Tag Archives: Facebook

Major life-threatening cyber attack on UK “in little doubt”

The National Cyber Security Centre (NCSC) has published its second Annual Review, in turn revealing that the organisation has prevented Britain from falling victim to nearly 1,200 attacks in the past two years. The NCSC has also warned of the likelihood of a major life-threatening cyber attack on the UK in the near future.

The NCSC states that the UK is hit by ten serious cyber attacks every week. 70% of these attacks are “undertaken by groups of computer hackers directed, sponsored or tolerated by the Governments of [hostile] countries”.

Commenting on these figures, Mishcon de Reya’s cyber security lead Joe Hancock informed Risk Xtra: “1200 attacks may seem like a large number, but the reality is that this is the tip of the iceberg. The majority of these attacks on business, Government and third sector organisations go unreported and often undetected. Behind these high profile attacks there are the millions of online crimes that affect individuals every day.”

NCSCLogoWeb

Focusing on that last point, Hancock continued: “We routinely deal with the often unreported issues. More needs to be done to back law enforcement in supporting both victims and responders to better detect and recover from cyber episodes. A focus on critical infrastructure is welcomed by everyone, but it doesn’t help the millions of victims of cyber fraud. The recent Facebook breach shows the potential downsides of large-scale data collection and reliance on single points, provided by social media to access a wide variety of services across the Internet which can act as a gateway for attackers to further data and services.”

Further, Hancock observed: “Cyber security practices are not consistent globally and an attack against a weaker link in the supply or data chain can have unanticipated consequences for companies and individuals. More is needed to help protect everyday victims of these crimes, and especially so in the international arena. It’s difficult to see how mass cyber crime can be tackled without an international consensus and consequences for nations that turn a blind eye.”

Also, Hancock outlined: “Many of the cyber incidents we deal with have a financial component, often involving the traditional banking system and not only cryptocurrencies such as Bitcoin. Driving cyber criminals out of the financial system will have an impact on cyber crime levels.”

Actions and behaviours

There are specific actions and behaviours that should be adopted now to aid readiness for inevitable cyber attacks. Steve Mulhearn, director of enhanced technologies for the UK and Ireland and DACH at Fortinet, has listed them as prevention, the harnessing of Artificial Intelligence (AI) and adaptive technology and better visibility across the network.

Prevention

Prevention is easier when all employees in the business, not just the IT Department, take responsibility for the security of the business. For example, breaches like the Bupa or Waymo hacks have raised the appreciation of the number of breaches that occur because employees are targeted. The Fortinet Global Enterprise Security Survey 2017 found that 67% of businesses say they’re planning IT security and awareness training for employees in 2018.

Harness AI and adaptive technology

Harnessing the power of AI to learn from breaches, as well analyse data and automate reactions to shut down breaches when they occur, are vital actions. Threats evolve and adapt over time as applications, technologies, configurations, controls and behaviours change, making security an arms race wherein a static solution simply will not do.

Better visibility across the network

A vital tool in this struggle is visibility. You cannot secure what you cannot see. This means control across the distributed network, including endpoints, the Internet of Things and the cloud. According to the Fortinet 2017 Survey, only a small cohort of respondents feel confident that they have full visibility and control of employee access.

*The National Cyber Security Centre’s Annual Review can be accessed online at https://www.ncsc.gov.uk/news/annual-review-2018

Leave a comment

Filed under Risk Xtra

RISCO Group introduces “pioneering” RISCO Stars Partners Programme

RISCO Group, the manufacturer of end-to-end solutions for the professional security market, has announced the launch of its RISCO Stars Partners Programme – described as a “pioneering rewards scheme” that’s designed to help the company’s loyal distribution and installation partners grow their businesses and enhance their marketing activities.

Participants simply collect ‘Stars’ through the purchase of eligible RISCO Group products and redeem them against a wide selection of activities that will help increase visibility and sales.

Being part of RISCO Stars couldn’t be easier. By downloading the free RISCO Group HandyApp from the Apple App Store or Google Play, individuals simply register their details and then, after every purchase, scan the QR code on the packaging. RISCO Stars are then added to their account, which can be reviewed online at any time. Not only that, but each product that’s scanned receives an automatic six-month warranty extension, with an additional 12 months for RISCO Stars members.

RiscoStars

Once sufficient RISCO Stars have been collected, they can then be redeemed for rewards. These rewards comprise a range of tried and tested marketing activities that are proven to increase business exposure and help reach potential customers.

The rewards have been carefully chosen and include the development of a business Facebook page, bespoke e-mail marketing templates, printed company literature, a third party website audit with an improvement strategy, branded videos, Google AdWords and branded workwear.

Commenting on the company’s latest initiative, Greg Smith (marketing manager for the UK and Ireland at RISCO Group) commented: “RISCO Stars is a totally new and unique rewards scheme that’s designed to offer our valued distribution and installation partners genuine ways in which to improve their levels of business activity. We’ve now made gaining access to first class specialist marketing support as easy as possible through the purchase of our innovative products and training, so that there’s always something for everyone to save for.”

Leave a comment

Filed under Risk UK News, Uncategorized

Criminals target UK’s youth as cases of identity fraud increase

Cifas, the UK’s leading fraud prevention service, has released new figures showing a 52% rise in young identity fraud victims in the UK. In 2015, just under 24,000 (23,959) people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and more than double the 11,000 victims in this age bracket in 2010.

The figures have been published on the same day as a new short film, entitled ‘Data to Go’, is launched online to raise awareness of this type of fraud. Shot in a London coffee shop in March this year, the film uses hidden cameras to capture baffled reactions from people caught in a stunt where their personal data, all found on public websites, is revealed to them live on a coffee cup.

Identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often, victims don’t even realise that they’ve been targeted until a bill arrives for something they didn’t buy or they experience problems with their credit rating.

IdentityTheftNew

To carry out this kind of fraud successfully, fraudsters usually have access to their victim’s personal information such as name, date of birth, address, their bank details and information on who they hold accounts with. Fraudsters gain such detail in a variety of ways, including through hacking and data loss, as well as using social media to put the pieces of someone’s identity together. 86% of all identity frauds in 2015 were perpetrated online.

People of all ages can be at risk of identity fraud, but with growing numbers of young people falling victim, Cifas is calling for better education around fraud and financial crime.

Fraudsters are opportunists

Simon Dukes, CEO of Cifas, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, so the fraudsters have instead focused on stealing and using genuine people’s details. Society, Government and industry all have a role to play in preventing fraud. However, our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need.”

Dukes continued: “The likes of Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they’re now a hunting ground for identity thieves. We’re urging people to check their privacy settings today and think twice about what information they share. Social media is fantastic, and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

IdentityTheftSign

Commander Chris Greany, the City of London Police’s national co-ordinator for economic crime, added: “We’ve known for some time that identity fraud has become the engine that drives much of today’s criminality, and so it’s vitally important that people keep their personal information safe and secure. In the fight against fraud, education is key and it’s great that Cifas and its members are taking identity fraud seriously and working together to raise awareness of how the issue is now increasingly affecting young people through the launch of this film.”

As part of the campaign, Cifas commissioned a survey with Britain Thinks to find out more about 18-24 year olds’ attitudes towards personal data and identity fraud. The survey found that young people are alarmingly unaware that they’re at risk:

  • Only 34% of 18-24 year olds say they learned about online security when they were at school
  • 50% of the 18-24 year olds surveyed believe they would never fall for an online scam (compared to the national average of 37%)
  • Only 57% of 18-24 year olds report thinking about how secure their personal details are online (compared to 73% for the population as a whole)

They’re also less likely to install anti-virus software on their mobile phone than the national average (27% compared to 37%).

Organisations such as the City of London Police, Action Fraud, Get Safe Online, Her Majesty’s Government’s Cyber Streetwise campaign, Financial Fraud Action UK and Cifas members including Coventry Building Society, BT and Secure Trust Bank are all supporting the campaign and sharing the new film across their social media networks.

Cifas is also appealing to youth organisations, schools and universities to share the film so it reaches as many young people as possible.

Leave a comment

Filed under Risk UK News, Uncategorized

Bloodstock’s heavy metal fans united and protected thanks to Showsec’s event management expertise

In many respects, Bloodstock Open Air is one big family reunion. The great success of this year’s event in the picturesque Derbyshire setting of Catton Park in Walton on Trent portrayed once again why the gathering continues to enhance its reputation for being the United Kingdom’s largest dedicated heavy metal festival.    

Founded and organised by the Gregory family, Bloodstock plays host to a ‘metal family’ of 15,000 fans in tandem with a Showsec family of staff who have become familiar faces at the festival due to their enjoyment of the working experience.

As well as the heavy metal band line-up – headlined this year by Within Temptation, Trivium and Rob Zombie – one of the other big attractions was an art exhibition featuring the work of the festival’s co-founder, Paul Raymond Gregory. This included Gregory’s work-in-progress dubbed ‘Mordor Festival’ which made another appearance in the RAM Gallery by the Main Stage, along with many other fantasy artwork pieces including a unique design of the festival’s popular logo.

The ‘Mordor Festival’ is inspired by Tolkien and has a unique frame, which now features the Showsec logo along with many other partners of Bloodstock Open Air.

“Our support of the art exhibition is a good example of how we’ve worked closely with the Gregory family to help develop the very unique and special festival community at Bloodstock Open Air,” explained Showsec’s operations executive Darren Evans, himself a heavy metal fan who used to attend the festival before he began working for the business.

“We have a great relationship with all who work at Bloodstock,” continued Evans. “Everyone knows everyone and this all adds to the success of the event. It’s like a big family gathering with a real sense of togetherness and community spirit which ensures the festival is enjoyed by all attendees. A large number of our staff really look forward to working at Bloodstock. So much so, in fact, that staff from as far afield as Wales are willing to travel to Catton Park to work there.”

Interaction with the fans

In praising the contribution of Showsec, Bloodstock director Adam Gregory cited an example of interaction with the fans which highlights the important role that’s played in creating such a good-natured and friendly atmosphere.

“Showsec provides a pivotal team to help with Bloodstock each year,” enthused Gregory. “The staff are friendly and welcoming to all while at the same time ensuring that the fans’ safety is their top priority throughout the festival. Bloodstock fans have embraced the Showsec team and consider them very much a part of the family.”

Gregory continued: “Walking through the crowds on the Saturday, I personally heard one of the fans asking a Showsec staff member for his name and he said: ‘Great to meet you’, which I thought was a really nice gesture. It goes to show exactly how the working relationship between Bloodstock and Showsec has grown. Showsec’s staff understand how to be in control without being aggressive in any way. We look forward to a continued partnership with the business.”

This was the 15th year that Bloodstock has been staged and, for the last six of those years, Showsec have been influential in developing the event’s special atmosphere.

Although some of the sights were pretty scary, including Predator, Zombies, Judge Dredd and a clown sporting a gas mask, you cannot fail to see that the environment is a huge metal family primarily there to ‘rock out’ and have fun.

Experienced team in the pit

One metal fan wrote on the festival’s Facebook page: “I love the Showsec personnel. They’re all really nice people, a lot of whom seemed to love the music as well. Maybe that’s why the same personnel seem to sign up for working at the event every year.”

While the good nature of its followers and the community spirit generate a special atmosphere, there’s nevertheless an important role for Showsec to fulfil in terms of ensuring Bloodstock is an enjoyable experience for all in attendance.

An important element of that operation is having an experienced pit team in place to manage the enthusiasm and sheer energy within the crowd.

For the fifth year in a row, Bloodstock partnered with the Teenage Cancer Trust. Since beginning that relationship in 2011, over £21,000 has been raised for the charity, with the money going to help the UK’s teenagers and young adults who have cancer.

Leave a comment

Filed under Risk UK News

Cheshire Fire and Rescue Service keeps public informed thanks to CrowdControlHQ’s social media platform

Cheshire Fire and Rescue Service is using a social media risk management and compliance platform from CrowdControlHQ to monitor and govern its corporate social media accounts including Twitter and Facebook. More than 30 users across the Cheshire Fire and Rescue Service access corporate social media accounts via the platform’s central dashboard.

There has been an increase in engagement witnessed across all accounts in the last two years which has seen the number of Twitter followers double to over 17,000.

Cheshire Fire and Rescue Service uses social media for two-way communication with residents and county stakeholders, including other Fire and Rescue Services and local Government officials businesses as well as schools in the area.

CrowdControlHQ was selected for the central management of the Fire and Rescue Service’s social media activity following research and a presentation from the company.

Caroline Jones, digital and media services manager at Cheshire Fire and Rescue, explained: “We chose CrowdControlHQ for the level of control and analytics that the company’s solution provides. We wanted a platform where we could allow multiple people to post to corporate accounts. CrowdControlHQ does that safely and securely and it gives a history of all activity, for example who has posted to what and where. Information like that is important for audit purposes.”

Management from a single point

Using CrowdControlHQ makes it possible to manage corporate social media accounts from a single point. Cheshire Fire and Rescue Service chose to have just one account for each social media channel rather than each fire station or areas of the service posting to individual accounts. This means it’s easier for the public and other stakeholders to receive updates by finding, following and commenting on corporate accounts rather than multiple social media accounts for different fire stations across the region.

Jones continued: “Social media is a great way to communicate with the public. Where there are incidents throughout the day it’s really easy, thanks to the central control in CrowdControlHQ, to publish a Tweet or post a message on Facebook and to then plan Tweets for the weekend. Recently, in just 28 days we had 437,000 impressions and posted 168 Tweets. The management team takes social media very seriously and fully supports it as a communications channel.”

Cheshire Fire and Rescue Service also promotes other Fire and Rescue Services’ campaigns and champions national safety initiatives such as the annual road safety campaign using Twitter and Facebook, with links to a web page. CrowdControlHQ is used to plan Tweets and posts in advance and then measure the success of campaigns using the analytics generated.

James Leavesley, CEO at CrowdControlHQ, commented: “We have seen a variety of social media strategies emerging across Emergency Services providers tasked to drive communications objectives. For some, the emphasis is on single channel or multi-responders while others may adopt a multi-channel or in some cases a partnership-style approach.  However, what consistently underpins all the strategies we see is the need for more brand representatives to become involved in delivering messages to the public, raising the reputation risks associated with delivering complex public engagement. Using a risk and compliance platform gives organisations the confidence that they can manage and respond to social media communications effectively, consistently and in a timely manner.”

About Cheshire Fire and Rescue Service

The Cheshire Fire and Rescue Service is led by the Chief Fire Officer and the Service Management Team.  It has 25 fire stations, four community safety centres, three community fire protection offices and a headquarters based in Winsford.

The Fire and Rescue Service responds to emergency incidents – known as Emergency Response (ER)  – across the four unitary council areas of Halton, Warrington, Cheshire East and Cheshire West and Chester.

*For more information visit: www.cheshirefire.gov.uk

About CrowdControlHQ

CrowdControlHQ is one of the UK’s leading social media risk management and compliance platforms built for enterprise. It’s web-based software used by public and commercial organisations to support employees wishing to optimise their social media engagement delivery.

CrowdControlHQ provides tiered access and specialist control features to help manage the reputation risk associated with the delivery of social media in complex, multi-user, multi-campaign and generally busy customer service environments.

It’s a venture capital-backed British business servicing over 125 clients with over 10,000 users. Clients include Experian, Serco, Welsh Water, the Greater Manchester Police and Arriva.

*Additional information is available at: www.crowdcontrolhq.com

Leave a comment

Filed under Risk UK News

Ninth consecutive year of ACS audit improvement recorded by Showsec

Event and venue security solutions specialist Showsec has achieved year-on-year improvement in the Security Industry Authority’s Approved Contractor Scheme ratings for the ninth time in succession. An extensive assessment of all aspects of the company’s operation resulted in the award of a hugely impressive audit score of 132.

Assessing body the National Security Inspectorate (NSI) commended Showsec for its performance across all elements of the business and singled out several examples of good practice. Significantly, the company was successful in undergoing assessment for CCTV and close protection in readiness for the introduction of business licensing in 2015.

Showsec aimed for Improvement Scope in the Approved Contractor Scheme (ACS) assessment process with the prime objective of gaining British Standard accreditation across all aspects of the company’s work.

“This excellent result highlights once again the progress made by the company year-on-year and places us in a strong position should business licensing be implemented,” enthused Showsec’s managing director Mark Harding. “One of the prime objectives of this proposed business regulation for the security industry is to ensure that everyone complies with the British Standards in whatever line of security work they undertake. We now have approval for both CCTV and close protection duties in addition to door supervision and security guarding.”

Harding continued: “The ACS provides a clear benchmark of the standards we achieve in the delivery of our product. We’re constantly striving to raise the bar even higher in terms of the services we offer to our clients and members of the public, and also in relation to being at the forefront of industry-wide progression. Everyone within the company can be extremely proud of this latest achievement. I know this result will provide further encouragement for our staff to work even harder in the pursuit of excellence and continued improvement.”

Showsec provided security management and stewarding solutions for the recent Kasabian gig at Victoria Park in Leicester

Showsec provided security management and stewarding solutions for the recent Kasabian gig at Victoria Park in Leicester

Event stewarding and crowd management

The NSI assessment was conducted by Joanne Fox who visited two venues – in Manchester and Leeds – at which Showsec operate before spending two days at Head Office in Leicester. In her report, Fox asserted: “I cannot believe the number of things the company has done in the last 12 months. It’s a great achievement.”

Among the five examples of good practice highlighted in the report are the introduction of a specific training module for SIA staff to ensure all supervisors have a clear understanding of the necessary requirements when supervising employees and casual workers, as well as the formation of Facebook accounts managed by members of the team at Head Office which enable employees and casual staff to communicate on specific events and activities.

On top of that, the NSI report also draws attention to the fact that Showsec has worked diligently alongside the UK Crowd Management Association to develop a specific qualification for event stewarding and crowd management.

Other examples of good practice include the company conducting a number of Human Resources Forums as a means towards even better communication and the identification of any pressing issues.

Showsec has also introduced e-Briefings for a number of events to provide employees and casual workers with detailed and specialist information ahead of them reporting for duty.

“These are just some of the ways in which we’ve endeavoured to improve our product over the past year,” concluded Harding, “but just as significant is the fact that there were no improvement needs identified in the report. That’s an extremely rare occurrence in this process and reflects the extent to which we’ve gone to make improvements across the board.”

Leave a comment

Filed under Risk UK News

CrowdControlHQ: “IT directors ignore social media risks at their peril”

Marc Harris (Chief Technical Officer at CrowdControlHQ) examines the issues facing IT directors from the use of social media.

Many IT directors operate their own personal Facebook and LinkedIn accounts. However, when it comes to corporate social media they pass responsibility for management of same to the Marketing Department. Are they doing so at their peril?

Let me start with the elephant in the room, namely the role of the IT director. After an extensive IT career in the media, telecommunication and technology sectors recent experience has led me to conclude that social media needs to be firmly at the top of the priority list of every IT director.

In my current role, I see at first hand the impact of reputational damage realised by both internal and external sources through the use of social media, and find it surprising how few IT directors are willing to discuss the issues or attend conferences on the subject. Perhaps they feel an unwelcome interference or ‘elbowed out’ by this new communication channel which has evolved extensively under the umbrella of marketing?

In future, the organisations succeeding in the social media space will have Marketing and IT Departments working seamlessly together to tackle the issues. The ‘DNA’ of IT makes it the most qualified department to deal with some of the risk issues that surround social media, so why isn’t it more involved?

Today, social media is being used in every aspect of business, from the Boardroom right through to the delivery of customer service. By its very nature, social media is a collective responsibility. Not surprisingly, its reliance on ‘collaboration’ has in some instances manifested itself as ‘sharing’ responsibility for posting of content… and even the sharing of passwords!

New rules now apply

I once overheard a social media officer quite gleefully boasting the fact that they had the Twitter login to hand for their company chairman. When challenged, the officer admitted that he was ‘The Chosen One’. If he was off sick that was it – no tweets or updates! Worse still, if he left the organisation he had the power to bring the place down tweet by tweet.

This is the stuff that would have kept me awake at night as an IT director, yet in a world powered by social engagement new rules seem to apply.

Marc Harris: CTO at CrowdControlHQ

Marc Harris: CTO at CrowdControlHQ

Recent research also reported that a scarily large number of employees still use the dreaded Post-It note to record their login usernames and passwords, stuck to walls, desks and even the computer screen. Apparently, we’re not coping well with the need to access everything online from social media to our weekly shop and fear our mobile devices could be pinched. We’re reverting to pen and paper, it seems.

This practice can only end in tears. There have now been too many examples of ‘rogue’ tweets, no audit trail of who posted them (or why) and organisations – who, frankly, should have known better – being left rosy cheeked, so why is this practice still so rife?

Why would an employee, with their job on the line, ‘fess up’ when they know that at least 15 other people had access to the account that day?

I also believe that few IT Departments have a handle on the number of users across their ‘official’ social media accounts, let alone a log of which password protocol they are using, how they are accessing the site or posting.

Need to look both ways

We cannot just blame the employees. Even organisations with the most robust and celebrated IT protocols let themselves down when it comes to simple issues such as data storage. I suspect very few IT directors are crystal clear about where their marketing communications teams are storing their social media campaigns, let alone harbour an understanding of the conversations from the past that they may need to reference in the future or where they keep their notes about their customers linked to these campaigns.

I would hazard a guess that many IT Departments are breaking their own compliance and governance issues when it comes to social media.

Today, there’s no need to share passwords. The social media ‘savvy’ have cottoned on to tiered password access, with both the IT and Marketing Departments having an ‘on/off’ switch to give them instant control in times of crisis. If IT is involved in the installation of a Social Media Management Solution (SMMS) they can see exactly who is plugged into the system, where accountability lies and who they need to train and develop to uphold the security protocols needed in order to keep an organisation’s reputation intact.

Within the scope of most IT budgets a SMMS will be a drop in the ocean but will address these major issues. Any smart IT director will already be looking at a SMMS if there isn’t already one in place. Such a system gives control back to the organisation. All passwords are held in one place such that accounts are not owned by individuals but by the company. The right system gives an organisation the ability to moderate content at a senior level. In turn, the risk of misuse or mistakes can be eradicated.

A SMMS also takes care of the practical management issues. I fear that some organisations are taking a step backwards in terms of their technological evolution, reverting to time-wasting, ineffective manual processing of social media (eg multiple logins to different social media platforms rather than using readily available tools for automation and effectiveness).

The message is clear. IT directors ignore social media at their peril. When it comes to corporate social engagement, it’s time for them to wake up, check and challenge.

Leave a comment

Filed under Risk UK News