evolved extensively under the umbrella of marketing?

In future, the organisations succeeding in the social media space will have Marketing and IT Departments working seamlessly together to tackle the issues. The ‘DNA’ of IT makes it the most qualified department to deal with some of the risk issues that surround social media, so why isn’t it more involved?

Today, social media is being used in every aspect of business, from the Boardroom right through to the delivery of customer service. By its very nature, social media is a collective responsibility. Not surprisingly, its reliance on ‘collaboration’ has in some instances manifested itself as ‘sharing’ responsibility for posting of content… and even the sharing of passwords!

New rules now apply

I once overheard a social media officer quite gleefully boasting the fact that they had the Twitter login to hand for their company chairman. When challenged, the officer admitted that he was ‘The Chosen One’. If he was off sick that was it – no tweets or updates! Worse still, if he left the organisation he had the power to bring the place down tweet by tweet.

This is the stuff that would have kept me awake at night as an IT director, yet in a world powered by social engagement new rules seem to apply.

Marc Harris: CTO at CrowdControlHQ

Marc Harris: CTO at CrowdControlHQ

Recent research also reported that a scarily large number of employees still use the dreaded Post-It note to record their login usernames and passwords, stuck to walls, desks and even the computer screen. Apparently, we’re not coping well with the need to access everything online from social media to our weekly shop and fear our mobile devices could be pinched. We’re reverting to pen and paper, it seems.

This practice can only end in tears. There have now been too many examples of ‘rogue’ tweets, no audit trail of who posted them (or why) and organisations – who, frankly, should have known better – being left rosy cheeked, so why is this practice still so rife?

Why would an employee, with their job on the line, ‘fess up’ when they know that at least 15 other people had access to the account that day?

I also believe that few IT Departments have a handle on the number of users across their ‘official’ social media accounts, let alone a log of which password protocol they are using, how they are accessing the site or posting.

Need to look both ways

We cannot just blame the employees. Even organisations with the most robust and celebrated IT protocols let themselves down when it comes to simple issues such as data storage. I suspect very few IT directors are crystal clear about where their marketing communications teams are storing their social media campaigns, let alone harbour an understanding of the conversations from the past that they may need to reference in the future or where they keep their notes about their customers linked to these campaigns.

I would hazard a guess that many IT Departments are breaking their own compliance and governance issues when it comes to social media.

Today, there’s no need to share passwords. The social media ‘savvy’ have cottoned on to tiered password access, with both the IT and Marketing Departments having an ‘on/off’ switch to give them instant control in times of crisis. If IT is involved in the installation of a Social Media Management Solution (SMMS) they can see exactly who is plugged into the system, where accountability lies and who they need to train and develop to uphold the security protocols needed in order to keep an organisation’s reputation intact.

Within the scope of most IT budgets a SMMS will be a drop in the ocean but will address these major issues. Any smart IT director will already be looking at a SMMS if there isn’t already one in place. Such a system gives control back to the organisation. All passwords are held in one place such that accounts are not owned by individuals but by the company. The right system gives an organisation the ability to moderate content at a senior level. In turn, the risk of misuse or mistakes can be eradicated.

A SMMS also takes care of the practical management issues. I fear that some organisations are taking a step backwards in terms of their technological evolution, reverting to time-wasting, ineffective manual processing of social media (eg multiple logins to different social media platforms rather than using readily available tools for automation and effectiveness).

The message is clear. IT directors ignore social media at their peril. When it comes to corporate social engagement, it’s time for them to wake up, check and challenge.

Leave a comment

Filed under Risk UK News

Home Secretary Theresa May introduces Counter-Terrorism and Security Bill

Home Secretary Theresa May has introduced “urgently-needed legislation” which will give the UK some of the toughest powers in the world to tackle the increasing threat from international terrorism.

According to the Home Office, the all-new Counter-Terrorism and Security Bill will bolster the UK’s already considerable armoury of powers to disrupt the ability of people to travel abroad to fight, reduce the risks they pose on their return and combat the underlying ideology that feeds, supports and sanctions terrorism.

The collapse of Syria, the emergence of ISIL and ongoing instability in Iraq present significant dangers not just in the Middle East but also in Britain and across the West. Many of the 500 British citizens who have travelled to Syria and Iraq have joined terrorist organisations alongside foreign fighters from Europe and further afield.

Home Secretary Theresa May MP

Home Secretary Theresa May MP

The Bill, which will be enacted at the earliest opportunity, will disrupt those intending to travel by:

*Providing the police with a temporary power to seize a passport at the border from individuals of concern

*Creating a Temporary Exclusion Order that will control the return to the UK of a British citizen suspected of involvement in terrorist activity abroad

*Enhancing the UK’s border security by toughening transport security arrangements around passenger data, ‘No fly’ lists and screening measures

Enhancement of existing terrorism prevention and investigation measures

To deal with those returning to or already in the UK, the Government is:

*Enhancing existing terrorism prevention and investigation measures, including the introduction of stronger locational constraints and a power requiring individuals to attend meetings with the authorities as part of their ongoing management

To support those at serious risk of succumbing to radicalisation, the Government is:

*Creating a general duty on a range of bodies to prevent people from being drawn into terrorism

*Putting Channel – the voluntary programme for people at risk of radicalisation – on a statutory basis

To help disrupt the wider activities of these terrorist organisations, the Bill is:

*Enhancing vital investigative powers by requiring communications service providers to retain additional information in order to attribute an Internet Protocol address to a specific individual

*Amending existing law to ensure that UK-based insurance firms cannot reimburse the payment of terrorist ransoms

Use of these powers – which are consistent with all of the UK’s existing international legal obligations – will be subject to stringent safeguards. These include appropriate legal thresholds, judicial oversight of certain measures and a power to create a Privacy and Civil Liberties Board designed to support the work of David Anderson QC, the current Independent Reviewer of Terrorism Legislation.

Removal of terrorism-related material

The Bill will sit alongside the existing range of tools already used extensively to combat the terrorist threat, including powers to withdraw the passports of British citizens, bar foreign nationals from re-entering the UK and strip British citizenship from those who have dual nationality.

The Government is also working with the Internet industry to remove terrorist material hosted in the UK or overseas. Since February 2010, the Counter-Terrorism Internet Referral Unit has taken down more than 65,000 pieces of unlawful terrorist-related content.

Speaking about the new Bill, Home Secretary Theresa May said: “We’re in the middle of a generational struggle against a deadly terrorist ideology. These powers are essential to keep up with the very serious and rapidly changing threats we face. In an open and free society, we can never entirely eliminate the threat from terrorism but we must do everything possible in line with our shared values to reduce the risks posed by our enemies.”

The Home Secretary added: “This Bill includes a considered and targeted set of proposals that will help to keep us safe at a time of very significant danger by ensuring we have the powers we need to defend ourselves.”

Shami Chakrabarti: director of Liberty

Shami Chakrabarti: director of Liberty

Responding to the Home Secretary’s announcement that the Counter-Terrorism and Security Bill will oblige Internet Service Providers (ISPs) to retain information linking IP addresses with individual users, Liberty’s director Shami Chakrabarti commented: “There’s no problem with the targeted investigation of terrorist suspects, including where required the linking of apparently anonymous communications to a particular person. However, every Government proposal of the last so many years has been about blanket sur‎veillance of the entire population. The Snowden revelations demonstrate that they were even prepared to act outside the law and without Parliamentary consent. Forgive us if we look for the devil in the detail of this new Bill.”

Big Brother Watch director Emma Carr added: “There are key issues to be addressed with these IP-based proposals. For example, there are questions over whether or not this will be technically feasible. Proper safeguards must be introduced to ensure that these techniques are used transparently, that there’s a proper level of authorisation and that the oversight and redress mechanisms can function effectively. Also, if such a measure is introduced, time should then be allowed to ensure that its effectiveness in relation to law enforcement investigations can be evaluated with due care and transparency.”

Disruption of terrorist attacks

The National Policing Lead for Counter-Terrorism is Assistant Commissioner Mark Rowley of the Metropolitan Police Service. As far as he’s concerned, countering terrorism has for too long been thought of as the sole preserve of the police service, the security agencies and the Government.

Rowley is calling for people and businesses to be prepared to play their part in keeping the country safe. He said: “The danger posed by violent extremists has evolved. They are no longer a problem solely stemming from countries like Iraq and Afghanistan, far away in the minds of the public. Now, they are home-grown in our communities, radicalised by images and messages they read on social media and prepared to kill for their cause. The tragic murder of Lee Rigby last year was a stark warning to us all about how real and local the threat really is.”

Rowley continued: “Police officers and our partners are continuing to work 24 hours a day, seven days a week to protect the UK from a terrorist attack. So far this year we’ve disrupted several attack plots and made 271 arrests following counter-terrorism investigations, but the eyes and ears of law enforcement and other agencies alone cannot combat the threat.”

The UK’s counter-terrorism strategy CONTEST focuses on four key areas: Pursue, Prevent, Protect and Prepare. Most of the publicity around terrorism is based on Pursue and Prevent, as these involve arrests, the disrupting of actual attack plots and turning people away from extremism.

AC Rowley is keen to stress that everyone can be doing more to Protect and Prepare, ensuring security in crowded places, the monitoring of our borders and being ready to respond to a terrorist attack.

“We don’t want to scare people, but we do want them to understand the threat and be vigilant to things that are out of place or suspicious and report it to the police. We need businesses to check that their security measures are effective and train their staff to detect potential threats and, if necessary, respond to an attack.”

Metropolitan Police Service Assistant Commissioner Mark Rowley

Metropolitan Police Service Assistant Commissioner Mark Rowley

AC Rowley also stated: “Experience shows us that terrorists target busy, well-populated places to ensure that attacks have a maximum impact. Businesses, particularly those in crowded places, have an invaluable role to play in our fight against terrorists, violent extremists and other criminals. Their staff are often the first people to spot signs that something is wrong.”

The police regularly hold security events with businesses, and the Metropolitan Police Service alone gave 29 presentations during 2013 and 2014.

Since the UK terror threat level increased on 29 August, reports of suspicious behaviour have nearly doubled. This is a direct result of reporting by members of the public, and every one of those reports is investigated.

However, AC Rowley wants more members of the public to have confidence in reporting their suspicions. “Please tell us if you know or suspect something,” he urged. “Your information could save lives. We will deal carefully with all of the information passed to us and respond sensitively and proportionately.”

*The Counter-Terrorism and Security Bill is the seventh major counter-terrorism law introduced in Britain since 9/11. The Bill can be accessed here

Leave a comment

Filed under Risk UK News

Lynn Watts-Plumpkin appointed director and general manager at IQ Verify

The IQ Group – which encompasses Industry Qualifications and the Institute of Administrative Management – has announced the appointment of Lynn Watts-Plumpkin to lead the development of its new certification body entitled IQ Verify.

IQ Verify will specialise in the certification of management systems, products and services, and is in the final stages of UKAS accreditation to ISO 17021 and ISO 17065. This development will allow the IQ Group to provide both individual certification through its awarding organisation as well as organisational certification through IQ Verify. It will be the first multi-sector organisation in the UK with this capability.

Lynn Watts-Plumpkin, whose background includes significant roles at both the NSI and the SSAIB, said: “I’m delighted to be joining the IQ Group at this time, and am excited by the opportunity to lead a new certification body. IQ Verify will be distinct in its offering. The focus will be on standards associated with corporate resilience, the investigations sector and PSC-1 within the security industry. We will also be developing inspection schemes for a number of economic sectors and trade bodies. Announcements will be made over the coming months.”

Lynn Watts-Plumpkin: director and general manager at IQ Verify

Lynn Watts-Plumpkin: director and general manager at IQ Verify

Raymond Clarke, CEO of the IQ Group, said: “We’re delighted to have been able to attract a person of Lynn’s experience and ability to IQ Verify at a very important time in its development. We’ve been working towards UKAS accreditation for a year now, and have conducted a range of trial assessments in advance of UKAS approval to positive acclaim.”

Clarke added: “IQ Verify will be operational from Monday 1 December, offering inspections to BS 102000 (Investigative Services), ISO 27001 (Data Security), ISO 31000 (Risk Management) and ISO 22301 (Business Continuity). We will be offering PSC-1 and ISO 9001 from January, by which time we expect to have obtained full UKAS accreditation.”

*For further information on the work of Industry Qualifications visit: http://www.industryqualifications.org.uk/

Leave a comment

Filed under Risk UK News

Security boss sentenced for deploying unlicensed security officers at luxury development

A security boss has been sentenced for providing unlicensed security officers to a prestigious housing development in Prestbury, Cheshire.

Gary Ford (42) of Westall Court, Buxton in Derbyshire pleaded guilty on 11 November to three security offences. On 17 November, Ford was sentenced at Macclesfield Magistrates Court to a 12-month community order and a requirement that he completes 300 hours of unpaid work.

Macclesfield Magistrates Court awarded the Security Industry Authority (SIA) £10,000 in costs to be paid in instalments of £100 per week.

In May 2013, SIA investigators visited the site of two discreet luxury houses in Prestbury, where Ford’s company (4D Security) provided private security. SIA investigators found an unlicensed security officer on site who had been deployed by Ford.

SIA investigators again visited the site on 24 November 2013 and found a different unlicensed security officer working on the premises. The man was not licensed to conduct security guarding activities, although he did hold an SIA CCTV licence.

By law, security operatives working under contract and all door supervisors must hold and display a valid SIA licence card

By law, security operatives working under contract and all door supervisors must hold and display a valid SIA licence card

Following the visits to Prestbury, the SIA made requests to 4D Security for information under Section 19 of the Private Security Industry Act 2001. Ford failed to respond.

Nathan Salmon, investigations manager at the Regulator, stated: “This is a positive result for the SIA, demonstrating that both unlicensed and incorrectly licensed security operatives cannot be ‘hidden’ at smaller, discreet security sites. Mr Ford’s business model paid scant regard to security regulations. The SIA twice found his operatives unlicensed in the role being undertaken.”

Salmon added: “The owners of the houses in Prestbury paid Ford to provide private security. They should have been safe in the knowledge that the individuals guarding their property were trained, qualified and held the appropriate SIA licences. Macclesfield Magistrates Court considered the expense in bringing this prosecution, which is borne by correctly licensed operatives, and this has been reflected in the costs awarded to the SIA.”

Leave a comment

Filed under Risk UK News

‘How Safe is Your Business’?: Securitas shares latest solutions at security seminar

Businesses had the opportunity to discover the latest available security technologies and review their existing procedures at a recent seminar hosted by Securitas.

The seminar, entitled: ‘How Safe is Your Business?’, was held at the Stadium of Light in Sunderland on 19 November and enabled local business owners and security managers to gain an insight into current challenges, evaluate present threats and risks and learn how to mitigate them effectively.

Grainne Kelly, area director for Securitas in the North East, Cumbria and Scotland, commented: “The security marketplace has changed dramatically in recent years, with new options open to customers to ensure their premises are secure at all times. The seminar benefited from a line-up of expert speakers who were able to share their knowledge and answer lots of questions from our audience.”

Grainne Kelly speaking at the recent Securitas business seminar

Grainne Kelly speaking at the recent Securitas business seminar

Tackling metal theft

Speakers included Detective Inspector Glen Alderson from the British Transport Police (BTP), whose presentation centred on the constant threat of metal theft and the advances the BTP is making in countering the problem.

Delegates also heard from Securitas’ chief operating officer Shaun Kennedy, technical director Pete Brown and Dr Peter Speight CSyP, director of risk and consulting.

During the seminar, a range of new technology solutions were demonstrated which can be integrated with existing security packages to provide a superior solution while reducing budget.

Security workshops were also carried out which enabled delegates to discuss any potential security challenges they face.

Grainne Kelly added: “Security threats are ever-present and, with the increased terrorist threat level across the UK which now stands at ‘Severe’, we all need to be aware of the challenges our businesses face and how best to mitigate any risk. It has been a really interesting morning, and we hope our delegates have returned to work armed with new knowledge and a renewed focus on ensuring their businesses and employees are kept safe and secure.”

Leave a comment

Filed under Risk UK News