Monthly Archives: May 2018

CDVI UK receives Cyber Essentials accreditation

CDVI UK has announced the company’s successful accreditation to the Cyber Essentials security standards. Cyber Essentials is a Government-backed and industry-supported scheme designed to help organisations protect themselves against common online threats. This set of basic technical controls assists organisations in protecting themselves against common online security threats.

This certification is consistent with the continual desire of CDVI UK to offer secured solutions and products.

CDVI UK has been working with Luke Hargreaves, managing director at Cloud Smart Solutions, to secure the company’s IT network against cyber attacks. The business now has up-to-date and operative cyber security measures in place.

CyberEssentialsLogo

The latest update of the ATRIUM web-based access control to General Data Protection Regulation standards shows that CDVI’s product development is fully connected to the latest trends in the security industry.

The CDVI Group develops products ranging from biometric and online access control solutions through to electromagnetic locking, keypads, stand-alone entrance systems and door automation.

Advertisements

Leave a comment

Filed under Risk Xtra

Spiceworks survey shows one-in-four organisations “not confident” over security of cloud-stored data

Spiceworks has published the results of a new survey examining the adoption and perceptions of cloud storage and file sharing services in businesses across Europe and North America. The results show that Microsoft OneDrive is the most commonly used service, followed by Google Drive and Dropbox (among others). The findings indicate that, although the adoption of cloud storage services has grown rapidly, a quarter of business technology buyers are still concerned about hosting company data in the cloud and are therefore prioritising security when evaluating solution providers.

According to a similar Spiceworks report issued back in March 2016, 53% of organisations were using cloud storage and file sharing services. Among those organisations, 33% were using Dropbox, 31% were using Microsoft OneDrive and 27% were using Google Drive. However, the 2016 report revealed that OneDrive had the highest planned adoption rates.

Today, 80% of organisations are using cloud storage services, while an additional 16% plan to deploy a solution within the next two years. Currently, 51% of organisations are using Microsoft OneDrive, 34% are using Google Drive and 34% are using Dropbox. Additionally, 13% of businesses are currently using Apple iCloud, 6% are using Box, 6% are using Citrix ShareFile and 3% are using Amazon Drive.

When examining adoption rates by company size, the results show that OneDrive has the highest usage in enterprises – defined as businesses with more than 1,000 employees – with an adoption rate of 59%, compared to Google Drive at 29% and Dropbox at 25%.

SpiceworksCloudSecurity

Although OneDrive also claims the top spot in SMEs, the gap in adoption rates among the top players is much smaller. For example, among mid-size businesses with 100 to 999 employees, 54% are using OneDrive, 35% are using Dropbox and 33% are using Google Drive. In small businesses with one to 99 employees, 47% are using OneDrive compared to 39% using Google Drive and 34% using Dropbox.

Security: the most important factor for service selection

Among business technology buyers involved in the purchase decisions for cloud storage services at their organisation, security was considered the most important factor when evaluating providers. In fact, 97% said that security is an important to extremely important factor followed by reliability (96%), cost (93%), ease of use (93%) and vendor reputation (89%). Conversely, technology buyers believe factors such as document collaboration (67%) and app/tool integrations (59%) still matter, but are less important.

When asked to select up to five attributes that they most associate with the top providers, 39% of business technology buyers primarily associate OneDrive with being secure, compared to Google Drive at 28% and Dropbox at 19%. Google Drive ranks the highest in terms of reliability and cost-effectiveness, while Dropbox ranks the highest when it comes to ease of use. Additionally, Microsoft OneDrive was recognised as a trusted vendor and for being integrated with existing apps/tools.

Security of data stored in the cloud

Despite the pervasiveness of cloud storage and file sharing services, some organisations are not confident in the security of their data stored within those services. In fact, 25%of technology buyers believe their data in the cloud is ‘not at all’ to ‘somewhat’ secure. This is perhaps because 16% of organisations have experienced one or more security incidents – such as unauthorised access, stolen credentials or data theft – via their cloud storage service in the last 12 months.

Therefore, organisations are taking extra steps to enhance their data security when using cloud storage and file sharing services. 57% of organisations only allow employees to use cloud storage providers approved by their IT Department, 55% enforce user access controls and 48% train employees on how to use cloud storage services properly.

However, other security measures are less common, such as enforcing multi-factor authentication when using these services (28%), putting a cloud storage/file-sharing security policy in place (28%) and encrypting data in transit (26%) and at rest (22%) via their cloud storage service.

“It’s evident organisations are putting more trust into cloud storage services, but some are still hesitant despite the recent growth in adoption,” explained Peter Tsai, senior technology analyst at Spiceworks. “Although cloud storage services often include features that help in securing sensitive corporate information, there will always be risks involved when entrusting data to a third party.”

The Spiceworks survey was conducted in April and included the views of 544 respondents. Respondents are among the millions of business technology professionals in Spiceworks and represent a variety of company sizes, including SMEs and enterprises. Respondents come from a variety of industries, including manufacturing, healthcare, non-profits, education, Government and finance.

*For more information and a complete list of survey results visit https://community.spiceworks.com/blog/3058-cloud-storage-services-who-claims-the-top-spot-among-microsoft-google-dropbox

Leave a comment

Filed under Risk Xtra, Uncategorized

Norbain set to launch “industry-first” Virtual Event on Tuesday 5 June

Norbain will be launching its first Virtual Event on Tuesday 5 June. The online event has been developed such that ‘visitors’ can benefit from all the advantages of a physical exhibition, but at a time and place convenient to them.

As is the case with a physical event, visitors will be able to keep up-to-date with the latest developments in the industry, speak with suppliers, network, watch videos and presentations and use their ‘event bag’ to take away useful resources.

In addition to being able to visit supplier’s stands, the Virtual Event will give visitors the opportunity to watch a range of presentations from industry experts focusing on the subjects of cyber security and the EU’s General Data Protection Regulation.

NorbainVirtualEvent

Mark Field, commercial director for Norbain SD, commented: “We’re continually looking for new and innovative ways in which to deliver value to the industry and facilitate the sharing of information between all parties. Although physical exhibitions and roadshows are still relevant, it’s becoming increasingly challenging to justify the time and expense involved for visitors and suppliers alike. Face-to-face networking will always be a part of our strategy, but the Virtual Event allows us to offer a very accessible alternative.”

The launch event is “just the beginning”. Norbain will be using the site across the year to run a range of events on a number of different themes, all of them focused on topics that are key to the industry. Even when the platform is not being used to run live events, it will still be available to visitors, subsequently allowing them to take advantage of a great range of resources (among them the dedicated Cyber Security Zone).

*Register for the Norbain Virtual Event by clicking here

Leave a comment

Filed under Risk Xtra, Uncategorized

ANT Telecom concludes research project on companies’ communications, lone worker and critical alert procedures

Automated communication specialist ANT Telecom has recently completed research designed to unearth a better understanding of how businesses communicate and respond to incidents in the workplace.

Within its research, ANT Telecom looked at the range of devices employees were using to communicate with colleagues, including lone workers, as well as incident reporting and response timings and the resulting impact these factors have on business continuity in the workplace.

From the variety of communications business have available to adopt, a GSM mobile solution was the most prevalent, with 76.92% confirming it as their preferred device to keep upon their person. However, the research also showed that an overwhelming percentage (71.43%, in fact) used their devices for voice only, leaving just 28.57% with the means necessary to receive real-time plant processing updates and critical alerts directly to their device.

This approach is likely to affect machine downtime and product wastages as employees cannot benefit from instant alerts if an incident occurs, which is greatly beneficial to keeping production lines and machinery running smoothly.

ANTTelecomLogo

However, real-time information is of no value whatsoever if it’s not used effectively. It’s therefore essential to assess how machine alerts could and should be used to facilitate the quickest response possible.

Machine maintenance

Machine maintenance is also a large part of a company’s communication and its impact on production was also a subject raised in the research. The majority (32%) of those who answered confirmed that it would take between zero and two minutes for an engineer to be notified if a problem occurred with a piece of machinery on the manufacturing or production site, but over 38% stated that this would take more than ten minutes, with 6% confirming it would take over 30 minutes for their business.

Those surveyed were also asked if their alert system automatically distributed machine or processing faults directly to a qualified engineer, who would then attend to the fault, and 73% answered ‘No’. Of course, manufacturing plants have been collecting alert information from machines for years. Supervisory control and data acquisition (SCADA) systems for remote monitoring and control are a standard component of any operating environment, providing a single view of equipment performance on a large screen in a Control Room.

More recently, these systems have gone mobile, offering operators and maintenance engineers alike the chance to view the red, amber and green alerts on a tablet while on, or away from, the factory floor. That’s great, but the way in which organisations respond to these alerts is still, in the main, archaic.

A red alert could prompt a generic page message to which any number of individuals may or may not respond. Alternatively, an operator viewing the red alert on the SCADA screen has to call the engineering team leader who will access a control panel to understand the true nature of the problem and only then identify and contact a team member to resolve the issue.

Impact on productivity

An overwhelming 88% of respondents felt that machine faults impacted productivity in some way, while 44.44% of those questioned thought that the time taken to detect a fault through to a qualified engineer resolving the issue could be reduced. There are numerous ways in which businesses can address this issue in a proactive manner.

Direct integration between a communication system and a control panel, for example, provides immediate information about the nature of the fault. By designing and configuring a smart workflow, it then ensures the communication system automatically contacts the most relevant team, such as electrical engineering specialists, thereby eliminating a number of time-consuming manual steps. Once the designated team member has received the notification, they can confirm their attendance and, critically, provide updates on the repair resolution.

The results of this research highlight some prominent issues for businesses that must be addressed and acted upon accordingly. In an era where increasing regulatory scrutiny is matched by rapid advances in disruptive innovation, there can be no excuse for companies who fail to take advantage of the best available technology. To optimise such technology, it makes sense to partner with a trusted expert, evaluate your exposure and plan for a safer and more connected future.

Leave a comment

Filed under Risk Xtra

Belfast door supervisor prosecuted for working without SIA licence

On 15 May at Laganside Magistrates Court in Belfast, Gareth Henry was prosecuted by the Security Industry Authority (SIA) and found guilty of working without a licence.

The SIA was alerted to Henry’s behaviour last October by the Police Service of Northern Ireland (PSNI). They had received reports of Henry using excessive force at a bar on Dublin Road in Belfast. SIA investigators visited the venue where Henry worked and found that he was working without a licence.

The investigators discovered that Henry had previously held a licence, but that it had expired in 2013. He was cautioned for working without a licence in 2016 by the PSNI and in response submitted an application to the SIA, which was refused. At this point, Henry changed jobs.

Print

In December, SIA investigators interviewed the general manager at the bar where Henry was working. Further enquiries revealed that Henry had been working at the bar for over a year. When SIA investigators interviewed Henry, he admitted to working without a licence. The SIA consequently prosecuted him.

Laganside Magistrates Court found Henry guilty. He was ordered to pay a fine of £250, fixed costs of £92 and an offender’s levy of £15

SIA criminal investigations manager Pete Easterbrook said: “The SIA exists to protect the public. Our licensing regime is designed to ensure that those individuals who may represent a risk to the public are not able to work lawfully in the security industry.  The fact that this case was brought to our attention through an allegation of excessive force only serves to highlight the risk posed to the public through the use of unlicensed security operatives.”

Easterbrook concluded: “Despite having been previously cautioned for working without an SIA licence, Gareth Henry continued to work as a door supervisor and took steps to avoid being detected. This prosecution serves as a reminder that undermining the safeguards provided by regulation is entirely unacceptable. Those doing so can expect to be brought before a court.”

Leave a comment

Filed under Risk Xtra

Prestigious Gold Award bestowed upon STANLEY Security by RoSPA for commitment to Health and Safety issues

In recognition of continuous improvement and achieving its ‘Zero Harm’ vision, STANLEY Security has been presented with the Gold Award by the Royal Society for the Prevention of Accidents (RoSPA).

STANLEY Security was selected as a Gold Award winner based on its Health and Safety documentation which proves the company takes note of incidences and then makes improvements to Health and Safety practices based on them.

The RoSPA Awards are highly-respected in the Health and Safety arena, with 2,000 entrants every year from organisations which have proven continual excellence in the workplace, demonstrating a commitment to the well-being of not only employees, but all those who interact with them.

The Judging Panel for 2018 comprised of independent Health and Safety representatives from the National Examination Board in Occupational Safety and Health (NEBOSH), Manchester and Aston Universities, the Engineering Construction Industry Association, RoSPA itself, Southern Water, the Unite Trade Union and Sainsbury’s.

Peter Walker, EHS manager for STANLEY Security, said: “It’s pleasing to know that our hard work and the dedication that we display towards Health and Safety is taken seriously not just by individuals from within STANLEY Security, but also renowned peers who have chosen to shine a light on our efforts as well. STANLEY Security has always made Health and Safety a key priority within the organisation and in regards to our customers as well.”

STANLEYSecurityRoSPAGoldAward2018

Walker went on to state: “Our RoSPA Gold Award win is not just cause for celebration for the hard work that we invest in maintaining our Health and Safety. It’s also an active opportunity to prove to our large and small clients alike our expertise and capabilities in the Health and Safety arena. We actively encourage a specific culture within STANLEY Security so colleagues know that our Health and Safety procedures and regulations have been put in place for their benefit.”

Building on its win, STANLEY Security is practising Hazard Reporting and Near Miss Reporting such that accidents are not only dealt with once they occur, but also so the causes of accidents are identified and eliminated to help prevent them from happening again. The practice comprises an assessment to identify potential hazards which may be both subtle and varied in nature.

Leave a comment

Filed under Risk Xtra

BCI publishes Manifesto for Organisational Resilience as part of Business Continuity Awareness Week 2018

Working together is the key for successfully delivering organisational resilience. This is the core concept of the Manifesto for Organisational Resilience issued by the Business Continuity Institute (BCI) in tandem with Business Continuity Awareness Week 2018.

In the new 15-page document, the BCI explains what it will do in order to deliver its vision of a resilient world. To this end, the Manifesto lists four main points:

*Research: The BCI will champion academic research and new thinking for the benefit of the practitioner community

*Global Alliances: The BCI will create a series of global and local Resilience Alliances with other like-minded professional bodies

*Best Practice Groups: The BCI will aim to utilise the ‘collective brain power’ of some of the most experienced practitioners to create practice groups in the UK, Europe, India, North America and Australasia

*Online Resilience Tool: The BCI will develop a free online tool designed to increase awareness among organisations of all sizes and across all sectors

BCAW2018Logo

In this Manifesto, the BCI provides a detailed explanation of the concept of organisational resilience (ie ‘the ability of an organisation to absorb and adapt in a changing environment’) and how disciplines should collaborate in order to achieve it.

David Thorp, executive director of the BCI, stated: “Our view at the BCI is that no organisations can claim ownership of the resilience ground. What we propose is to work with other professional bodies and membership organisations in the resilience spectrum to provide a range of benefits for the mutual gain of all of our members. Collaboration is the key to a resilient future for organisations, This Manifesto is the first step towards making that future happen.”

The BCI’s Business Continuity Awareness Week 2018 was sponsored by Strategic BCP and SAI Global.

Founded back in 1994 with the aim of promoting a more resilient world, the BCI has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organisation of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries working in an estimated 3,000 organisations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into the organisation’s education, Continuing Professional Development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools through to a full academic qualification available online and in a classroom.

The Institute stands for excellence in the resilience profession and its globally recognised certified grades provide assurance of technical and professional competency.

The BCI offers a wide range of resources for professionals seeking to raise their organisation’s level of resilience, while its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organisations the opportunity to work with the BCI in promoting Best Practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organisations, be they newcomers, experienced professionals or organisations. Further information about the BCI is available online at www.thebci.org

Leave a comment

Filed under Risk Xtra