Tag Archives: cyber security

BeCyberSure launches specialist EU GDPR Risk Assessment service

Information security specialist BeCyberSure has announced the launch of the “most comprehensive GDPR Risk Assessment available”. Conducted by security, risk and compliance specialists, the audit provides organisations with a definitive evaluation of their EU GDPR (General Data Protection Regulation) readiness, as well as what needs to be done to ensure compliance ahead of the 25 May 2018 deadline.

The GDPR supersedes the UK’s Data Protection Act 1998 and applies to every company that collects, processes or stores an EU citizen’s data, regardless of sector, size and geographical location. Enforcement of the GDPR is unaffected by the UK’s decision to leave the EU.

The BeCyberSure GDPR Risk Assessment is said to provide the most rigorous audit process available. The assessment is conducted on and off site by a GDPR specialist, beginning with a detailed review of company policies and governance, procedures and processes, an assessment of physical aspects (such as access to buildings and the storage of paper documents, etc.) and, if deemed necessary, an extensive digital vulnerability test. The audit also involves formal and informal (ie covert) interviews with employees as well as heads of department.

EUGDPRWeb

Carolyn Harrison, marketing director at BeCyberSure, explained that the GDPR is a company-wide issue and should not sit solely with IT.

“Our assessment begins with people, policies and processes to reveal any possible vulnerabilities that would result in non-compliance,” urged Harrison. “We then deep-dive, looking at what data the organisation is capturing, how it’s processed, what consent has been given, where it’s stored and how to dispose of all information that’s not required.” Harrison added: “The best technology in the world can be rendered useless if an open door, whether physical or digital, creates the opportunity to access to data.”

Following the audit, the host organisation is presented with a confidential Advisory Report stating what action (if any) is required to ensure GDPR compliance.

On that note, Harrison stated: “This report is invaluable in terms of benchmarking where an organisation is today, where they need to get to and the best course of action to get there. They can then choose to implement the programme of work themselves, collaborate with BeCyberSure or outsource the entire project to us.”

BeCyberSure has a senior team of GDPR auditors who have a wealth of experience with backgrounds in risk management and compliance, cyber security, policing, intelligence services and the military.

Harrison concluded: “There’s a lot of scaremongering going on about the GDPR and, while it’s true that the potential fines are eye-watering and the threat of personal liability daunting, if organisations act now, then they still have time to put the necessary safeguards in place to be GDPR-compliant. Undertaking a Risk Assessment is the first step in the due diligence process and means that organisations are not spending unnecessarily on their route to compliance.”

*For further information access www.becybersure.com

Leave a comment

Filed under Risk UK News, Uncategorized

NSI’s fourth Installer Summit proves great success for 200-plus delegates

Upwards of 200 representatives from National Security Inspectorate (NSI)-approved companies gathered to attend the NSI’s fourth national Installer Summit, held on Thursday 30 March at the Vox, the brand new state-of-the art conference centre at Resorts World on the National Exhibition Centre complex in Birmingham.

Over 50 product and business support providers filled the large exhibition hall, offering delegates the opportunity to view the very latest security technology, expand their technical knowledge and take advantage of exclusive Summit deals and offers.

NSIInstallerSummit2017Speakers

Speakers at the NSI’s 2017 Installer Summit in Birmingham

Special emphasis was placed on education this year, with ten speakers covering a range of pertinent security and fire sector-related topics over the course of the day.

Subjects in the morning plenary session included the Hatton Garden heist and lessons learned for the security sector, the Government’s perspective on cyber security (including the risks and uncertainties), an insight into Jaguar Land Rover’s award-winning corporate security strategy and the newly-launched Trailblazer Apprenticeship Standard for the security and fire business sectors.

NSIInstallerSummit2017RichardJenkinsNSICEO

The NSI’s CEO Richard Jenkins addresses the audience

In the afternoon, delegates were invited to choose from a variety of 30-minute educational sessions. These concentrated on home automation and system integration: the opportunities and risks, tips for protecting businesses against cyber attack, apprenticeships and the benefits for businesses and guidance on forging closer links with police forces.

NSI Gold-approved companies were also given an overview on the changes to the new ISO 9001:2015 Standard fromthe NSI’s expert auditors. In addition, there was a presentation about the benefits of NSI approval for automated gates and barriers, with specific emphasis on helping clients to reduce their risk and understand the business opportunities.

NSIInstallerSummit2017GraemeDow

Graeme Dow speaking at the NSI’s Installer Summit

The seven main sponsors instrumental in delivering this year’s Summit were Avigilon, BT Redcare, CSL, Fermax, RISCO Group UK, IFSEC International and Texecom. As a not-for-profit organisation, the NSI is wholly dependent on its sponsors and other exhibitors who make the event possible.

Richard Jenkins, the NSI’s CEO, stated: “We were delighted to see hundreds of delegates from NSI-approved companies attend this year’s Summit. Delegates clearly value this focused and targeted event which addressed topics specific to their needs in an effective way and in a prestigious professional environment. Like-minded industry experts are ready to share the latest developments in the sector. The feedback we’ve received so far from all participants including speakers, exhibitors and our key sponsors has been overwhelmingly positive, with many seeking to reserve their seats for next year’s event.”

NSIInstallerSummit2017ExhibitionArea

The exhibition area proved extremely popular with delegates

 

End users who choose to contract NSI-approved companies can be assured of security and fire safety services delivered to the highest standards by businesses committed to quality.  With a national network of full-time qualified auditors specialising in security and fire audits, the NSI counts the UK’s premier security and fire safety providers among its clients. The NSI provides robust auditing by experts to verify compliance with relevant British and European Standards, Codes of Practice and certification schemes developed by industry bodies and associations.

Leave a comment

Filed under Risk UK News, Uncategorized

ONVIF joins IoT Panel discussion at TechSec Solutions 2017

ONVIF, the global standardisation initiative for IP-based physical security products, has announced that it will be presenting at TechSec Solutions 2017 (which runs on 27-28 February at the Delray Beach Marriott Hotel in Palm Beach County, Florida) as part of a Panel discussion on standards, Best Practice, cyber security and the Internet of Things.

Jonathan Lewit, chair of the ONVIF Communication Committee, will be speaking on behalf of ONVIF and is be one of four panellists discussing ‘The Future of IoT: Taming Security’s Wild West’. Other speakers include Neil Lakomiak of Underwriters’ Laboratories, Mitchell Klein of the Z-Wave Alliance and Jim Coleman of Operational Security Systems. The discussion is to be moderated by Paul Ragusa, Editor of Security Systems News.

“Standards are an essential part of the conversation when considering any scenario in which disparate elements must work together to provide actionable intelligence or automation, which the Internet of Things often seeks to do,” said Per Björkdahl, chairman of the ONVIF Steering Committee. “Jonathan will bring an ONVIF perspective to the debate, shedding light on how standardisation and ONVIF specifications can build vital bridges between clients and devices and, indeed, between IP-based systems.”

onviflogo

Lewit, who also serves as director of technology leadership for Pelco by Schneider-Electric, will touch on the array of connected devices and open platforms in the market that use common communication protocols to work together, including smart homes, buildings and cities.

The speakers will examine how standards, the establishment of Best Practice, interoperability, cyber security and other trends are helping to shape the future of the physical security industry.

Lewit will be speaking on Monday 27 February at 9.30 am. For more information visit: www.tecsechsolutions.com

 

Leave a comment

Filed under Risk UK News, Uncategorized

ECA/SELECT Survey finds buildings at heightened risk from cyber attack

The use of cyber attacks is becoming more prevalent as an effective tool to disrupt both business and politics. As a result of this, within industry it’s vital that steps are taken to protect buildings and infrastructure against potential threats.

To find out the current state of play, the Electrical Contractors’ Association (ECA) and Scottish Trade Association SELECT surveyed a range of clients in November and December last year on their approach to cyber security.

The feedback received from the ‘Connected Technology Survey for Clients’ emanated from a range of respondents, including consultants, engineers, end clients, local authorities and facilities managers.

ecacybersurvey

The results show that almost four-in-ten clients (39%) don’t take any steps to protect smart installations in buildings from cyber threats. A further 49% cited the risk of hacking as a barrier to installing connected technology.

Steve Martin, head of specialist groups at the ECA, commented: “Given that ‘connected technology’ covers any technology, such as lighting or HVAC installations, this enables devices to communicate with each other over the Internet and undertake tasks. The risks from hacking are substantial.”

Currently, only 20% of the UK’s commercial buildings are considered to be ‘smart’. However, over the next four years, the global ‘Internet of Things’ market is expected to be worth over £1 trillion annually. “If we’re to keep pace with developments,” concluded Martin, “the issue of cyber security needs to be addressed as a matter of urgency.”

Leave a comment

Filed under Risk UK News, Uncategorized

James Morris MP visits Advent IM to discuss EU’s GDPR and ‘The Future of Cyber Security in the Boardroom’

On Friday 20 January, Advent IM – the holistic security consultancy – played host to a visit from James Morris MP at its Birmingham headquarters.

2018 will see the adoption of the European Union’s General Data Protection Regulation (GDPR) in the UK. Given the GDPR’s increased accountability and level of financial penalty for failure, the implications for UK businesses are clear.

Advent IM has long felt that good data protection and security hygiene starts at the top of an organisation and needs to be handled strategically.

mikegillespieadventimweb

Advent IM’s Mike Gillespie

James Morris MP visited Advent IM’s offices and Training Centre in Halesowen to discuss the GDPR and Advent IM’s new training course for senior Board members and business leaders. The training is designed specifically for director-level individuals with little or no cyber security background. The course is to be delivered by director and cyber security expert, Mike Gillespie.

Having an insight into the convoluted world of cyber security, in addition to a firm grasp of the challenges it presents to senior Board members, Gillespie plans to bring the strategic skills of business leaders to bear on high quality cyber security planning and data protection practices in order to “raise the UK’s game” from the top down.

“James Morris has always taken a keen interest in cyber security and digital development in business and recognises the need for the UK to ensure its security posture is robust,” asserted Gillespie. “With the interconnected nature of business and the digital life of commerce, small and local businesses can be holding extremely valuable information assets. They need adequate protection through their lifecycle.”

Leave a comment

Filed under Risk UK News, Uncategorized

Unwitting cyber scammers cold call industry expert at C3IA Solutions

Would-be cyber scammers made a megabyte blunder when they cold-called Matt Horan of C3IA Solutions: Horan is one of the country’s top cyber security experts. Realising the crooks were trying to take control of his computer, Horan put the call on speaker phone and asked a colleague to record it, with hilarious consequences.

After stringing out the conversation for 35 minutes – during which time he was passed to more senior ‘helpers’ as he posed as an ignorant computer user – Horan then informed the caller that he had no Internet connection.

This prompted the fraudster to use an expletive before hanging up in anger. An edited video of the call has been amusing people across social media.

Horan is keen that the video is used to help people avoid falling for cyber scams. He told Risk UK: “One of the weakest parts of any business’ cyber security is the staff. They do nothing malicious, but can easily assist fraudsters. Along with ‘phishing’ e-mails, this type of phone scam is common and can cause huge amounts of damage.”

Matt Horan, director of C3IA Solutions

Matt Horan of C3IA Solutions

Horan continued: “The caller purports to be from Microsoft or a similar outfit and informs the person who answered the call that there’s a problem with their computer. They then instruct that person to look at the computer’s ‘systems and events logs’, which is simply a log of every action taken. They tell them that this is evidence of ongoing malicious attacks. After that, they try and entice them to log into TeamViewer or something similar which means they then can gain remote access and control of the target computer.”

In addition, Horan stated: “They then have all the information on a computer or network and can infect the system, read e-mails, steal passwords or encrypt the stored data. They can basically do anything they want. Obviously, this can cause massive harm to a business and may well lead to data loss, the theft of funds and the stealing of intelligence as well as cause acute embarrassment.”

C3IA Solutions trains staff at businesses to be ‘cyber-savvy’ and always to hang up on calls like this. If staff are in doubt they should contact their IT support.

“Firms such as Microsoft don’t make calls like the one I took, but they seem authentic,” explained Horan. “Often, the scammers work in pairs so the initial caller can pass over the call to a ‘senior supervisor’, as they tried with me. This gives an added authenticity. Caution should be the watchword when taking calls like this one.”

*The video can be viewed on YouTube: https://youtu.be/ncIehp0fBT8

Based in Poole, Dorset, C3IA Solutions is one of fewer than 20 companies certified by the Government’s National Cyber Security Centre. In addition to its work with Government agencies including GCHQ, the company operates a commercial section that works with businesses, assisting them with their cyber security.

C3IA (a military term) Solutions was set up in 2006 by Horan and Keith Parsons. It has 84 personnel on contract of whom 33 are employees and 51 are associates. The business operates in the defence and security sectors serving both SMEs and multi-national firms.

C3IA is a leading provider of secure ICT, technical programme management and information security services and solutions.

The company takes its Corporate Social Responsibility seriously, supporting serving and past members of the Armed Services. Indeed, the business sponsors those engaged in personal and team development through arduous sporting and other challenges.

Leave a comment

Filed under Risk UK News, Uncategorized

Advent IM outlines detail for ‘Cyber for the C-Suite’ Breakfast Seminar

A breakfast seminar created exclusively for business leaders and senior Board members seeking guidance on the present cyber security threat is to be run by security consultancy Advent IM at the company’s Training Centre near the M5, Birmingham on 7 December.

With many years’ experience in senior level consulting, training and mentoring, the seminar will be delivered by Advent IM’s managing director Mike Gillespie, who’s also director of cyber strategy and research for The Security Institute. As a director, Gillespie understands the place of senior leadership in cyber resilience and risk management.

The seminar is designed to promote and enhance understanding of the organisational threats that Boardrooms need to factor into resilience strategies. Attendees will also have first access to places on the forthcoming training course, again exclusively for senior leaders and the C-Suite, which will start in March 2017.

cybersecuritychallengeuk

Gillespie informed Risk UK: “The cyber threat landscape is high on the agenda of all Boardrooms. Many businesses have felt the impact of cyber attack, either directly or through supply chain partners. No size of business is immune and no kind of service spared the attackers’ attentions, with even hospitals being struck by ransomware.”

He added: “Recent research suggests that 82% of businesses say security is a CEO or Board-level concern, with two-thirds suggesting that they’re increasing cyber security spend. The additional spend is great, but without leadership and solid strategy it may not achieve anything near its potential, and cyber risk may not be reduced. We absolutely have to make sure Boardrooms are well briefed and understand how to go about effective cyber risk management.”

*Details of the seminar and how to book can be found at: http://www.advent-im.co.uk/breakfast-seminar-7th-december-cyber-security-awareness-for-business-leaders/. Alternatively, telephone 0121 559 6699 or 0207 100 1124 or send an e-mail to: bestpractice@advent-im.co.uk

Leave a comment

Filed under Risk UK News, Uncategorized